ScreenShot
| Created | 2023.11.18 12:45 | Machine | s1_win7_x6403 |
| Filename | TrueCrypt_KlHkcF.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 20 detected (AIDetectMalware, Artemis, Vo8f, Attribute, HighConfidence, a variant of WinGo, Kryptik, ezdj, FileRepMalware, REDLINE, YXDKQZ, Sabsik, R621603, Chgt, MALICIOUS) | ||
| md5 | 03205a2fe1c1b6c9f6d38b9e12d7688f | ||
| sha256 | 8e84c3f1e414895725a5960853eb72990a02c488d76ab5c65ced8a539dce2ecd | ||
| ssdeep | 98304:Te9Lbf47rATGbs+EselMAPC/cLWMLy/JuSE+fAKwlHB3bLDk6k:TawgSbsP5gALI48GHtDk | ||
| imphash | b2e121c8fb86c781c89c83ffff7fe337 | ||
| impfuzzy | 48:qJrK1QxMCy9cmVKeFR+2F42xQHpdXiX1PJOmSplTJGfYJ861k1vcqTjz:qJeCxMCyamXRHF42xQHPXiX1Pgb7TJGh | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14108e464 AddAtomA
0x14108e46c AddVectoredExceptionHandler
0x14108e474 CloseHandle
0x14108e47c CreateEventA
0x14108e484 CreateFileA
0x14108e48c CreateIoCompletionPort
0x14108e494 CreateMutexA
0x14108e49c CreateSemaphoreA
0x14108e4a4 CreateThread
0x14108e4ac CreateWaitableTimerA
0x14108e4b4 CreateWaitableTimerExW
0x14108e4bc DeleteAtom
0x14108e4c4 DeleteCriticalSection
0x14108e4cc DuplicateHandle
0x14108e4d4 EnterCriticalSection
0x14108e4dc ExitProcess
0x14108e4e4 FindAtomA
0x14108e4ec FormatMessageA
0x14108e4f4 FreeEnvironmentStringsW
0x14108e4fc GetAtomNameA
0x14108e504 GetConsoleMode
0x14108e50c GetCurrentProcess
0x14108e514 GetCurrentProcessId
0x14108e51c GetCurrentThread
0x14108e524 GetCurrentThreadId
0x14108e52c GetEnvironmentStringsW
0x14108e534 GetHandleInformation
0x14108e53c GetLastError
0x14108e544 GetProcAddress
0x14108e54c GetProcessAffinityMask
0x14108e554 GetQueuedCompletionStatusEx
0x14108e55c GetStartupInfoA
0x14108e564 GetStdHandle
0x14108e56c GetSystemDirectoryA
0x14108e574 GetSystemInfo
0x14108e57c GetSystemTimeAsFileTime
0x14108e584 GetThreadContext
0x14108e58c GetThreadPriority
0x14108e594 GetTickCount
0x14108e59c InitializeCriticalSection
0x14108e5a4 IsDBCSLeadByteEx
0x14108e5ac IsDebuggerPresent
0x14108e5b4 LeaveCriticalSection
0x14108e5bc LoadLibraryA
0x14108e5c4 LoadLibraryW
0x14108e5cc LocalFree
0x14108e5d4 MultiByteToWideChar
0x14108e5dc OpenProcess
0x14108e5e4 OutputDebugStringA
0x14108e5ec PostQueuedCompletionStatus
0x14108e5f4 QueryPerformanceCounter
0x14108e5fc QueryPerformanceFrequency
0x14108e604 RaiseException
0x14108e60c ReleaseMutex
0x14108e614 ReleaseSemaphore
0x14108e61c RemoveVectoredExceptionHandler
0x14108e624 ResetEvent
0x14108e62c ResumeThread
0x14108e634 SetConsoleCtrlHandler
0x14108e63c SetErrorMode
0x14108e644 SetEvent
0x14108e64c SetLastError
0x14108e654 SetProcessAffinityMask
0x14108e65c SetProcessPriorityBoost
0x14108e664 SetThreadContext
0x14108e66c SetThreadPriority
0x14108e674 SetUnhandledExceptionFilter
0x14108e67c SetWaitableTimer
0x14108e684 Sleep
0x14108e68c SuspendThread
0x14108e694 SwitchToThread
0x14108e69c TlsAlloc
0x14108e6a4 TlsGetValue
0x14108e6ac TlsSetValue
0x14108e6b4 TryEnterCriticalSection
0x14108e6bc VirtualAlloc
0x14108e6c4 VirtualFree
0x14108e6cc VirtualProtect
0x14108e6d4 VirtualQuery
0x14108e6dc WaitForMultipleObjects
0x14108e6e4 WaitForSingleObject
0x14108e6ec WideCharToMultiByte
0x14108e6f4 WriteConsoleW
0x14108e6fc WriteFile
0x14108e704 __C_specific_handler
msvcrt.dll
0x14108e714 ___lc_codepage_func
0x14108e71c ___mb_cur_max_func
0x14108e724 __getmainargs
0x14108e72c __initenv
0x14108e734 __iob_func
0x14108e73c __lconv_init
0x14108e744 __set_app_type
0x14108e74c __setusermatherr
0x14108e754 _acmdln
0x14108e75c _amsg_exit
0x14108e764 _beginthread
0x14108e76c _beginthreadex
0x14108e774 _cexit
0x14108e77c _commode
0x14108e784 _endthreadex
0x14108e78c _errno
0x14108e794 _fmode
0x14108e79c _initterm
0x14108e7a4 _lock
0x14108e7ac _memccpy
0x14108e7b4 _onexit
0x14108e7bc _setjmp
0x14108e7c4 _strdup
0x14108e7cc _ultoa
0x14108e7d4 _unlock
0x14108e7dc abort
0x14108e7e4 calloc
0x14108e7ec exit
0x14108e7f4 fprintf
0x14108e7fc fputc
0x14108e804 free
0x14108e80c fwrite
0x14108e814 localeconv
0x14108e81c longjmp
0x14108e824 malloc
0x14108e82c memcpy
0x14108e834 memmove
0x14108e83c memset
0x14108e844 printf
0x14108e84c realloc
0x14108e854 signal
0x14108e85c strerror
0x14108e864 strlen
0x14108e86c strncmp
0x14108e874 vfprintf
0x14108e87c wcslen
EAT(Export Address Table) Library
0x14108b320 _cgo_dummy_export
KERNEL32.dll
0x14108e464 AddAtomA
0x14108e46c AddVectoredExceptionHandler
0x14108e474 CloseHandle
0x14108e47c CreateEventA
0x14108e484 CreateFileA
0x14108e48c CreateIoCompletionPort
0x14108e494 CreateMutexA
0x14108e49c CreateSemaphoreA
0x14108e4a4 CreateThread
0x14108e4ac CreateWaitableTimerA
0x14108e4b4 CreateWaitableTimerExW
0x14108e4bc DeleteAtom
0x14108e4c4 DeleteCriticalSection
0x14108e4cc DuplicateHandle
0x14108e4d4 EnterCriticalSection
0x14108e4dc ExitProcess
0x14108e4e4 FindAtomA
0x14108e4ec FormatMessageA
0x14108e4f4 FreeEnvironmentStringsW
0x14108e4fc GetAtomNameA
0x14108e504 GetConsoleMode
0x14108e50c GetCurrentProcess
0x14108e514 GetCurrentProcessId
0x14108e51c GetCurrentThread
0x14108e524 GetCurrentThreadId
0x14108e52c GetEnvironmentStringsW
0x14108e534 GetHandleInformation
0x14108e53c GetLastError
0x14108e544 GetProcAddress
0x14108e54c GetProcessAffinityMask
0x14108e554 GetQueuedCompletionStatusEx
0x14108e55c GetStartupInfoA
0x14108e564 GetStdHandle
0x14108e56c GetSystemDirectoryA
0x14108e574 GetSystemInfo
0x14108e57c GetSystemTimeAsFileTime
0x14108e584 GetThreadContext
0x14108e58c GetThreadPriority
0x14108e594 GetTickCount
0x14108e59c InitializeCriticalSection
0x14108e5a4 IsDBCSLeadByteEx
0x14108e5ac IsDebuggerPresent
0x14108e5b4 LeaveCriticalSection
0x14108e5bc LoadLibraryA
0x14108e5c4 LoadLibraryW
0x14108e5cc LocalFree
0x14108e5d4 MultiByteToWideChar
0x14108e5dc OpenProcess
0x14108e5e4 OutputDebugStringA
0x14108e5ec PostQueuedCompletionStatus
0x14108e5f4 QueryPerformanceCounter
0x14108e5fc QueryPerformanceFrequency
0x14108e604 RaiseException
0x14108e60c ReleaseMutex
0x14108e614 ReleaseSemaphore
0x14108e61c RemoveVectoredExceptionHandler
0x14108e624 ResetEvent
0x14108e62c ResumeThread
0x14108e634 SetConsoleCtrlHandler
0x14108e63c SetErrorMode
0x14108e644 SetEvent
0x14108e64c SetLastError
0x14108e654 SetProcessAffinityMask
0x14108e65c SetProcessPriorityBoost
0x14108e664 SetThreadContext
0x14108e66c SetThreadPriority
0x14108e674 SetUnhandledExceptionFilter
0x14108e67c SetWaitableTimer
0x14108e684 Sleep
0x14108e68c SuspendThread
0x14108e694 SwitchToThread
0x14108e69c TlsAlloc
0x14108e6a4 TlsGetValue
0x14108e6ac TlsSetValue
0x14108e6b4 TryEnterCriticalSection
0x14108e6bc VirtualAlloc
0x14108e6c4 VirtualFree
0x14108e6cc VirtualProtect
0x14108e6d4 VirtualQuery
0x14108e6dc WaitForMultipleObjects
0x14108e6e4 WaitForSingleObject
0x14108e6ec WideCharToMultiByte
0x14108e6f4 WriteConsoleW
0x14108e6fc WriteFile
0x14108e704 __C_specific_handler
msvcrt.dll
0x14108e714 ___lc_codepage_func
0x14108e71c ___mb_cur_max_func
0x14108e724 __getmainargs
0x14108e72c __initenv
0x14108e734 __iob_func
0x14108e73c __lconv_init
0x14108e744 __set_app_type
0x14108e74c __setusermatherr
0x14108e754 _acmdln
0x14108e75c _amsg_exit
0x14108e764 _beginthread
0x14108e76c _beginthreadex
0x14108e774 _cexit
0x14108e77c _commode
0x14108e784 _endthreadex
0x14108e78c _errno
0x14108e794 _fmode
0x14108e79c _initterm
0x14108e7a4 _lock
0x14108e7ac _memccpy
0x14108e7b4 _onexit
0x14108e7bc _setjmp
0x14108e7c4 _strdup
0x14108e7cc _ultoa
0x14108e7d4 _unlock
0x14108e7dc abort
0x14108e7e4 calloc
0x14108e7ec exit
0x14108e7f4 fprintf
0x14108e7fc fputc
0x14108e804 free
0x14108e80c fwrite
0x14108e814 localeconv
0x14108e81c longjmp
0x14108e824 malloc
0x14108e82c memcpy
0x14108e834 memmove
0x14108e83c memset
0x14108e844 printf
0x14108e84c realloc
0x14108e854 signal
0x14108e85c strerror
0x14108e864 strlen
0x14108e86c strncmp
0x14108e874 vfprintf
0x14108e87c wcslen
EAT(Export Address Table) Library
0x14108b320 _cgo_dummy_export