ScreenShot
| Created | 2023.11.20 09:45 | Machine | s1_win7_x6401 |
| Filename | TrueCrypt_ypAWBs.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 36 detected (AIDetectMalware, Stealerc, Artemis, Kryptik, Vrqh, TrojanPSW, Attribute, HighConfidence, a variant of WinGo, Malicious, score, kdvgdm, QQPass, QQRob, Ckjl, Redcap, dennw, DownLoader46, LUMMASTEALER, YXDKQZ, PSWTroj, Sabsik, ASU0D3, Detected, R621603, unsafe, Chgt) | ||
| md5 | 234f10adf43fc8b9c00f39224b652a99 | ||
| sha256 | 9238c171562445544ce308adc17671989161094ce95d984bda7c3a7d8b92136b | ||
| ssdeep | 98304:FvG9rmVeIAfg1In0yy8iSmXPQinpYyIvAAtLBJe1uqEerMZaqAmTWpYzXJcgOQN1:FXJqny8iWAsLBJeserMKA5xNoQ | ||
| imphash | b2e121c8fb86c781c89c83ffff7fe337 | ||
| impfuzzy | 48:qJrK1QxMCy9cmVKeFR+2F42xQHpdXiX1PJOmSplTJGfYJ861k1vcqTjz:qJeCxMCyamXRHF42xQHPXiX1Pgb7TJGh | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1410dd464 AddAtomA
0x1410dd46c AddVectoredExceptionHandler
0x1410dd474 CloseHandle
0x1410dd47c CreateEventA
0x1410dd484 CreateFileA
0x1410dd48c CreateIoCompletionPort
0x1410dd494 CreateMutexA
0x1410dd49c CreateSemaphoreA
0x1410dd4a4 CreateThread
0x1410dd4ac CreateWaitableTimerA
0x1410dd4b4 CreateWaitableTimerExW
0x1410dd4bc DeleteAtom
0x1410dd4c4 DeleteCriticalSection
0x1410dd4cc DuplicateHandle
0x1410dd4d4 EnterCriticalSection
0x1410dd4dc ExitProcess
0x1410dd4e4 FindAtomA
0x1410dd4ec FormatMessageA
0x1410dd4f4 FreeEnvironmentStringsW
0x1410dd4fc GetAtomNameA
0x1410dd504 GetConsoleMode
0x1410dd50c GetCurrentProcess
0x1410dd514 GetCurrentProcessId
0x1410dd51c GetCurrentThread
0x1410dd524 GetCurrentThreadId
0x1410dd52c GetEnvironmentStringsW
0x1410dd534 GetHandleInformation
0x1410dd53c GetLastError
0x1410dd544 GetProcAddress
0x1410dd54c GetProcessAffinityMask
0x1410dd554 GetQueuedCompletionStatusEx
0x1410dd55c GetStartupInfoA
0x1410dd564 GetStdHandle
0x1410dd56c GetSystemDirectoryA
0x1410dd574 GetSystemInfo
0x1410dd57c GetSystemTimeAsFileTime
0x1410dd584 GetThreadContext
0x1410dd58c GetThreadPriority
0x1410dd594 GetTickCount
0x1410dd59c InitializeCriticalSection
0x1410dd5a4 IsDBCSLeadByteEx
0x1410dd5ac IsDebuggerPresent
0x1410dd5b4 LeaveCriticalSection
0x1410dd5bc LoadLibraryA
0x1410dd5c4 LoadLibraryW
0x1410dd5cc LocalFree
0x1410dd5d4 MultiByteToWideChar
0x1410dd5dc OpenProcess
0x1410dd5e4 OutputDebugStringA
0x1410dd5ec PostQueuedCompletionStatus
0x1410dd5f4 QueryPerformanceCounter
0x1410dd5fc QueryPerformanceFrequency
0x1410dd604 RaiseException
0x1410dd60c ReleaseMutex
0x1410dd614 ReleaseSemaphore
0x1410dd61c RemoveVectoredExceptionHandler
0x1410dd624 ResetEvent
0x1410dd62c ResumeThread
0x1410dd634 SetConsoleCtrlHandler
0x1410dd63c SetErrorMode
0x1410dd644 SetEvent
0x1410dd64c SetLastError
0x1410dd654 SetProcessAffinityMask
0x1410dd65c SetProcessPriorityBoost
0x1410dd664 SetThreadContext
0x1410dd66c SetThreadPriority
0x1410dd674 SetUnhandledExceptionFilter
0x1410dd67c SetWaitableTimer
0x1410dd684 Sleep
0x1410dd68c SuspendThread
0x1410dd694 SwitchToThread
0x1410dd69c TlsAlloc
0x1410dd6a4 TlsGetValue
0x1410dd6ac TlsSetValue
0x1410dd6b4 TryEnterCriticalSection
0x1410dd6bc VirtualAlloc
0x1410dd6c4 VirtualFree
0x1410dd6cc VirtualProtect
0x1410dd6d4 VirtualQuery
0x1410dd6dc WaitForMultipleObjects
0x1410dd6e4 WaitForSingleObject
0x1410dd6ec WideCharToMultiByte
0x1410dd6f4 WriteConsoleW
0x1410dd6fc WriteFile
0x1410dd704 __C_specific_handler
msvcrt.dll
0x1410dd714 ___lc_codepage_func
0x1410dd71c ___mb_cur_max_func
0x1410dd724 __getmainargs
0x1410dd72c __initenv
0x1410dd734 __iob_func
0x1410dd73c __lconv_init
0x1410dd744 __set_app_type
0x1410dd74c __setusermatherr
0x1410dd754 _acmdln
0x1410dd75c _amsg_exit
0x1410dd764 _beginthread
0x1410dd76c _beginthreadex
0x1410dd774 _cexit
0x1410dd77c _commode
0x1410dd784 _endthreadex
0x1410dd78c _errno
0x1410dd794 _fmode
0x1410dd79c _initterm
0x1410dd7a4 _lock
0x1410dd7ac _memccpy
0x1410dd7b4 _onexit
0x1410dd7bc _setjmp
0x1410dd7c4 _strdup
0x1410dd7cc _ultoa
0x1410dd7d4 _unlock
0x1410dd7dc abort
0x1410dd7e4 calloc
0x1410dd7ec exit
0x1410dd7f4 fprintf
0x1410dd7fc fputc
0x1410dd804 free
0x1410dd80c fwrite
0x1410dd814 localeconv
0x1410dd81c longjmp
0x1410dd824 malloc
0x1410dd82c memcpy
0x1410dd834 memmove
0x1410dd83c memset
0x1410dd844 printf
0x1410dd84c realloc
0x1410dd854 signal
0x1410dd85c strerror
0x1410dd864 strlen
0x1410dd86c strncmp
0x1410dd874 vfprintf
0x1410dd87c wcslen
EAT(Export Address Table) Library
0x1410da320 _cgo_dummy_export
KERNEL32.dll
0x1410dd464 AddAtomA
0x1410dd46c AddVectoredExceptionHandler
0x1410dd474 CloseHandle
0x1410dd47c CreateEventA
0x1410dd484 CreateFileA
0x1410dd48c CreateIoCompletionPort
0x1410dd494 CreateMutexA
0x1410dd49c CreateSemaphoreA
0x1410dd4a4 CreateThread
0x1410dd4ac CreateWaitableTimerA
0x1410dd4b4 CreateWaitableTimerExW
0x1410dd4bc DeleteAtom
0x1410dd4c4 DeleteCriticalSection
0x1410dd4cc DuplicateHandle
0x1410dd4d4 EnterCriticalSection
0x1410dd4dc ExitProcess
0x1410dd4e4 FindAtomA
0x1410dd4ec FormatMessageA
0x1410dd4f4 FreeEnvironmentStringsW
0x1410dd4fc GetAtomNameA
0x1410dd504 GetConsoleMode
0x1410dd50c GetCurrentProcess
0x1410dd514 GetCurrentProcessId
0x1410dd51c GetCurrentThread
0x1410dd524 GetCurrentThreadId
0x1410dd52c GetEnvironmentStringsW
0x1410dd534 GetHandleInformation
0x1410dd53c GetLastError
0x1410dd544 GetProcAddress
0x1410dd54c GetProcessAffinityMask
0x1410dd554 GetQueuedCompletionStatusEx
0x1410dd55c GetStartupInfoA
0x1410dd564 GetStdHandle
0x1410dd56c GetSystemDirectoryA
0x1410dd574 GetSystemInfo
0x1410dd57c GetSystemTimeAsFileTime
0x1410dd584 GetThreadContext
0x1410dd58c GetThreadPriority
0x1410dd594 GetTickCount
0x1410dd59c InitializeCriticalSection
0x1410dd5a4 IsDBCSLeadByteEx
0x1410dd5ac IsDebuggerPresent
0x1410dd5b4 LeaveCriticalSection
0x1410dd5bc LoadLibraryA
0x1410dd5c4 LoadLibraryW
0x1410dd5cc LocalFree
0x1410dd5d4 MultiByteToWideChar
0x1410dd5dc OpenProcess
0x1410dd5e4 OutputDebugStringA
0x1410dd5ec PostQueuedCompletionStatus
0x1410dd5f4 QueryPerformanceCounter
0x1410dd5fc QueryPerformanceFrequency
0x1410dd604 RaiseException
0x1410dd60c ReleaseMutex
0x1410dd614 ReleaseSemaphore
0x1410dd61c RemoveVectoredExceptionHandler
0x1410dd624 ResetEvent
0x1410dd62c ResumeThread
0x1410dd634 SetConsoleCtrlHandler
0x1410dd63c SetErrorMode
0x1410dd644 SetEvent
0x1410dd64c SetLastError
0x1410dd654 SetProcessAffinityMask
0x1410dd65c SetProcessPriorityBoost
0x1410dd664 SetThreadContext
0x1410dd66c SetThreadPriority
0x1410dd674 SetUnhandledExceptionFilter
0x1410dd67c SetWaitableTimer
0x1410dd684 Sleep
0x1410dd68c SuspendThread
0x1410dd694 SwitchToThread
0x1410dd69c TlsAlloc
0x1410dd6a4 TlsGetValue
0x1410dd6ac TlsSetValue
0x1410dd6b4 TryEnterCriticalSection
0x1410dd6bc VirtualAlloc
0x1410dd6c4 VirtualFree
0x1410dd6cc VirtualProtect
0x1410dd6d4 VirtualQuery
0x1410dd6dc WaitForMultipleObjects
0x1410dd6e4 WaitForSingleObject
0x1410dd6ec WideCharToMultiByte
0x1410dd6f4 WriteConsoleW
0x1410dd6fc WriteFile
0x1410dd704 __C_specific_handler
msvcrt.dll
0x1410dd714 ___lc_codepage_func
0x1410dd71c ___mb_cur_max_func
0x1410dd724 __getmainargs
0x1410dd72c __initenv
0x1410dd734 __iob_func
0x1410dd73c __lconv_init
0x1410dd744 __set_app_type
0x1410dd74c __setusermatherr
0x1410dd754 _acmdln
0x1410dd75c _amsg_exit
0x1410dd764 _beginthread
0x1410dd76c _beginthreadex
0x1410dd774 _cexit
0x1410dd77c _commode
0x1410dd784 _endthreadex
0x1410dd78c _errno
0x1410dd794 _fmode
0x1410dd79c _initterm
0x1410dd7a4 _lock
0x1410dd7ac _memccpy
0x1410dd7b4 _onexit
0x1410dd7bc _setjmp
0x1410dd7c4 _strdup
0x1410dd7cc _ultoa
0x1410dd7d4 _unlock
0x1410dd7dc abort
0x1410dd7e4 calloc
0x1410dd7ec exit
0x1410dd7f4 fprintf
0x1410dd7fc fputc
0x1410dd804 free
0x1410dd80c fwrite
0x1410dd814 localeconv
0x1410dd81c longjmp
0x1410dd824 malloc
0x1410dd82c memcpy
0x1410dd834 memmove
0x1410dd83c memset
0x1410dd844 printf
0x1410dd84c realloc
0x1410dd854 signal
0x1410dd85c strerror
0x1410dd864 strlen
0x1410dd86c strncmp
0x1410dd874 vfprintf
0x1410dd87c wcslen
EAT(Export Address Table) Library
0x1410da320 _cgo_dummy_export