ScreenShot
| Created | 2023.11.20 09:47 | Machine | s1_win7_x6401 |
| Filename | TrueCrypt_vlBfql.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 35 detected (AIDetectMalware, tstV, malicious, moderate confidence, Artemis, Vrza, Attribute, HighConfidence, a variant of WinGo, Kryptik, ezcx, kdtnvk, Mjgl, hopmz, KillProc2, SMOKELOADER, YXDKQZ, Detected, ABRisk, ZTOJ, Redline, WKZN5H, score, R621603, unsafe, Chgt, PossibleThreat) | ||
| md5 | 9bbdc08c91d9231f3508b97d8775e923 | ||
| sha256 | 16c61a49974e3e90f1c0514b86cdb70e4464ef0aa1620ee18d30233985ebcbd9 | ||
| ssdeep | 98304:W6nN55/QsY3Jphmt6PaB2//cDo49DctkfFG/3s0OCwEz+ni2YJ5j91Uo:Ww7dfYC6741FGz+ry | ||
| imphash | b2e121c8fb86c781c89c83ffff7fe337 | ||
| impfuzzy | 48:qJrK1QxMCy9cmVKeFR+2F42xQHpdXiX1PJOmSplTJGfYJ861k1vcqTjz:qJeCxMCyamXRHF42xQHPXiX1Pgb7TJGh | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 35 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x141066464 AddAtomA
0x14106646c AddVectoredExceptionHandler
0x141066474 CloseHandle
0x14106647c CreateEventA
0x141066484 CreateFileA
0x14106648c CreateIoCompletionPort
0x141066494 CreateMutexA
0x14106649c CreateSemaphoreA
0x1410664a4 CreateThread
0x1410664ac CreateWaitableTimerA
0x1410664b4 CreateWaitableTimerExW
0x1410664bc DeleteAtom
0x1410664c4 DeleteCriticalSection
0x1410664cc DuplicateHandle
0x1410664d4 EnterCriticalSection
0x1410664dc ExitProcess
0x1410664e4 FindAtomA
0x1410664ec FormatMessageA
0x1410664f4 FreeEnvironmentStringsW
0x1410664fc GetAtomNameA
0x141066504 GetConsoleMode
0x14106650c GetCurrentProcess
0x141066514 GetCurrentProcessId
0x14106651c GetCurrentThread
0x141066524 GetCurrentThreadId
0x14106652c GetEnvironmentStringsW
0x141066534 GetHandleInformation
0x14106653c GetLastError
0x141066544 GetProcAddress
0x14106654c GetProcessAffinityMask
0x141066554 GetQueuedCompletionStatusEx
0x14106655c GetStartupInfoA
0x141066564 GetStdHandle
0x14106656c GetSystemDirectoryA
0x141066574 GetSystemInfo
0x14106657c GetSystemTimeAsFileTime
0x141066584 GetThreadContext
0x14106658c GetThreadPriority
0x141066594 GetTickCount
0x14106659c InitializeCriticalSection
0x1410665a4 IsDBCSLeadByteEx
0x1410665ac IsDebuggerPresent
0x1410665b4 LeaveCriticalSection
0x1410665bc LoadLibraryA
0x1410665c4 LoadLibraryW
0x1410665cc LocalFree
0x1410665d4 MultiByteToWideChar
0x1410665dc OpenProcess
0x1410665e4 OutputDebugStringA
0x1410665ec PostQueuedCompletionStatus
0x1410665f4 QueryPerformanceCounter
0x1410665fc QueryPerformanceFrequency
0x141066604 RaiseException
0x14106660c ReleaseMutex
0x141066614 ReleaseSemaphore
0x14106661c RemoveVectoredExceptionHandler
0x141066624 ResetEvent
0x14106662c ResumeThread
0x141066634 SetConsoleCtrlHandler
0x14106663c SetErrorMode
0x141066644 SetEvent
0x14106664c SetLastError
0x141066654 SetProcessAffinityMask
0x14106665c SetProcessPriorityBoost
0x141066664 SetThreadContext
0x14106666c SetThreadPriority
0x141066674 SetUnhandledExceptionFilter
0x14106667c SetWaitableTimer
0x141066684 Sleep
0x14106668c SuspendThread
0x141066694 SwitchToThread
0x14106669c TlsAlloc
0x1410666a4 TlsGetValue
0x1410666ac TlsSetValue
0x1410666b4 TryEnterCriticalSection
0x1410666bc VirtualAlloc
0x1410666c4 VirtualFree
0x1410666cc VirtualProtect
0x1410666d4 VirtualQuery
0x1410666dc WaitForMultipleObjects
0x1410666e4 WaitForSingleObject
0x1410666ec WideCharToMultiByte
0x1410666f4 WriteConsoleW
0x1410666fc WriteFile
0x141066704 __C_specific_handler
msvcrt.dll
0x141066714 ___lc_codepage_func
0x14106671c ___mb_cur_max_func
0x141066724 __getmainargs
0x14106672c __initenv
0x141066734 __iob_func
0x14106673c __lconv_init
0x141066744 __set_app_type
0x14106674c __setusermatherr
0x141066754 _acmdln
0x14106675c _amsg_exit
0x141066764 _beginthread
0x14106676c _beginthreadex
0x141066774 _cexit
0x14106677c _commode
0x141066784 _endthreadex
0x14106678c _errno
0x141066794 _fmode
0x14106679c _initterm
0x1410667a4 _lock
0x1410667ac _memccpy
0x1410667b4 _onexit
0x1410667bc _setjmp
0x1410667c4 _strdup
0x1410667cc _ultoa
0x1410667d4 _unlock
0x1410667dc abort
0x1410667e4 calloc
0x1410667ec exit
0x1410667f4 fprintf
0x1410667fc fputc
0x141066804 free
0x14106680c fwrite
0x141066814 localeconv
0x14106681c longjmp
0x141066824 malloc
0x14106682c memcpy
0x141066834 memmove
0x14106683c memset
0x141066844 printf
0x14106684c realloc
0x141066854 signal
0x14106685c strerror
0x141066864 strlen
0x14106686c strncmp
0x141066874 vfprintf
0x14106687c wcslen
EAT(Export Address Table) Library
0x141063260 _cgo_dummy_export
KERNEL32.dll
0x141066464 AddAtomA
0x14106646c AddVectoredExceptionHandler
0x141066474 CloseHandle
0x14106647c CreateEventA
0x141066484 CreateFileA
0x14106648c CreateIoCompletionPort
0x141066494 CreateMutexA
0x14106649c CreateSemaphoreA
0x1410664a4 CreateThread
0x1410664ac CreateWaitableTimerA
0x1410664b4 CreateWaitableTimerExW
0x1410664bc DeleteAtom
0x1410664c4 DeleteCriticalSection
0x1410664cc DuplicateHandle
0x1410664d4 EnterCriticalSection
0x1410664dc ExitProcess
0x1410664e4 FindAtomA
0x1410664ec FormatMessageA
0x1410664f4 FreeEnvironmentStringsW
0x1410664fc GetAtomNameA
0x141066504 GetConsoleMode
0x14106650c GetCurrentProcess
0x141066514 GetCurrentProcessId
0x14106651c GetCurrentThread
0x141066524 GetCurrentThreadId
0x14106652c GetEnvironmentStringsW
0x141066534 GetHandleInformation
0x14106653c GetLastError
0x141066544 GetProcAddress
0x14106654c GetProcessAffinityMask
0x141066554 GetQueuedCompletionStatusEx
0x14106655c GetStartupInfoA
0x141066564 GetStdHandle
0x14106656c GetSystemDirectoryA
0x141066574 GetSystemInfo
0x14106657c GetSystemTimeAsFileTime
0x141066584 GetThreadContext
0x14106658c GetThreadPriority
0x141066594 GetTickCount
0x14106659c InitializeCriticalSection
0x1410665a4 IsDBCSLeadByteEx
0x1410665ac IsDebuggerPresent
0x1410665b4 LeaveCriticalSection
0x1410665bc LoadLibraryA
0x1410665c4 LoadLibraryW
0x1410665cc LocalFree
0x1410665d4 MultiByteToWideChar
0x1410665dc OpenProcess
0x1410665e4 OutputDebugStringA
0x1410665ec PostQueuedCompletionStatus
0x1410665f4 QueryPerformanceCounter
0x1410665fc QueryPerformanceFrequency
0x141066604 RaiseException
0x14106660c ReleaseMutex
0x141066614 ReleaseSemaphore
0x14106661c RemoveVectoredExceptionHandler
0x141066624 ResetEvent
0x14106662c ResumeThread
0x141066634 SetConsoleCtrlHandler
0x14106663c SetErrorMode
0x141066644 SetEvent
0x14106664c SetLastError
0x141066654 SetProcessAffinityMask
0x14106665c SetProcessPriorityBoost
0x141066664 SetThreadContext
0x14106666c SetThreadPriority
0x141066674 SetUnhandledExceptionFilter
0x14106667c SetWaitableTimer
0x141066684 Sleep
0x14106668c SuspendThread
0x141066694 SwitchToThread
0x14106669c TlsAlloc
0x1410666a4 TlsGetValue
0x1410666ac TlsSetValue
0x1410666b4 TryEnterCriticalSection
0x1410666bc VirtualAlloc
0x1410666c4 VirtualFree
0x1410666cc VirtualProtect
0x1410666d4 VirtualQuery
0x1410666dc WaitForMultipleObjects
0x1410666e4 WaitForSingleObject
0x1410666ec WideCharToMultiByte
0x1410666f4 WriteConsoleW
0x1410666fc WriteFile
0x141066704 __C_specific_handler
msvcrt.dll
0x141066714 ___lc_codepage_func
0x14106671c ___mb_cur_max_func
0x141066724 __getmainargs
0x14106672c __initenv
0x141066734 __iob_func
0x14106673c __lconv_init
0x141066744 __set_app_type
0x14106674c __setusermatherr
0x141066754 _acmdln
0x14106675c _amsg_exit
0x141066764 _beginthread
0x14106676c _beginthreadex
0x141066774 _cexit
0x14106677c _commode
0x141066784 _endthreadex
0x14106678c _errno
0x141066794 _fmode
0x14106679c _initterm
0x1410667a4 _lock
0x1410667ac _memccpy
0x1410667b4 _onexit
0x1410667bc _setjmp
0x1410667c4 _strdup
0x1410667cc _ultoa
0x1410667d4 _unlock
0x1410667dc abort
0x1410667e4 calloc
0x1410667ec exit
0x1410667f4 fprintf
0x1410667fc fputc
0x141066804 free
0x14106680c fwrite
0x141066814 localeconv
0x14106681c longjmp
0x141066824 malloc
0x14106682c memcpy
0x141066834 memmove
0x14106683c memset
0x141066844 printf
0x14106684c realloc
0x141066854 signal
0x14106685c strerror
0x141066864 strlen
0x14106686c strncmp
0x141066874 vfprintf
0x14106687c wcslen
EAT(Export Address Table) Library
0x141063260 _cgo_dummy_export