TrueCrypt_RRzIAf.exe

First submission 2024-02-09 16:24:02

File details

File type: PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Mime type: application/x-dosexec
File size: 3656.0 KB (3743744 bytes)
Compile time: 1970-01-01 01:00:00
MD5: 9f6c76c41673975e5a7ca8cfa4adc060
SHA1: da59eb3da2c75466a593668fb333626e68c1ade0
SHA256: 723e02077f56cfc3175c32101f7330e8556a86bcc9f0cc163e4d70ca14a74c43
Import Hash : 5929190c8765f5bc37b052ab5c6c53e7
Sections 12 .text .data .rdata .pdata .xdata .bss .edata .idata .CRT .tls .rsrc .reloc
Directories 5 import export resource tls relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://transfer.sh/get/wgoKJnDoPF/TrueCrypt_RRzIAf.exe VirusTotal Report transfer.sh VirusTotal Report 2024-02-09 16:24:02

PE Sections 3 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1028f0 1059328 e9e3588c80d4db2f538d98e0a960224ae350311e b5fdd340703b9cd2cd5c8004340ac798
.data 0x104000 0x18390 99328 e74ce111e76ea2e37d5c01590e4b695594fb57a3 8727aca42fe975901970dc5aeddea605
.rdata 0x11d000 0x268490 2524672 93746bf39dbbf4fbc9364f26bc1d4b334591ada5 3ad7445727b128edc5ac70aaaf018589
.pdata 0x386000 0x6570 26112 0fbac497d966e7b8e9d1e0d26546fd303f11a128 7909d691c9b76977ab7adf2eaf42b1bc
.xdata 0x38d000 0xc38 3584 0bc96d0f292537d2bb2adb76e47b599fb21475f9 60994130af7a8db2e7925c37ee253229
.bss 0x38e000 0x58540 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.edata 0x3e7000 0x4e 512 1a5b87b02f2a2e7aa61dd7754de220caa706fe42 325f50be10c2ee71835ef686e100337a
.idata 0x3e8000 0x13d0 5120 a217dce98f8e5a1a89f486f81f798d5e78d80025 45ac72c7de8a6332e558ae9a41daa123
.CRT 0x3ea000 0x70 512 c12a71223e3d8f6225b89bbc8e3d614e153d402d ce1c6be4862ef665e290b9ea49e45f32
.tls 0x3eb000 0x10 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0x3ec000 0x11c9 4608 2aac1b80d7c94dceb3e88098ac27ab018edf5dda 1140c58883501fdec680d0abd88ac4a1
.reloc 0x3ee000 0x473c 18432 6d797ef6c12ae0e1b093dfacddb1a800860e32c3 594ab817ee6bce2bce45dd541fd695eb

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x3ec13c 2195
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x3ec9d0 20
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x3ec9e4 888
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x3ecd5c 1133

Meta infos 13

LegalCopyright:
InternalName:
FileVersion: 21.15.20.0
FileDescription: for Windows
SpecialBuild:
CompanyName: The Development Community
LegalTrademarks:
Comments: This was built with Inno Setup.
ProductName: 2.55.0.windows.2
ProductVersion: 52.45.0.windows.2
PrivateBuild:
Translation: 0x0409 0x04b0
OriginalFilename:

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 4

GetLastError
IsDebuggerPresent
OutputDebugStringA
RaiseException

Strings analysis - File found

Library
WINMM.dll
ntdll.dll
WS2_32.dll
bcryptprimitives.dll
Powrprof.dll
KERNEL32.dll
MSVCRT.dll

Strings analysis - Possible URLs found 2

http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://schemas.microsoft.com/SMI/2016/WindowsSettings

Import functions

PE Exports 1 suspicious

Function Address
_cgo_dummy_export 0x1403e5770
Name Latest seen MD5
BEST-13-12-2023v1.exe 2023-12-13 18:13:04 4bc1bd277770c8da36c5d31968a0e977
test2.exe 2024-01-08 06:23:02 037949445f001bdf36221ac7706d6c08
322321.exe 2024-01-22 14:51:02 b1087aa5a1a538d7ee3bd9c3b774bb38
TrueCrypt_JfDCWj.exe 2024-01-10 05:52:02 8f655252551741b4cf59d00b32b43839
Setup.exe 2024-01-10 06:32:02 76d605139bbe5e8f135c8b5949758145
125.exe 2024-01-11 03:26:03 6e6daa196cfdcfd8f2481d230b0e8abe
photo.jpg 2024-01-11 04:52:02 360bab4dd905795e1f6d8e6dff02444b
image2.jpg 2024-01-14 12:13:03 33d080070ac3e6eb0957d2bd5a96725f
logo4.jpg 2024-01-16 22:11:02 5a56ed15402941ec11c3fd3b278d23bd
cryppp.exe 2024-01-17 20:52:02 a95b7d1ef3c4f8932fa97c287dd54c70
Machinegggg.exe 2024-01-28 05:03:02 8b8c6376bb40d5bd505d1ae0deee9d2c
TrueCrypt_NKwtUN.exe 2024-01-24 16:43:05 39f80737377063d3707ee4cca86f1178
TrueCrypt_NyNIUi.exe 2024-01-25 14:05:03 103b8f2dfacb5d9fac830f710c031f22
o3.exe 2024-01-30 12:22:05 a0ad541b6b14f43ba14405684a97f3a8
o3tech.exe 2024-02-02 01:29:03 ce588fbb745992adf637104433d1143c
d.exe 2024-02-03 06:01:04 1d5694669b0c9b54fff8ae7e8cbef468
Itkool-Setup.exe 2024-02-04 15:21:05 c47e12a1fec39e4f1a120a13e5c35c30