× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1991a2020364da91c9ae3240909db7b1422efd43d1391eec1fa8774926f28b31
File name: 10340a377.exe
Detection ratio: 42 / 56
Analysis date: 2015-07-23 21:16:54 UTC ( 3 years, 7 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2457215 20150723
Yandex Backdoor.Mokes! 20150723
AhnLab-V3 Trojan/Win32.MDA 20150723
ALYac Trojan.GenericKD.2457215 20150723
Arcabit Trojan.Generic.D257E7F 20150723
Avast Win32:Sharik-H [Trj] 20150723
AVG Crypt4.ANQI 20150723
Avira (no cloud) TR/Dropper.A.39939 20150723
AVware Trojan.Win32.Generic!BT 20150723
Baidu-International Backdoor.Win32.Mokes.vlg 20150723
BitDefender Trojan.GenericKD.2457215 20150723
Bkav W32.BackdoorMokes.Trojan 20150723
CAT-QuickHeal Trojan.Dynamer.A4 20150722
Cyren W32/Trojan.CLDB-1062 20150723
Emsisoft Trojan.GenericKD.2457215 (B) 20150723
ESET-NOD32 a variant of Win32/Kryptik.DKGO 20150723
F-Prot W32/Agent.XL.gen!Eldorado 20150723
F-Secure Trojan.GenericKD.2457215 20150723
Fortinet W32/Kryptik.DNJA!tr 20150723
GData Trojan.GenericKD.2457215 20150723
Ikarus Trojan.Win32.Crypt 20150723
Jiangmin Trojan/Generic.byiih 20150723
K7AntiVirus Trojan ( 004c428e1 ) 20150723
K7GW Trojan ( 004c428e1 ) 20150723
Kaspersky HEUR:Trojan.Win32.Generic 20150723
Malwarebytes Backdoor.Bot 20150723
McAfee Trojan-FGPA!C2706D8B8306 20150723
McAfee-GW-Edition BehavesLike.Win32.Dropper.dh 20150723
Microsoft Trojan:Win32/Lethic.B 20150723
eScan Trojan.GenericKD.2457215 20150723
NANO-Antivirus Trojan.Win32.Mokes.dsnhrd 20150723
nProtect Trojan.GenericKD.2457215 20150723
Panda Trj/Genetic.gen 20150723
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20150723
Rising PE:Trojan.Win32.Generic.18DA05AC!416941484 20150722
Sophos AV Mal/Wonton-BB 20150723
SUPERAntiSpyware Trojan.Agent/Gen-Crypt 20150723
Symantec Backdoor.Trojan 20150723
Tencent Win32.Backdoor.Mokes.Swua 20150723
TrendMicro TROJ_GEN.R021C0DF815 20150723
VIPRE Trojan.Win32.Generic!BT 20150723
Zillya Trojan.Kryptik.Win32.756025 20150723
AegisLab 20150723
Alibaba 20150723
Antiy-AVL 20150723
ByteHero 20150723
ClamAV 20150723
Comodo 20150723
DrWeb 20150723
Kingsoft 20150723
TheHacker 20150723
TotalDefense 20150723
TrendMicro-HouseCall 20150723
VBA32 20150723
ViRobot 20150723
Zoner 20150723
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher TrueCrypt Foundation
Product TrueCrypt
Original name TrueCrypt.exe
File version 7.1a
Description TrueCrypt
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-01 19:39:18
Entry Point 0x0001973F
Number of sections 3
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
LookupAccountSidW
RegCreateKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RegDeleteKeyW
RegSetValueW
RegCreateKeyA
OpenBackupEventLogA
RegQueryValueExW
GetFileSecurityW
AddAuditAccessObjectAce
OpenProcessToken
DeregisterEventSource
GetKernelObjectSecurity
DuplicateToken
RegEnumKeyW
SetFileSecurityW
RegisterEventSourceA
SetTokenInformation
RegOpenKeyW
LookupAccountNameW
RegOpenKeyExA
RegQueryValueW
GetTokenInformation
DuplicateTokenEx
GetUserNameW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
OpenThreadToken
GetUserNameA
GetLengthSid
CreateProcessAsUserW
RegEnumValueW
RegSetValueExW
EqualSid
AllocateLocallyUniqueId
ReportEventA
SetDIBits
GetTextMetricsW
SetMapMode
GetWindowOrgEx
GetNearestColor
GetPaletteEntries
CombineRgn
PlayMetaFile
GetROP2
GetViewportOrgEx
GetObjectType
CreateMetaFileW
SetColorAdjustment
GetBoundsRect
SetLayout
SetPixel
SetWorldTransform
SetPixelV
DeleteObject
IntersectClipRect
CloseMetaFile
CopyEnhMetaFileA
OffsetWindowOrgEx
CreateEllipticRgn
GetColorSpace
GetTextFaceW
CreatePalette
CreateDIBitmap
GetPolyFillMode
GetDIBits
SetTextAlign
StretchBlt
StretchDIBits
ScaleViewportExtEx
ArcTo
SetICMMode
SetWindowExtEx
ExtCreatePen
SetBkColor
GetBkColor
SetRectRgn
GetTextCharsetInfo
TextOutW
CreateFontIndirectW
GetClipBox
GetCurrentPositionEx
CreateRectRgnIndirect
LPtoDP
ColorMatchToTarget
GetPixel
GetLayout
PolyDraw
ExcludeClipRect
OffsetViewportOrgEx
SetBkMode
EnumFontFamiliesW
PtInRegion
OffsetClipRgn
BitBlt
GetObjectA
FillRgn
SetAbortProc
FrameRgn
CreateBrushIndirect
ScaleWindowExtEx
PtVisible
GetLogColorSpaceW
ExtSelectClipRgn
SetViewportOrgEx
SelectPalette
SetROP2
EndPage
AbortDoc
GetNearestPaletteIndex
SetDIBColorTable
CancelDC
GetTextColor
Escape
BeginPath
SetViewportExtEx
SelectClipPath
SetGraphicsMode
PlayMetaFileRecord
GetWindowExtEx
PatBlt
CreatePen
AddFontResourceW
SetStretchBltMode
Rectangle
PolylineTo
GetDeviceCaps
CreateDCA
LineTo
DeleteDC
EndDoc
GetMapMode
GetSystemPaletteEntries
EnumMetaFile
StartPage
GetObjectW
CreateDCW
RealizePalette
CreateHatchBrush
CreatePatternBrush
OffsetRgn
ExtTextOutW
SetPaletteEntries
CreateBitmap
RectVisible
GetStockObject
GetBkMode
GdiFlush
SelectClipRgn
RoundRect
GetTextAlign
SetWindowOrgEx
SelectObject
GetViewportExtEx
SetTextCharacterExtra
GetTextExtentPoint32W
CreateDIBPatternBrushPt
CreatePolygonRgn
Polygon
GetRgnBox
SaveDC
ModifyWorldTransform
RestoreDC
GetBitmapBits
SetMapperFlags
GetStretchBltMode
SetDIBitsToDevice
GdiAlphaBlend
SetTextColor
ExtFloodFill
GetCurrentObject
MoveToEx
EnumFontFamiliesExW
CreateDIBSection
GetCharWidthW
SetArcDirection
CreateRoundRectRgn
CreateCompatibleDC
PolyBezierTo
CreateFontW
Chord
SetBrushOrgEx
CreateRectRgn
GetClipRgn
SetPolyFillMode
CopyMetaFileW
Ellipse
SetTextJustification
AddFontResourceExW
CreateSolidBrush
Polyline
DPtoLP
StartDocW
CreateCompatibleBitmap
DeleteMetaFile
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
SetDefaultCommConfigW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
CompareStringW
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
FileTimeToLocalFileTime
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
LCMapStringA
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
InterlockedIncrement
FreeEnvironmentStringsW
GetCommandLineA
CloseHandle
TlsFree
GetCurrentThread
SetStdHandle
SetFilePointer
RaiseException
InterlockedDecrement
CreateSemaphoreA
GetCPInfo
VirtualLock
GetStringTypeA
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CompareStringA
GetSystemTimeAsFileTime
EnumResourceLanguagesW
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
IsDebuggerPresent
TerminateProcess
GetTimeZoneInformation
WriteConsoleA
IsValidCodePage
HeapCreate
SetLastError
VirtualFree
SetConsoleActiveScreenBuffer
Sleep
GetFileType
GetTickCount
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
GetProcAddress
VirtualAlloc
WriteConsoleW
LeaveCriticalSection
DragQueryFileW
SHBrowseForFolderW
DragQueryFileA
ExtractIconW
Shell_NotifyIconA
ShellExecuteExA
SHCreateDirectoryExW
SHGetPathFromIDListW
FindExecutableW
ShellExecuteExW
SHGetFileInfoW
SHGetDesktopFolder
SHGetMalloc
DragAcceptFiles
SHGetSpecialFolderPathW
SHGetFolderPathW
SHAddToRecentDocs
DragFinish
ExtractIconExA
ShellExecuteW
ExtractIconExW
SHGetSpecialFolderLocation
SHAppBarMessage
CommandLineToArgvW
GetUserObjectInformationW
IntersectRect
SetMenuItemBitmaps
CreateIcon
ChangeDisplaySettingsA
MapVirtualKeyExW
GetComboBoxInfo
ToUnicodeEx
DdeCreateStringHandleA
InsertMenuItemW
PostMessageA
MessageBoxA
IsMenu
RegisterDeviceNotificationW
GetProcessWindowStation
GetScrollInfo
GetMenuBarInfo
ReleaseDC
MenuItemFromPoint
GetIconInfo
SetParent
UnpackDDElParam
SetCursorPos
BringWindowToTop
IsCharLowerW
CallNextHookEx
GetDCEx
GetKeyboardState
GetKeyboardLayout
CreateAcceleratorTableW
DestroyAcceleratorTable
GetSystemMenu
ReuseDDElParam
LoadAcceleratorsW
IsChild
TranslateAcceleratorW
Number of PE resources by type
HEADER 2
RT_MANIFEST 1
RT_VERSION 1
RT_HTML 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
MALAY MALAYSIA 1
PE resources
ExifTool file metadata
LegalTrademarks
TrueCrypt

UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.1.1.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
50688

EntryPoint
0x1973f

OriginalFileName
TrueCrypt.exe

MIMEType
application/octet-stream

FileVersion
7.1a

TimeStamp
2015:06:01 20:39:18+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

ProductVersion
7.1a

FileDescription
TrueCrypt

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
TrueCrypt Foundation

CodeSize
185344

ProductName
TrueCrypt

ProductVersionNumber
7.1.1.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c2706d8b83068fc2b43f76cf2c473d19
SHA1 d11675e2c2acc059883f3dae3c3116b57ad605e9
SHA256 1991a2020364da91c9ae3240909db7b1422efd43d1391eec1fa8774926f28b31
ssdeep
3072:AgAg0FuA0XMmu88eED4rqy5L6kWn8hnJXnG2JasZyPpKYH:AgAOAwrBvPtvbXnGaZa

authentihash 18da11db59022fa3f4577495936cd7542474d4795acbbfc0fbdce37f67d85228
imphash 61112760e86f98a1e3134e903e501456
File size 231.5 KB ( 237056 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-01 20:25:51 UTC ( 3 years, 8 months ago )
Last submission 2015-06-01 20:25:51 UTC ( 3 years, 8 months ago )
File names 10340a377.exe
TrueCrypt.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Moved files
Code injections in the following processes
Created mutexes
Runtime DLLs