× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ceeac092a70a4c81cc56f8c6a4eac759b7ab3b726bd3d00eff759496b268cbb0
File name: TrueCrypt.exe
Detection ratio: 33 / 50
Analysis date: 2014-03-27 10:57:17 UTC ( 4 years, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.86635 20140327
Yandex Worm.Ngrbot!WJXejx1ms5g 20140326
AhnLab-V3 Trojan/Win32.Agent 20140327
AntiVir TR/Injector.319689 20140327
Antiy-AVL Worm/Win32.Ngrbot 20140327
Avast Win32:Trojan-gen 20140327
AVG Inject2.WQZ 20140327
Baidu-International Worm.Win32.Ngrbot.AZ 20140327
BitDefender Gen:Variant.Zusy.86635 20140327
Bkav HW32.CDB.8c70 20140327
DrWeb Trojan.Winlock.10644 20140327
Emsisoft Gen:Variant.Zusy.86635 (B) 20140327
ESET-NOD32 a variant of Win32/Injector.BAIN 20140327
F-Secure Gen:Variant.Zusy.86635 20140327
Fortinet W32/Ngrbot.ACGO!worm 20140327
GData Gen:Variant.Zusy.86635 20140327
Ikarus Trojan-Spy.Zbot 20140327
K7AntiVirus Trojan ( 0049738b1 ) 20140326
K7GW Trojan ( 0049738b1 ) 20140326
Kaspersky Worm.Win32.Ngrbot.acgo 20140327
Malwarebytes Trojan.Ransom.ED 20140327
McAfee RDN/Sdbot.worm!by 20140327
McAfee-GW-Edition RDN/Sdbot.worm!by 20140327
Microsoft PWS:Win32/Zbot 20140327
eScan Gen:Variant.Zusy.86635 20140327
NANO-Antivirus Trojan.Win32.Ngrbot.cvpjzh 20140327
Norman Suspicious_Gen4.FZTOY 20140327
Panda Generic Malware 20140327
Sophos AV Troj/Zbot-HYT 20140327
Symantec Suspicious.Cloud.5 20140327
TrendMicro TROJ_GEN.R0CCC0DCN14 20140327
TrendMicro-HouseCall TROJ_GEN.R0CCC0DCN14 20140327
VIPRE Trojan.Win32.Generic!BT 20140326
AegisLab 20140327
ByteHero 20140327
CAT-QuickHeal 20140327
ClamAV 20140327
CMC 20140326
Commtouch 20140327
Comodo 20140327
F-Prot 20140327
Jiangmin 20140327
Kingsoft 20140327
nProtect 20140327
Qihoo-360 20140324
Rising 20140327
SUPERAntiSpyware 20140327
TheHacker 20140327
TotalDefense 20140326
VBA32 20140326
ViRobot 20140327
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher TrueCrypt Foundation
Product TrueCrypt
Original name TrueCrypt.exe
File version 7.1a
Description TrueCrypt
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-20 12:02:26
Entry Point 0x00003462
Number of sections 5
PE sections
PE imports
GetTextCharsetInfo
GetTextMetricsW
CreateFontIndirectW
AddFontResourceW
GetDeviceCaps
TranslateCharsetInfo
LineTo
DeleteDC
EndDoc
StartPage
ChoosePixelFormat
CreateDIBPatternBrushPt
ExtTextOutW
MoveToEx
GetStockObject
SetTextAlign
CreateCompatibleDC
DeleteObject
EndPage
CreateColorSpaceA
StartDocW
CloseMetaFile
RemoveFontResourceW
AddFontResourceExW
SelectObject
GetFontData
GetTextExtentPoint32W
GetStdHandle
GetFileAttributesA
HeapDestroy
EncodePointer
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
_llseek
FreeEnvironmentStringsW
SetStdHandle
FindResourceExA
GetCPInfo
LoadLibraryW
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
MoveFileA
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
FormatMessageA
WritePrivateProfileStringW
SetLastError
GetSystemTime
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
HeapSetInformation
LoadLibraryExA
GetPrivateProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
WritePrivateProfileSectionA
GetModuleHandleA
_lclose
GlobalAddAtomW
SetFileAttributesA
GetPrivateProfileSectionA
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
VirtualQuery
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetStartupInfoW
GetProcAddress
_lread
FillConsoleOutputAttribute
lstrcpyW
GetFileInformationByHandle
lstrcmpA
FindFirstFileA
lstrcpyA
EnumResourceNamesA
GetTempFileNameA
CreateFileMappingA
GlobalLock
GlobalAlloc
CreateFileW
CopyFileA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalUnlock
GetEnvironmentStringsW
GetTempPathA
IsDBCSLeadByte
GetDevicePowerState
GetShortPathNameA
_lwrite
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
EnumResourceTypesA
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
FreeResource
SizeofResource
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
SetFocus
EmptyClipboard
GetParent
ReleaseDC
CheckRadioButton
ShowWindow
MessageBeep
DrawStateW
SendDlgItemMessageA
GetSystemMetrics
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
PostMessageA
MessageBoxA
GetDlgItemTextA
GetClipboardFormatNameW
PeekMessageA
SetWindowLongA
GetWindowLongA
GetClassWord
GetWindowWord
GetDC
ChildWindowFromPointEx
SendMessageW
LoadStringA
CharPrevA
SendMessageA
GetDlgItem
CharLowerBuffA
wsprintfA
IsClipboardFormatAvailable
LoadImageW
DdeUnaccessData
IsDlgButtonChecked
CharNextA
CheckDlgButton
CallWindowProcA
IsCharUpperW
MsgWaitForMultipleObjects
ScrollWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 3
RT_VERSION 1
JPEG 1
Number of PE resources by language
NEUTRAL 7
GERMAN SWISS 3
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
55296

UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.1.1.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
262144

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
7.1a

TimeStamp
2014:03:20 13:02:26+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

FileAccessDate
2014:03:27 11:59:18+01:00

ProductVersion
7.1a

FileDescription
TrueCrypt

OSVersion
5.0

FileCreateDate
2014:03:27 11:59:18+01:00

OriginalFilename
TrueCrypt.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
TrueCrypt Foundation

LegalTrademarks
TrueCrypt

ProductName
TrueCrypt

ProductVersionNumber
7.1.1.0

EntryPoint
0x3462

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 9c0e33f414298ffff7062a6c9ee1474a
SHA1 1e1aa4236d8791dbe31120dc8f197565553ee5ba
SHA256 ceeac092a70a4c81cc56f8c6a4eac759b7ab3b726bd3d00eff759496b268cbb0
ssdeep
6144:DjbTmOhWNGgmka7NFpXO2UXsrSX9snv+xWv:3bTm6WN/KXlOpfX+mxy

imphash 36cdbeab85511c691726dbc7ec1a213c
File size 312.2 KB ( 319689 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-21 11:58:30 UTC ( 4 years, 7 months ago )
Last submission 2014-03-21 11:58:30 UTC ( 4 years, 7 months ago )
File names TrueCrypt.exe
soft_crypt_pUH1V532ad88b2a8a7.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs