× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fa7e73bbc6698e5cff6d63fa4f1beb9e28e6248fd4b11fcc42d5f6f42d1844ad
File name: 06d3dff7f9ebae16fcb75c1053df5a066880c045
Detection ratio: 24 / 51
Analysis date: 2014-03-22 10:57:41 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1612061 20140322
AntiVir TR/Rogue.320200 20140322
AVG Agent.12.O 20140322
Baidu-International Trojan.Win32.Zbot.AHU 20140322
BitDefender Trojan.GenericKD.1612061 20140322
Bkav HW32.CDB.3591 20140322
DrWeb Trojan.Winlock.10644 20140322
Emsisoft Trojan.GenericKD.1612061 (B) 20140322
ESET-NOD32 a variant of Win32/Injector.BAHE 20140322
F-Secure Trojan.GenericKD.1612061 20140322
Fortinet W32/Zbot.RVKR!tr 20140322
GData Trojan.GenericKD.1612061 20140322
Kaspersky Trojan-Spy.Win32.Zbot.rvkr 20140322
Malwarebytes Trojan.Ransom.ED 20140322
McAfee Artemis!54832CE62820 20140322
McAfee-GW-Edition Artemis!54832CE62820 20140322
eScan Trojan.GenericKD.1612061 20140322
Norman Obfuscated_J.PYB 20140322
Panda Generic Malware 20140322
Qihoo-360 Win32/Trojan.91e 20140322
Sophos AV Troj/DwnLdr-LKY 20140322
Symantec Suspicious.Cloud.5 20140322
TrendMicro TROJ_FORUCON.BMC 20140322
VIPRE Trojan.Win32.Generic!BT 20140322
AegisLab 20140322
Yandex 20140321
AhnLab-V3 20140322
Antiy-AVL 20140320
Avast 20140322
ByteHero 20140322
CAT-QuickHeal 20140320
ClamAV 20140322
CMC 20140319
Commtouch 20140322
Comodo 20140322
F-Prot 20140322
Ikarus 20140322
Jiangmin 20140322
K7AntiVirus 20140321
K7GW 20140321
Kingsoft 20140322
Microsoft 20140322
NANO-Antivirus 20140322
nProtect 20140321
Rising 20140321
SUPERAntiSpyware 20140322
TheHacker 20140321
TotalDefense 20140321
TrendMicro-HouseCall 20140322
VBA32 20140321
ViRobot 20140322
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher TrueCrypt Foundation
Product TrueCrypt
Original name TrueCrypt.exe
File version 7.1a
Description TrueCrypt
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-19 22:59:27
Entry Point 0x00003462
Number of sections 5
PE sections
PE imports
GetTextCharsetInfo
GetTextMetricsW
CreateFontIndirectW
AddFontResourceW
ColorMatchToTarget
GetDeviceCaps
TranslateCharsetInfo
LineTo
DeleteDC
CreateDIBPatternBrush
EndDoc
StartPage
DeleteObject
BitBlt
CopyEnhMetaFileA
ExtTextOutW
MoveToEx
GetStockObject
SetTextAlign
CreateCompatibleDC
EndPage
GetTextExtentPoint32W
RemoveFontResourceW
AddFontResourceExW
SelectObject
GetFontData
StartDocW
GetStdHandle
GetFileAttributesA
HeapDestroy
EncodePointer
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
_llseek
FreeEnvironmentStringsW
SetStdHandle
FindResourceExA
GetCPInfo
LoadLibraryW
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
MoveFileA
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
FormatMessageA
SetLastError
GetSystemTime
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
SetConsoleOutputCP
HeapSetInformation
LoadLibraryExA
GetPrivateProfileStringA
GetCalendarInfoW
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
WritePrivateProfileSectionA
SetFilePointer
_lclose
SetFileAttributesA
GetPrivateProfileSectionA
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
VirtualQuery
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetStartupInfoW
GetProcAddress
_lread
GetFileInformationByHandle
lstrcmpA
FindFirstFileA
lstrcpyA
EnumResourceNamesA
GetTempFileNameA
CreateFileMappingA
GlobalLock
GlobalAlloc
CreateFileW
CopyFileA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetSystemWindowsDirectoryW
GlobalUnlock
GetEnvironmentStringsW
GetTempPathA
IsDBCSLeadByte
WaitForSingleObjectEx
CreateNamedPipeA
GetShortPathNameA
EnumTimeFormatsW
_lwrite
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
EnumResourceTypesA
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
FreeResource
SizeofResource
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
SetFocus
CharPrevA
SetDlgItemTextA
GetParent
ReleaseDC
CheckRadioButton
ShowWindow
MessageBeep
SendDlgItemMessageA
GetSystemMetrics
GetWindowRect
GetTabbedTextExtentA
EnableWindow
UnhookWindowsHookEx
LoadStringA
PostMessageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
GetWindowLongA
CheckDlgButton
GetDC
SystemParametersInfoA
CheckMenuItem
GetPriorityClipboardFormat
IsWindowVisible
SendMessageA
GetWindowModuleFileNameW
GetDlgItem
CreateDialogParamA
MsgWaitForMultipleObjects
wsprintfA
FlashWindow
IsDlgButtonChecked
CharNextA
CloseDesktop
DispatchMessageA
CallWindowProcA
InsertMenuW
GetMenuItemInfoW
Number of PE resources by type
RT_STRING 6
RT_ICON 3
RT_VERSION 1
JPEG 1
Number of PE resources by language
NEUTRAL 7
GERMAN SWISS 3
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
55296

UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.1.1.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
262656

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
7.1a

TimeStamp
2014:03:19 23:59:27+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

FileAccessDate
2014:03:22 12:01:48+01:00

ProductVersion
7.1a

FileDescription
TrueCrypt

OSVersion
5.0

FileCreateDate
2014:03:22 12:01:48+01:00

OriginalFilename
TrueCrypt.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
TrueCrypt Foundation

LegalTrademarks
TrueCrypt

ProductName
TrueCrypt

ProductVersionNumber
7.1.1.0

EntryPoint
0x3462

ObjectFileType
Executable application

File identification
MD5 54832ce62820390794ea367764cbea67
SHA1 04d4b070ac50a9e1c6b43f1e569601074346365a
SHA256 fa7e73bbc6698e5cff6d63fa4f1beb9e28e6248fd4b11fcc42d5f6f42d1844ad
ssdeep
6144:48Tj6WhvlwbINe2Opn+JG6lB/BNYHoPybm9xWh:/Tj6i26lBpiIPr9xe

imphash db90ef39ede933b3daf5041acf6c3295
File size 312.7 KB ( 320200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-20 09:23:32 UTC ( 4 years, 8 months ago )
Last submission 2014-03-22 10:57:41 UTC ( 4 years, 8 months ago )
File names TrueCrypt.exe
06d3dff7f9ebae16fcb75c1053df5a066880c045
WindowsSys.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs