× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 125861730c2b28e6af2bb640b162bd5118b2e80f2456bdca24a1e18e4f40fbc7
File name: csrss.exe
Detection ratio: 24 / 47
Analysis date: 2013-11-20 04:54:20 UTC ( 5 years, 6 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Backdoor/Win32.Zegost 20131119
AntiVir TR/Farfli.akt.2 20131119
Avast Win32:Zegost-X [Trj] 20131120
AVG BackDoor.Generic_r.EKW 20131120
Baidu-International Trojan.Win32.Farfli.AKT 20131119
BitDefender Trojan.GenericKD.1410029 20131120
Comodo TrojWare.Win32.Zegost.INC 20131120
DrWeb BackDoor.Spy.422 20131120
Emsisoft Trojan.Win32.Farfli (A) 20131120
ESET-NOD32 a variant of Win32/Farfli.AKT 20131120
F-Secure Trojan.GenericKD.1410029 20131120
GData Trojan.GenericKD.1410029 20131120
Ikarus Backdoor.Win32.Zegost 20131120
Jiangmin Heur:Backdoor/Ghost 20131120
Kaspersky HEUR:Trojan.Win32.Generic 20131119
Kingsoft Win32.Troj.Undef.(kcloud) 20130829
Malwarebytes Trojan.Agent 20131120
McAfee Artemis!221BDA8B150E 20131120
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious.H 20131119
eScan Trojan.GenericKD.1410029 20131120
Panda Suspicious file 20131119
Sophos AV Mal/Generic-S 20131120
TrendMicro-HouseCall TROJ_GEN.F47V1119 20131120
VBA32 BScope.P2P-Worm.Palevo 20131119
Yandex 20131119
Antiy-AVL 20131119
Bkav 20131119
ByteHero 20131118
CAT-QuickHeal 20131120
ClamAV 20131120
Commtouch 20131120
F-Prot 20131120
Fortinet 20131120
K7AntiVirus 20131119
K7GW 20131119
Microsoft 20131120
NANO-Antivirus 20131120
Norman 20131119
nProtect 20131119
Rising 20131120
SUPERAntiSpyware 20131119
Symantec 20131120
TheHacker 20131119
TotalDefense 20131119
TrendMicro 20131120
VIPRE 20131120
ViRobot 20131120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 360.cn Inc. All Rights Reserved.

Publisher 360.cn
Product 360 Safe Guard
Original name 360leakfixer.exe
Internal name 360leakfixer.exe
File version 2, 1, 0, 1016
Description 360 Vulnerability Patcher
Comments http://www.360.cn
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-18 07:20:23
Entry Point 0x0001A75F
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
CloseServiceHandle
RegOpenKeyA
GetUserNameA
OpenProcessToken
OpenServiceA
CloseEventLog
QueryServiceStatus
RegOpenKeyExA
OpenEventLogA
LookupAccountSidA
RegSetValueExA
ControlService
StartServiceA
AbortSystemShutdownA
GetTokenInformation
DeleteService
ClearEventLogA
RegCloseKey
OpenSCManagerA
DeleteDC
SelectObject
BitBlt
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
CreateToolhelp32Snapshot
GetLastError
GetEnvironmentVariableA
LocalReAlloc
EnterCriticalSection
lstrcatA
GetSystemInfo
lstrlenA
lstrcmpiA
WaitForSingleObject
SetEvent
GetTickCount
GetVersionExA
InterlockedExchange
lstrcpyW
GetModuleFileNameA
LoadLibraryA
GetLocalTime
CreateRemoteThread
DeleteCriticalSection
GetStartupInfoA
GetDriveTypeA
SetThreadPriority
GetFileSize
Process32First
DeleteFileA
GetWindowsDirectoryA
Module32First
MultiByteToWideChar
WinExec
OpenProcess
GetProcAddress
TerminateThread
CancelIo
GetCurrentThread
SetPriorityClass
CreateMutexA
GetModuleHandleA
GetTempPathA
RaiseException
GetShortPathNameA
CreateThread
GetFileAttributesA
SetFilePointer
ReadFile
Module32Next
lstrcpyA
GetCurrentProcess
ResetEvent
GlobalMemoryStatusEx
GetSystemDirectoryA
MoveFileExA
OutputDebugStringA
SetFileAttributesA
FreeLibrary
LocalFree
MoveFileA
GetDiskFreeSpaceExA
ResumeThread
CreateProcessA
LocalSize
WideCharToMultiByte
InitializeCriticalSection
VirtualFree
CreateEventA
Sleep
LeaveCriticalSection
CreateFileA
GetCurrentThreadId
OpenEventA
VirtualAlloc
LocalAlloc
CloseHandle
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Xran@std@@YAXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
strncmp
__p__fmode
malloc
__CxxFrameHandler
_ftol
strncat
??1type_info@@UAE@XZ
strncpy
_strrev
_acmdln
_errno
??2@YAPAXI@Z
_mbscmp
wcslen
exit
_XcptFilter
realloc
strrchr
__setusermatherr
rand
_adjust_fdiv
sprintf
_except_handler3
_CxxThrowException
_exit
__p__commode
??3@YAXPAX@Z
_strcmpi
free
ceil
atoi
_mbsstr
atol
__getmainargs
calloc
_controlfp
memmove
mbstowcs
wcstombs
strchr
wcscpy
_beginthreadex
_snprintf
_strnicmp
_initterm
_iob
__set_app_type
ICClose
ICSendMessage
ICSeqCompressFrameStart
ICCompressorFree
ICOpen
ICSeqCompressFrame
ICSeqCompressFrameEnd
NetUserGetLocalGroups
NetUserSetInfo
NetUserAdd
NetUserGetInfo
NetLocalGroupAddMembers
NetApiBufferFree
NetUserDel
NetUserEnum
EmptyClipboard
OpenInputDesktop
GetCursorInfo
EnumWindows
GetUserObjectInformationA
GetForegroundWindow
GetWindowThreadProcessId
GetSystemMetrics
IsWindow
MessageBoxA
DestroyCursor
SetThreadDesktop
GetKeyState
GetAsyncKeyState
ReleaseDC
IsWindowVisible
SendMessageA
CloseClipboard
GetThreadDesktop
SetRect
wsprintfA
CreateWindowExA
LoadCursorA
CloseDesktop
GetWindowTextA
OpenClipboard
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
WTSEnumerateSessionsA
WTSQuerySessionInformationA
WTSFreeMemory
WTSQuerySessionInformationW
WTSLogoffSession
WTSDisconnectSession
GetIfTable
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
FileDescription
360 Vulnerability Patcher

Comments
http://www.360.cn

LinkerVersion
6.0

ImageVersion
0.0

ProductName
360 Safe Guard

FileVersionNumber
2.1.0.1016

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
49152

FileTypeExtension
exe

OriginalFileName
360leakfixer.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2, 1, 0, 1016

TimeStamp
2013:11:18 08:20:23+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
360leakfixer.exe

SubsystemVersion
4.0

ProductVersion
2, 1, 0, 1016

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

LegalCopyright
(C) 360.cn Inc. All Rights Reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
360.cn

CodeSize
110592

FileSubtype
0

ProductVersionNumber
2.1.0.1016

EntryPoint
0x1a75f

ObjectFileType
Dynamic link library

File identification
MD5 221bda8b150e4af42dd862a25c34bfd4
SHA1 a64726744bc9b9ab955331f96b59ddc7d4cc3e05
SHA256 125861730c2b28e6af2bb640b162bd5118b2e80f2456bdca24a1e18e4f40fbc7
ssdeep
3072:46MCqObyQhP+HuLuEaPQSR0mXlgecslOL:vMHO5hk4hrSu6lFcslO

authentihash 24e662a631c7e8216b2c9b3009ef40220f0cb40558e50be90ccfda7be51032e5
imphash 17d5bf50b2243914333fecd06ab8add2
File size 144.0 KB ( 147456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-11-19 06:15:27 UTC ( 5 years, 6 months ago )
Last submission 2013-11-23 11:16:50 UTC ( 5 years, 6 months ago )
File names rqrqrqrqrqcsrss.exe
aa
csrss.exe
360leakfixer.exe
228e1f6b7bdd1fd1b94663e7e2e13820ae78345f
_DIJ.sys
sla5S4cMIg.mht
rqrqrqrqcsrss.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!