× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 36514a1dcf86b9fe282dc886aab9fd90ccd9bd6fd9426f571f04d445ce86ac8b
File name: csrss.exe
Detection ratio: 4 / 55
Analysis date: 2015-07-13 05:23:46 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Baidu-International HackTool.Win32.Shutdown.AHBM 20150712
Jiangmin Trojan/Delf.pyu 20150710
Symantec WS.Reputation.1 20150713
TheHacker Trojan/Agent.qb 20150713
Ad-Aware 20150713
AegisLab 20150713
Yandex 20150712
AhnLab-V3 20150712
Alibaba 20150713
ALYac 20150713
Antiy-AVL 20150713
Arcabit 20150713
Avast 20150713
AVG 20150713
Avira (no cloud) 20150712
AVware 20150713
BitDefender 20150713
Bkav 20150708
ByteHero 20150713
CAT-QuickHeal 20150712
ClamAV 20150713
Comodo 20150713
Cyren 20150713
DrWeb 20150713
Emsisoft 20150713
ESET-NOD32 20150713
F-Prot 20150713
F-Secure 20150713
Fortinet 20150713
GData 20150713
Ikarus 20150713
K7AntiVirus 20150712
K7GW 20150713
Kaspersky 20150713
Kingsoft 20150713
Malwarebytes 20150712
McAfee 20150713
McAfee-GW-Edition 20150712
Microsoft 20150713
eScan 20150713
NANO-Antivirus 20150713
nProtect 20150710
Panda 20150712
Qihoo-360 20150713
Rising 20150712
Sophos AV 20150713
SUPERAntiSpyware 20150713
Tencent 20150713
TrendMicro 20150713
TrendMicro-HouseCall 20150713
VBA32 20150711
VIPRE 20150713
ViRobot 20150713
Zillya 20150712
Zoner 20150713
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
david.soft@yahoo.com

Publisher DRS David Soft
Product DRS - Shut Downer
Original name Bomber
Internal name Bomber
File version 1.0.0.0
Description DRS - Shut Down
Packers identified
F-PROT UPX_LZMA
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x001EB570
Number of sections 3
PE sections
Overlays
MD5 d67e8c4d48d2814ee0d6741c83e91508
File type data
Offset 659456
Size 1913093
Entropy 7.83
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
DrawDibEnd
RegFlushKey
ImageList_Add
PrintDlgA
SaveDC
OleDraw
VariantCopy
DragFinish
VerQueryValueA
PlaySoundA
OpenPrinterA
Number of PE resources by type
RT_BITMAP 52
RT_STRING 31
RT_RCDATA 17
RT_GROUP_CURSOR 11
RT_CURSOR 11
RT_ICON 4
TYPELIB 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 76
ENGLISH US 54
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
1.0.0.0

UninitializedDataSize
1376256

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
24576

EntryPoint
0x1eb570

MIMEType
application/octet-stream

LegalCopyright
david.soft@yahoo.com

FileVersion
1.0.0.0

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Bomber

ProductVersion
1.0.0.0

FileDescription
DRS - Shut Down

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
DRS David Soft

CodeSize
638976

FileSubtype
0

ProductVersionNumber
5.6.2.32767

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 239db48e4cdee3f96ccf82d24bb29e72
SHA1 8cbc582944b0c746a154a01b952529dfc3486172
SHA256 36514a1dcf86b9fe282dc886aab9fd90ccd9bd6fd9426f571f04d445ce86ac8b
ssdeep
49152:Nb5aCJZr62jc4jP45CM2GQ+Xfwa1v0avGQuzRtfbNFsSRAcdOz:NsCD9w5lDCjlzRtfbXscdOz

authentihash 4d57d3f11e7468e36e084a5381af88392dfe49cb8e96390309fcde492c755b27
imphash f5a42171c07227920d6a88c514e5709b
File size 2.5 MB ( 2572549 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (41.1%)
Win32 EXE Yoda's Crypter (35.7%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-05-16 14:57:21 UTC ( 4 years, 6 months ago )
Last submission 2015-07-13 05:23:46 UTC ( 2 years, 4 months ago )
File names Bomber
csrss.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!