× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 44a47144f5889169b6f9891c8438242fbff8540fce9216ad052dde5e1dfc7074
File name: csservice.exe
Detection ratio: 4 / 57
Analysis date: 2016-09-21 19:10:50 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
ESET-NOD32 a variant of Win32/GenKryptik.EMS 20160921
Sophos ML generic.a 20160917
Symantec Heur.AdvML.B 20160921
Ad-Aware 20160921
AegisLab 20160921
AhnLab-V3 20160921
Alibaba 20160921
ALYac 20160921
Antiy-AVL 20160921
Arcabit 20160921
Avast 20160921
AVG 20160921
Avira (no cloud) 20160921
AVware 20160921
Baidu 20160921
BitDefender 20160921
Bkav 20160921
CAT-QuickHeal 20160921
ClamAV 20160921
CMC 20160921
Comodo 20160921
Cyren 20160921
DrWeb 20160921
Emsisoft 20160921
F-Prot 20160921
F-Secure 20160921
Fortinet 20160921
GData 20160921
Ikarus 20160921
Jiangmin 20160921
K7AntiVirus 20160921
K7GW 20160921
Kaspersky 20160921
Kingsoft 20160921
Malwarebytes 20160921
McAfee 20160921
McAfee-GW-Edition 20160921
Microsoft 20160921
eScan 20160921
NANO-Antivirus 20160921
nProtect 20160921
Panda 20160921
Qihoo-360 20160921
Rising 20160921
Sophos AV 20160921
SUPERAntiSpyware 20160921
Tencent 20160921
TheHacker 20160920
TrendMicro 20160921
TrendMicro-HouseCall 20160921
VBA32 20160921
VIPRE 20160921
ViRobot 20160921
Yandex 20160921
Zillya 20160921
Zoner 20160921
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-10-05 09:32:13
Entry Point 0x0000E5C5
Number of sections 4
PE sections
PE imports
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
InitializeCriticalSection
TlsGetValue
SetLastError
GetEnvironmentVariableA
CopyFileA
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
WritePrivateProfileSectionW
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
CreateSemaphoreA
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GetCurrentThreadId
GetProcAddress
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetUserDefaultLCID
GetProcessHeap
InterlockedIncrement
GetTempFileNameA
IsValidLocale
WaitForMultipleObjects
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetShortPathNameA
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
RasEnumConnectionsA
RasGetConnectStatusA
RasHangUpA
WinVerifyTrust
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoSuspendClassObjects
OleCreate
StgCreateDocfile
CoTaskMemFree
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2006:10:05 10:32:13+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
131072

LinkerVersion
8.0

EntryPoint
0xe5c5

InitializedDataSize
360448

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 9ba9f48cda9db950feb4fbe10f61353c
SHA1 e6e4a512a0baccf8c92adcde4b300f43c277ed53
SHA256 44a47144f5889169b6f9891c8438242fbff8540fce9216ad052dde5e1dfc7074
ssdeep
3072:zuKdf1uD1vdkGxklByEZy4ywmhlJFeiLKhCBkatLZHgNivpichHW4ARj7I4:zZluRxowBhD9+atLZHgNivQci

authentihash 47c5a89f80f4c59e96b251f95a214dc80ab95219619c02d53c62bc50e11e6b8e
imphash 01e14f85770a9b70ccca8a702cf5f894
File size 272.0 KB ( 278528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-09-21 19:08:11 UTC ( 2 years, 4 months ago )
Last submission 2017-11-24 05:26:06 UTC ( 1 year, 2 months ago )
File names 44a47144f5889169b6f9891c8438242fbff8540fce9216ad052dde5e1dfc7074.exe
csservice(1).exe
csservice(1).exe.mal
44a47144f5889169b6f9891c8438242fbff8540fce9216ad052dde5e1dfc7074.exe.exe
44a47144f5889169b6f9891c8438242fbff8540fce9216ad052dde5e1dfc7074
csservice.exe
b07636d71168bddd386058ef78972fed3e649e29
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications