× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 60f22165875daf136d3a451460630b31e408cc8dc6be4e6c98c53792bdeee98f
File name: 2165875daf136d3a451460630b31e408cc8dc6be4e6c98c53792bdeee98f.bin
Detection ratio: 15 / 69
Analysis date: 2018-12-11 05:00:40 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Avast FileRepMetagen [Malware] 20181210
AVG FileRepMetagen [Malware] 20181210
Bkav HW32.Packed. 20181210
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.bd671e 20180225
Cylance Unsafe 20181211
Endgame malicious (high confidence) 20181108
Fortinet W32/Kryptik.GNDQ!tr 20181211
Kaspersky UDS:DangerousObject.Multi.Generic 20181211
Microsoft Ransom:Win32/Troldesh.A 20181211
Qihoo-360 HEUR/QVM20.1.C94E.Malware.Gen 20181211
SentinelOne (Static ML) static engine - malicious 20181011
Symantec Ransom.Troldesh 20181211
Trapmine malicious.moderate.ml.score 20181205
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181210
Ad-Aware 20181210
AegisLab 20181210
AhnLab-V3 20181210
Alibaba 20180921
ALYac 20181210
Antiy-AVL 20181210
Arcabit 20181210
Avast-Mobile 20181210
Avira (no cloud) 20181210
Babable 20180918
Baidu 20181207
BitDefender 20181210
CAT-QuickHeal 20181210
ClamAV 20181210
CMC 20181210
Comodo 20181210
Cyren 20181211
DrWeb 20181211
eGambit 20181211
Emsisoft 20181211
ESET-NOD32 20181211
F-Prot 20181211
F-Secure 20181211
GData 20181211
Ikarus 20181211
Sophos ML 20181128
Jiangmin 20181211
K7AntiVirus 20181211
K7GW 20181211
Kingsoft 20181211
Malwarebytes 20181211
MAX 20181211
McAfee 20181211
McAfee-GW-Edition 20181210
eScan 20181211
NANO-Antivirus 20181211
Palo Alto Networks (Known Signatures) 20181211
Panda 20181210
Rising 20181211
Sophos AV 20181211
SUPERAntiSpyware 20181205
Symantec Mobile Insight 20181207
TACHYON 20181211
Tencent 20181211
TheHacker 20181210
TotalDefense 20181210
TrendMicro 20181211
TrendMicro-HouseCall 20181211
Trustlook 20181211
VBA32 20181210
ViRobot 20181211
Webroot 20181211
Yandex 20181207
Zillya 20181211
Zoner 20181210
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification The digital signature of the object did not verify.
Signing date 6:28 PM 2/28/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-11 02:56:10
Entry Point 0x000017E0
Number of sections 3
PE sections
Overlays
MD5 09ffc2c8db4fbcc9b3c5cc8ce01f80d4
File type data
Offset 1097728
Size 3336
Entropy 7.33
PE imports
RegCreateKeyExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
SetSecurityDescriptorDacl
OpenProcessToken
MakeAbsoluteSD
RegEnumKeyW
RegOpenKeyW
LookupAccountNameW
RegQueryValueW
GetTokenInformation
GetKernelObjectSecurity
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
OpenThreadToken
CreateProcessAsUserW
SetEntriesInAclW
RegSetValueExW
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
EqualSid
SetKernelObjectSecurity
GetFileTitleW
SetMapMode
EngFindResource
CombineRgn
SelectFontLocal
GetROP2
GdiEndDocEMF
SetPixel
GetMetaFileA
CreateEllipticRgn
GetColorSpace
GdiEntry10
cGetTTFFromFOT
GdiDeleteLocalDC
StretchBlt
ScaleViewportExtEx
SetWindowExtEx
SetViewportExtEx
SetBkColor
GetBkColor
SetRectRgn
GetDIBColorTable
TextOutW
CreateFontIndirectW
GetCurrentPositionEx
CreateRectRgnIndirect
LPtoDP
GetEnhMetaFileW
GetPixel
EngDeletePath
GetBrushOrgEx
OffsetViewportOrgEx
DeviceCapabilitiesExA
SetBkMode
SetMetaFileBitsEx
BitBlt
GdiConvertPalette
RemoveFontResourceExW
FillRgn
GetHFONT
ScaleWindowExtEx
StrokePath
EngStrokeAndFillPath
ExtSelectClipRgn
SetROP2
SetDIBColorTable
CreateScalableFontResourceA
GetTextColor
PtVisible
Escape
BeginPath
DeleteObject
GetWindowExtEx
SetBitmapBits
CreatePen
AddFontResourceW
GetClipBox
GetDeviceCaps
LineTo
PolyTextOutW
DeleteDC
GetMapMode
GetObjectW
CreatePatternBrush
ExtTextOutW
CreateBitmap
RectVisible
GetStockObject
SetRelAbs
GdiQueryTable
gdiPlaySpoolStream
GetViewportExtEx
GetTextExtentPoint32W
EndPath
GetRgnBox
SaveDC
CreateICW
RestoreDC
GetBitmapBits
CreateDIBSection
SetTextColor
ExtFloodFill
MoveToEx
SetViewportOrgEx
CreateCompatibleDC
Chord
CreateRectRgn
SelectObject
Ellipse
CreateSolidBrush
AbortDoc
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesW
DuplicateHandle
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
ExpandEnvironmentStringsA
ExitProcess
SetErrorMode
FreeEnvironmentStringsW
CommConfigDialogA
GetLocaleInfoW
SetStdHandle
GetFileTime
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
GetProfileIntA
GetFullPathNameW
GetCurrentThread
SetLastError
TlsGetValue
GlobalFindAtomW
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
lstrcmpiW
EnumResourceLanguagesW
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomW
SetUnhandledExceptionFilter
ConvertDefaultLocale
CreateMutexW
SetSystemPowerState
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetVersion
LeaveCriticalSection
GetConsoleAliasesW
WriteConsoleW
MulDiv
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetLastError
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
OpenProcess
GetStartupInfoW
CreateDirectoryW
GlobalLock
GetConsoleAliasesA
GetProcessHeap
CompareStringW
GetFileSizeEx
GlobalReAlloc
GetModuleFileNameW
lstrcmpA
ResetEvent
FindFirstFileW
lstrcmpW
GetProcAddress
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
InterlockedIncrement
GlobalGetAtomNameW
LocalReAlloc
LCMapStringW
VirtualAllocEx
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
AssignProcessToJobObject
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
CreateMailslotA
CreateProcessW
FileTimeToLocalFileTime
SizeofResource
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetConsoleTitleA
WritePrivateProfileStringW
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
FreeResource
GetFileAttributesExW
IsValidCodePage
HeapCreate
FindResourceW
VirtualQuery
VirtualFree
Sleep
VirtualAlloc
CompareStringA
SHGetFolderPathW
CheckEscapesW
SHEmptyRecycleBinW
SHCreateDirectoryExW
DragFinish
DragQueryFileW
SHGetFileInfo
ShellExecuteW
ShellHookProc
SHGetFolderPathA
SHCreateDirectoryExA
SHGetIconOverlayIndexW
SHGetFileInfoW
ShellAboutW
DragQueryFileA
ExtractAssociatedIconA
ExtractAssociatedIconW
SHAppBarMessage
SHLoadNonloadedIconOverlayIdentifiers
PathFindFileNameW
PathIsUNCW
StrRChrIA
PathFindExtensionW
PathStripToRootW
StrRStrIW
MapWindowPoints
GetMessagePos
SetWindowRgn
RedrawWindow
SetMenuItemBitmaps
LoadBitmapW
MoveWindow
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
GetNextDlgTabItem
IsWindow
GrayStringW
EndPaint
DrawIcon
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
MapDialogRect
GetDlgCtrlID
SendMessageW
CharUpperW
UnregisterClassW
GetClientRect
DefWindowProcW
DrawTextW
SetScrollPos
CallNextHookEx
BroadcastSystemMessageW
ClientToScreen
GetTopWindow
GetWindowTextW
LockWindowUpdate
GetWindowTextLengthW
LoadAcceleratorsW
ScrollWindow
MapVirtualKeyExA
InvalidateRgn
PtInRect
GetParent
UpdateWindow
GetPropW
EqualRect
GetMessageW
ShowWindow
GetNextDlgGroupItem
SetPropW
GetMenuState
PeekMessageW
SetWindowsHookExW
EnumDisplayDevicesA
InsertMenuItemW
CopyAcceleratorTableW
GetSystemMenu
GetMenuCheckMarkDimensions
TranslateMessage
IsWindowEnabled
GetWindow
RegisterClassW
SetClipboardData
GetWindowPlacement
DrawMenuBar
IsIconic
GetSubMenu
SetTimer
GetActiveWindow
IsDialogMessageW
FillRect
SetWindowContextHelpId
GetSysColorBrush
GetClassInfoW
CreateWindowExW
TabbedTextOutW
GetWindowLongW
DestroyWindow
IsChild
SetFocus
RegisterWindowMessageW
BeginPaint
OffsetRect
SetCaretPos
GetScrollPos
KillTimer
GetClassInfoExW
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
SetScrollRange
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
GetScrollRange
SendDlgItemMessageW
PostMessageW
EndDialog
DrawTextExW
CreatePopupMenu
CheckMenuItem
DrawFocusRect
GetClassLongW
GetLastActivePopup
SetWindowTextW
GetDlgItem
RemovePropW
BringWindowToTop
ScreenToClient
TrackPopupMenu
PostThreadMessageW
GetMenuItemCount
BeginDeferWindowPos
ValidateRect
ShowOwnedPopups
LoadCursorW
LoadIconW
ReuseDDElParam
GetDC
SetForegroundWindow
NotifyWinEvent
ExitWindowsEx
PostThreadMessageA
GetMenuItemInfoW
CreateDialogIndirectParamW
ReleaseDC
IntersectRect
GetScrollInfo
CopyRect
GetCapture
MessageBeep
LoadMenuW
GetWindowThreadProcessId
DeferWindowPos
ShowScrollBar
MessageBoxW
GetMenu
DestroyIcon
UnhookWindowsHookEx
SetRectEmpty
GetWindowDC
AdjustWindowRectEx
GetSysColor
RegisterClipboardFormatW
SetScrollInfo
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
EnableMenuItem
IsWindowVisible
WinHelpW
GetDesktopWindow
UnpackDDElParam
SystemParametersInfoW
DispatchMessageW
SetRect
InvalidateRect
AnimateWindow
CharNextW
CallWindowProcW
GetClassNameW
ModifyMenuW
IsRectEmpty
GetFocus
EnableWindow
TranslateAcceleratorW
SetMenu
SetCursor
OleUninitialize
StgOpenStorageOnILockBytes
StringFromGUID2
CoSetProxyBlanket
OleFlushClipboard
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
CLSIDFromString
CreateILockBytesOnHGlobal
CoGetClassObject
CoRegisterClassObject
OleInitialize
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoRevokeClassObject
CLSIDFromProgID
CoFreeUnusedLibraries
CoDisconnectObject
CoGetObject
OleIsCurrentClipboard
CoTaskMemFree
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:12:11 03:56:10+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
7680

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x17e0

InitializedDataSize
1089536

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Execution parents
File identification
MD5 c3ae781bd671ebfa92e0a8b6becf7800
SHA1 0869bb80c3a02c3a55cc9176e6eba8b65e0f8cd1
SHA256 60f22165875daf136d3a451460630b31e408cc8dc6be4e6c98c53792bdeee98f
ssdeep
24576:zdu0en5t/AOWf3UN+qlrxMw8JjH0E1At9Z/0sp5:Zu0ezBck+6xeU3Hpp5

authentihash d31c53353f3e47717662efd9d5f4fc238f50cb0a3393715f53c08bbf7d7e2db7
imphash 56b471011e8bd66449360cbe0fe07d51
File size 1.1 MB ( 1101064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (50.8%)
Windows screen saver (21.3%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-12-11 05:00:40 UTC ( 5 months, 1 week ago )
Last submission 2018-12-29 14:05:15 UTC ( 4 months, 3 weeks ago )
File names csrss(63).gxe
csrss.exe
sserv.jpg
2165875daf136d3a451460630b31e408cc8dc6be4e6c98c53792bdeee98f.bin
c3ae781bd671ebfa92e0a8b6becf7800
output.114603918.txt
c3ae781bd671ebfa92e0a8b6becf7800
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections