× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8501552fe383b325ba0f1105d971e9ca304193bd187f5633b80750908a386f47
File name: A8CD32EEF87EE714F3E1C0A2354AFDA420A63740
Detection ratio: 17 / 69
Analysis date: 2018-12-24 11:39:57 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Acronis malware 20181224
AegisLab Hacktool.Win32.Krap.lKMc 20181224
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.ef87ee 20180225
Cylance Unsafe 20181224
eGambit PE.Heur.InvalidSig 20181224
Emsisoft Trojan-Ransom.Shade (A) 20181224
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
Kaspersky UDS:DangerousObject.Multi.Generic 20181224
Microsoft Trojan:Win32/Fuerboos.C!cl 20181224
Qihoo-360 HEUR/QVM20.1.13E5.Malware.Gen 20181224
Rising Malware.Heuristic!ET#85% (RDM+:cmRtazr46hT29OBU5bKnwx3zYwpA) 20181224
SentinelOne (Static ML) static engine - malicious 20181223
Trapmine malicious.high.ml.score 20181205
VBA32 BScope.Trojan-Spy.Zbot 20181222
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181224
Ad-Aware 20181224
AhnLab-V3 20181223
Alibaba 20180921
ALYac 20181224
Antiy-AVL 20181223
Arcabit 20181224
Avast 20181224
Avast-Mobile 20181224
AVG 20181224
Avira (no cloud) 20181224
Babable 20180918
Baidu 20181207
BitDefender 20181224
Bkav 20181224
CAT-QuickHeal 20181223
ClamAV 20181224
CMC 20181223
Comodo 20181224
Cyren 20181224
DrWeb 20181224
ESET-NOD32 20181224
F-Prot 20181224
F-Secure 20181224
Fortinet 20181224
GData 20181224
Ikarus 20181224
Jiangmin 20181224
K7AntiVirus 20181224
K7GW 20181224
Kingsoft 20181224
Malwarebytes 20181224
MAX 20181224
McAfee 20181224
McAfee-GW-Edition 20181224
eScan 20181224
NANO-Antivirus 20181224
Palo Alto Networks (Known Signatures) 20181224
Panda 20181224
Sophos AV 20181224
SUPERAntiSpyware 20181220
Symantec 20181224
Symantec Mobile Insight 20181215
TACHYON 20181224
Tencent 20181224
TheHacker 20181220
TrendMicro 20181224
TrendMicro-HouseCall 20181224
Trustlook 20181224
ViRobot 20181223
Webroot 20181224
Yandex 20181223
Zillya 20181222
Zoner 20181224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification The digital signature of the object did not verify.
Signing date 2:38 AM 1/28/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-24 08:23:17
Entry Point 0x00156230
Number of sections 3
PE sections
Overlays
MD5 92ed807128a6a5f4386e2423bc298dca
File type data
Offset 1404416
Size 2760
Entropy 7.41
PE imports
RegQueryValueExW
RegOpenKeyExW
StrokePath
AddFontResourceA
DeleteDC
CreateHalftonePalette
GetSystemPaletteUse
UnrealizeObject
GetDCPenColor
EndPath
GdiFlush
GetObjectType
CreateCompatibleBitmap
DeleteMetaFile
AddFontResourceW
GetModuleHandleA
VirtualAlloc
ExtractIconA
DragQueryFile
SHGetFolderPathW
SHFileOperationW
DuplicateIcon
ShellExecuteEx
ShellExecuteW
SHGetDesktopFolder
SHGetDiskFreeSpaceExA
ExtractAssociatedIconW
ShellAboutW
SHGetPathFromIDListA
SHGetDiskFreeSpaceExW
DragFinish
StrRChrIA
CharPrevA
OpenInputDesktop
ReleaseCapture
GetMessageA
GetInputState
BeginPaint
FindWindowW
ChangeDisplaySettingsA
MapVirtualKeyW
RealGetWindowClass
VkKeyScanExA
SetWinEventHook
ShowWindow
DdeImpersonateClient
BeginDeferWindowPos
OpenWindowStationW
GetClipboardFormatNameW
GetWindow
GetMenuDefaultItem
GetSysColor
IsCharAlphaNumericA
ShowCaret
GetMenu
GetDlgItem
DrawMenuBar
CharLowerBuffA
UnionRect
GetThreadDesktop
DdeFreeDataHandle
CreateMenu
CountClipboardFormats
ChangeDisplaySettingsExA
GetMenuItemCount
CloseDesktop
CharUpperW
IsCharUpperW
GetWindowTextLengthW
GetTopWindow
CloseClipboard
SetCursorPos
WindowFromDC
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:12:24 00:23:17-08:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1400320

LinkerVersion
2.5

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x156230

InitializedDataSize
3584

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Execution parents
File identification
MD5 e970ea9cf29bcb0d9d2e420d8bf6a139
SHA1 a8cd32eef87ee714f3e1c0a2354afda420a63740
SHA256 8501552fe383b325ba0f1105d971e9ca304193bd187f5633b80750908a386f47
ssdeep
12288:iqS4kXCa7v6JiD8Q4eqQNf3h8SoOX9kI+CwCSdK5hXYP4xLTbD0pTFDAG0EWkhBq:iqSrXr76pe1Nf39ogkxWYGIT5n0E5rm

authentihash f6c42b01cefc96e8269841a17d692821d89353ab4adfed934cfade5f86a916ce
imphash fafd3c58cce06b0782196dc633afcf2d
File size 1.3 MB ( 1407176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-12-24 11:39:57 UTC ( 1 month, 3 weeks ago )
Last submission 2019-01-05 08:38:19 UTC ( 1 month, 1 week ago )
File names img.jpg
csrss.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections