× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 86ba7362995c16b7d2715c9cae99867def6e10ee8834a90f4b92ce4c3f01a910
File name: csrss.exe
Detection ratio: 25 / 46
Analysis date: 2013-08-06 14:31:32 UTC ( 5 years, 3 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Gen 20130806
AntiVir TR/Injector.Arh.7 20130806
Avast Win32:Injector-ARH [Trj] 20130806
BitDefender Trojan.Generic.7630658 20130806
Commtouch W32/Trojan.CIVO-5139 20130806
Comodo TrojWare.Win32.Agent.smak 20130806
Emsisoft Trojan.Generic.7630658 (B) 20130806
F-Secure Trojan.Generic.7630658 20130806
Fortinet Malware_fam.NB 20130806
GData Trojan.Generic.7630658 20130806
Ikarus Win32.Injector 20130806
Kingsoft Win32.Troj.Generic.v.(kcloud) 20130723
Malwarebytes Trojan.SmallDL 20130806
McAfee Generic.dx!65AAE6BF5187 20130806
McAfee-GW-Edition Generic.dx!65AAE6BF5187 20130806
eScan Trojan.Generic.7630658 20130806
NANO-Antivirus Trojan.Win32.EncPkNS.xczfe 20130806
Norman Troj_Generic.CPHFO 20130806
Panda Generic Trojan 20130806
PCTools Trojan.Gen 20130806
SUPERAntiSpyware Trojan.Agent/Gen-Poison 20130806
Symantec Trojan.Gen.2 20130806
TrendMicro TROJ_GEN.R3AC8GI 20130806
TrendMicro-HouseCall TROJ_GEN.R3AC8GI 20130806
VIPRE Trojan.Win32.Generic!BT 20130806
Yandex 20130805
Antiy-AVL 20130806
AVG 20130806
ByteHero 20130804
CAT-QuickHeal 20130806
ClamAV 20130806
DrWeb 20130806
ESET-NOD32 20130806
F-Prot 20130806
Jiangmin 20130806
K7AntiVirus 20130806
K7GW 20130805
Kaspersky 20130806
Microsoft 20130806
nProtect 20130806
Rising 20130806
Sophos AV 20130806
TheHacker 20130805
TotalDefense 20130806
VBA32 20130806
ViRobot 20130806
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-18 13:59:49
Entry Point 0x00001000
Number of sections 3
PE sections
PE imports
ExitProcess
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:06:18 14:59:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
512

LinkerVersion
5.12

FileTypeExtension
exe

InitializedDataSize
1024

SubsystemVersion
4.0

EntryPoint
0x1000

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 65aae6bf5187a28838f602d5a4b6f759
SHA1 7966c9f12129b729378ce20860ee37d7f35b42d5
SHA256 86ba7362995c16b7d2715c9cae99867def6e10ee8834a90f4b92ce4c3f01a910
ssdeep
12:e9GSGTsHIOnEuG8SUxgKuq77ogsoOuBWmtYMWotLTxxWF8fx:e9GSoiEuG1nvqvoGLBWmmqVTxQi

authentihash 4d79aa92940015f14d233bb32ea19b2f12dfc272d41a01a6549112dc1d412153
imphash f9ade0aa18f660a34a4fa23392e21838
File size 2.5 KB ( 2560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 5.0 (80.0%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Generic Win/DOS Executable (2.6%)
DOS Executable Generic (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2012-06-24 21:19:13 UTC ( 6 years, 4 months ago )
Last submission 2016-01-13 07:38:44 UTC ( 2 years, 10 months ago )
File names 86ba7362995c16b7d2715c9cae99867def6e10ee8834a90f4b92ce4c3f01a910.vir
csrss.exe
65aae6bf5187a28838f602d5a4b6f759
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
UDP communications