× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9fb56afef028a9a8e4a60b81b672afa3ffd11245717bce95152e795761ee91bc
File name: sserv.jpg
Detection ratio: 20 / 69
Analysis date: 2018-12-25 05:39:10 UTC ( 3 months ago ) View latest
Antivirus Result Update
Acronis malware 20181224
Avast Win32:Malware-gen 20181225
AVG Win32:Malware-gen 20181225
Bkav HW32.Packed. 20181224
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cylance Unsafe 20181225
Endgame malicious (high confidence) 20181108
Fortinet W32/Kryptik.GJCI!tr 20181225
Ikarus Trojan-Ransom.Crypted007 20181224
Sophos ML heuristic 20181128
Kaspersky UDS:DangerousObject.Multi.Generic 20181224
Microsoft Trojan:Win32/Cloxer.D!cl 20181225
Palo Alto Networks (Known Signatures) generic.ml 20181225
Qihoo-360 HEUR/QVM20.1.1869.Malware.Gen 20181225
Rising Malware.Heuristic!ET#88% (RDM+:cmRtazrqpD+mIWIEb3kpheiwUL+Z) 20181225
SentinelOne (Static ML) static engine - malicious 20181223
Symantec Ransom.Troldesh 20181224
Trapmine malicious.high.ml.score 20181205
VBA32 BScope.TrojanPSW.Papras 20181222
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181225
Ad-Aware 20181225
AegisLab 20181225
AhnLab-V3 20181224
Alibaba 20180921
ALYac 20181225
Antiy-AVL 20181225
Arcabit 20181225
Avast-Mobile 20181224
Avira (no cloud) 20181224
Babable 20180918
Baidu 20181207
BitDefender 20181225
CAT-QuickHeal 20181224
ClamAV 20181225
CMC 20181224
Comodo 20181225
Cybereason 20180225
Cyren 20181225
DrWeb 20181225
eGambit 20181225
Emsisoft 20181225
ESET-NOD32 20181225
F-Prot 20181225
F-Secure 20181225
GData 20181225
Jiangmin 20181224
K7AntiVirus 20181224
K7GW 20181224
Kingsoft 20181225
Malwarebytes 20181224
MAX 20181225
McAfee 20181225
McAfee-GW-Edition 20181225
eScan 20181225
NANO-Antivirus 20181225
Panda 20181224
Sophos AV 20181225
SUPERAntiSpyware 20181220
Symantec Mobile Insight 20181215
TACHYON 20181224
Tencent 20181225
TheHacker 20181220
TrendMicro 20181225
TrendMicro-HouseCall 20181225
Trustlook 20181225
ViRobot 20181225
Webroot 20181225
Yandex 20181223
Zillya 20181222
Zoner 20181225
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification The digital signature of the object did not verify.
Signing date 5:50 AM 3/24/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-25 02:56:47
Entry Point 0x00001D60
Number of sections 3
PE sections
Overlays
MD5 b6fca37bed8d096db5e2f2068f22960d
File type data
Offset 1067008
Size 3336
Entropy 7.36
PE imports
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
RevertToSelf
RegCloseKey
OpenProcessToken
FreeSid
ImpersonateSelf
RegQueryValueExA
AccessCheck
AllocateAndInitializeSid
InitializeSecurityDescriptor
OpenThreadToken
RegOpenKeyExA
InitializeAcl
RegOpenKeyExW
GetLengthSid
AddAccessAllowedAce
RegEnumKeyExA
SetSecurityDescriptorGroup
IsValidSecurityDescriptor
BeginPath
CreateMetaFileW
GetStdHandle
FileTimeToDosDateTime
GetFileAttributesA
WaitForSingleObject
HeapDestroy
GetFileAttributesW
GetLocalTime
GetCurrentProcess
GetDriveTypeW
LocalAlloc
GetFileInformationByHandle
GetLocaleInfoW
GetFileTime
GetTempPathA
GetCPInfo
GetTempPathW
HeapReAlloc
LocalFree
FormatMessageW
ResumeThread
GetEnvironmentVariableA
GlobalHandle
FindClose
MoveFileW
SetLastError
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
lstrcmpiW
MultiByteToWideChar
GetPrivateProfileStringW
GetModuleHandleA
GetSystemDirectoryW
GetExitCodeThread
TerminateProcess
GlobalAlloc
SetEndOfFile
GetVersion
HeapFree
SetHandleCount
LoadLibraryW
SetEvent
QueryPerformanceCounter
GetTickCount
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
DeleteFileA
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetTempFileNameW
ExpandEnvironmentStringsW
GetTimeFormatA
GetTempFileNameA
FindFirstFileW
DuplicateHandle
GetProcAddress
CreateEventW
CreateFileW
GetFileType
CreateFileA
HeapAlloc
GetLastError
GetSystemInfo
lstrlenA
GlobalFree
OpenEventW
GlobalUnlock
lstrlenW
VirtualFree
FileTimeToLocalFileTime
WideCharToMultiByte
GetCommandLineA
QueryPerformanceFrequency
SetFilePointer
ReadFile
CloseHandle
GlobalLock
GetModuleHandleW
HeapCreate
WriteFile
CreateProcessW
Sleep
VirtualAlloc
ResetEvent
SystemParametersInfoA
SetTimer
LoadCursorA
GetParent
UpdateWindow
SendMessageA
GetMenuItemCount
LoadStringA
PostMessageA
CharUpperW
wsprintfA
KillTimer
IsCharUpperW
GetDlgItem
ReleaseDC
GetDC
SetCursor
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:12:25 03:56:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1d60

InitializedDataSize
1057792

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 41126d943d5d128c49d93efab9f65516
SHA1 fe0ce999a55bdb6375e41ee1c18e6bde324725a1
SHA256 9fb56afef028a9a8e4a60b81b672afa3ffd11245717bce95152e795761ee91bc
ssdeep
12288:ri94bywx1Dj5+h7ZCn0P5T7lHDbIi9dszYjN5HbPiLsptcyx7tbFEujtg0O:rHx13SZW0x5j5dsYnHeYpuyx7tx/tg0O

authentihash 77a1bd33c1d8abdb46d1f33921949e66cd4ad185982a25e0ef29f2b249df71b4
imphash 3b9f5e2b746b16b02bbab920aa513e18
File size 1.0 MB ( 1070344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-12-25 04:37:13 UTC ( 3 months ago )
Last submission 2018-12-26 03:01:29 UTC ( 3 months ago )
File names csrss.exe
csrss.exe
sserv.jpg
csrss.exe
output.114775238.txt
output.114779947.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections