× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c80df024a87872e53a1df50061079e2e973673c68fc81dbdfd79d989dd8212b5
File name: csrss(103).gxe
Detection ratio: 32 / 70
Analysis date: 2019-01-24 14:38:51 UTC ( 2 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31574763 20190124
Arcabit Trojan.Generic.D1E1CAEB 20190124
Avast Win32:Trojan-gen 20190124
AVG Win32:Trojan-gen 20190124
BitDefender Trojan.GenericKD.31574763 20190124
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181023
Cylance Unsafe 20190124
DrWeb Trojan.Encoder.858 20190124
Emsisoft Trojan-Ransom.Shade (A) 20190124
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Filecoder.Shade.A 20190124
F-Secure Trojan.GenericKD.31574763 20190124
Fortinet W32/Kryptik.GOUT!tr.ransom 20190124
GData Win32.Trojan-Ransom.Shade.OKV1ZZ 20190124
Ikarus Trojan.Win32.Krypt 20190124
Kaspersky UDS:DangerousObject.Multi.Generic 20190124
Malwarebytes Ransom.Troldesh 20190124
MAX malware (ai score=100) 20190124
McAfee Artemis!4729E1075454 20190124
McAfee-GW-Edition Artemis!Trojan 20190124
Microsoft Trojan:Win32/Azden.A!cl 20190124
eScan Trojan.GenericKD.31574763 20190124
Palo Alto Networks (Known Signatures) generic.ml 20190124
Qihoo-360 Win32/Trojan.Ransom.f3d 20190124
Rising Trojan.GenKryptik!8.AA55 (CLOUD) 20190124
SentinelOne (Static ML) static engine - malicious 20190118
Symantec ML.Attribute.HighConfidence 20190124
Trapmine malicious.high.ml.score 20190123
TrendMicro Ransom.Win32.SHADE.THOABDAI 20190124
TrendMicro-HouseCall Ransom.Win32.SHADE.THOABDAI 20190124
Webroot W32.Trojan.Gen 20190124
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190124
Acronis 20190124
AegisLab 20190124
AhnLab-V3 20190124
Alibaba 20180921
ALYac 20190124
Antiy-AVL 20190124
Avast-Mobile 20190124
Avira (no cloud) 20190124
Babable 20180918
Baidu 20190124
Bkav 20190124
CAT-QuickHeal 20190124
ClamAV 20190124
CMC 20190124
Comodo 20190124
Cybereason 20190109
Cyren 20190124
eGambit 20190124
F-Prot 20190124
Sophos ML 20181128
Jiangmin 20190124
K7AntiVirus 20190124
K7GW 20190124
Kingsoft 20190124
NANO-Antivirus 20190124
Panda 20190124
Sophos AV 20190124
SUPERAntiSpyware 20190123
TACHYON 20190124
Tencent 20190124
TheHacker 20190118
TotalDefense 20190124
Trustlook 20190124
VBA32 20190124
ViRobot 20190124
Yandex 20190124
Zillya 20190123
Zoner 20190124
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 51.1052.0.0
Description setip/Unikstall
Signature verification The digital signature of the object did not verify.
Signing date 7:35 AM 4/9/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-24 04:03:03
Entry Point 0x000021D0
Number of sections 5
PE sections
Overlays
MD5 f2b4d8b574d1078556b75e624e38c4b0
File type data
Offset 1228800
Size 3336
Entropy 7.33
PE imports
SetSecurityDescriptorOwner
RegCloseKey
RegQueryValueExA
RegCreateKeyW
OpenServiceW
DeleteService
SetSecurityDescriptorDacl
CloseServiceHandle
RegisterEventSourceW
DeregisterEventSource
RegOpenKeyExW
RegOpenKeyExA
CreateServiceW
SetServiceStatus
SetEntriesInAclW
RegSetValueExW
FreeSid
OpenSCManagerW
ReportEventW
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
SetMetaRgn
StrokePath
EndDoc
CancelDC
GetSystemPaletteUse
CreateSolidBrush
GetFontLanguageInfo
AbortDoc
RealizePalette
GetLastError
ReleaseMutex
VirtualAllocEx
LoadLibraryW
WaitForSingleObject
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
SetThreadPriority
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
WriteFileGather
GetProcAddress
InterlockedCompareExchange
GetCurrentThread
CreateHardLinkA
_lclose
GetModuleFileNameW
WritePrivateProfileStructA
GetFileAttributesA
InterlockedExchange
SetUnhandledExceptionFilter
GetCurrentProcess
EnumSystemLanguageGroupsA
GetSystemTimeAsFileTime
EnumResourceTypesW
GetModuleHandleW
SetPriorityClass
FreeLibrary
LocalFree
EnumLanguageGroupLocalesW
TerminateProcess
CreateEventW
OutputDebugStringW
OpenEventW
Sleep
SetConsoleCtrlHandler
GetCurrentThreadId
OutputDebugStringA
GetCurrentProcessId
CloseHandle
SHFormatDrive
SHCreateDirectoryExW
SHAddToRecentDocs
ExtractIconExA
ExtractIconEx
SHFileOperationW
SHGetPathFromIDListW
SHGetDiskFreeSpaceExA
SHGetDiskFreeSpaceA
ExtractIconExW
SHCreateDirectoryExA
SHInvokePrinterCommandA
SHGetDataFromIDListA
DuplicateIcon
SHPathPrepareForWriteW
SHCreateProcessAsUserW
SHLoadNonloadedIconOverlayIdentifiers
StrChrW
StrStrIA
StrRChrW
StrRChrIW
SHGetValueA
StrRStrIA
StrStrIW
StrRChrA
SHSetValueA
StrCmpIW
StrCmpNIA
PathRemoveFileSpecA
GetClassInfoExW
DefWindowProcW
GetCapture
GetClipboardOwner
GetWindowThreadProcessId
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
MessageBoxA
RegisterDeviceNotificationW
IsCharAlphaA
TranslateMessage
GetClipboardSequenceNumber
DispatchMessageW
DestroyCursor
EditWndProc
GetDoubleClickTime
LoadStringA
RegisterClassW
IsCharLowerA
GetWindowTextLengthA
IsWindowVisible
UnregisterClassW
IsCharAlphaW
GetMenuCheckMarkDimensions
SetMenuDefaultItem
SendMessageTimeoutA
CharLowerA
GetDesktopWindow
UnregisterDeviceNotification
GetDialogBaseUnits
IsMenu
CreateWindowExW
GetWindowLongW
SetForegroundWindow
GetMenuContextHelpId
DestroyWindow
CoUninitialize
Number of PE resources by type
RT_ICON 13
RT_RCDATA 5
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 18
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
1219584

ImageVersion
0.0

FileVersionNumber
51.1052.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
51.1052.0.0

TimeStamp
2019:01:24 05:03:03+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
setip/Unikstall

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
9216

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x21d0

ObjectFileType
Executable application

File identification
MD5 4729e10754540ddf55fcb581e74337c4
SHA1 e4c630ddf86858b556e743d2a0e8406fc5e4f0aa
SHA256 c80df024a87872e53a1df50061079e2e973673c68fc81dbdfd79d989dd8212b5
ssdeep
12288:XpflAzWulcKX7yKCHqknCLv/gEOF0ZV/cgtx61slrEiv/Kc9Rf8/3cwd8888888U:BlAzCEMKaMpjt02yiv/7Rf8/MwoTxBA

authentihash 56516e9b77bb7f2d7c680b2b3af7be25e88dc10a48ebc4c2eadd91df6882fd4f
imphash 52b706f9e593f5965899a4a9ea6b3440
File size 1.2 MB ( 1232136 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-01-24 04:44:53 UTC ( 2 months, 3 weeks ago )
Last submission 2019-02-22 09:27:35 UTC ( 1 month, 4 weeks ago )
File names csrss(103).gxe
mxr.pdf
output.115066311.txt
output.115076289.txt
output.115014345.txt
output.115027258.txt
output.115020742.txt
output.115152474.txt
output.115120213.txt
22067848
output.114963396.txt
output.115055660.txt
ssj.jpg
output.115066257.txt
csrss.exe
output.115007315.txt
output.115007330.txt
ssj (랜섬웨어).jpg
output.115032573.txt
csrss.exe
output.115066264.txt
output.115020744.txt
output.115066241.txt
output.115020741.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections