× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d0983a72998e2d0601144055f685c7f8d86b874fa612b9644719b5a7ad1c3cfe
File name: msg.jpg
Detection ratio: 43 / 64
Analysis date: 2019-03-01 01:51:36 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Gen:Variant.Razy.467146 20190228
AhnLab-V3 Trojan/Win32.RansomCrypt.C3032815 20190228
ALYac Trojan.Ransom.Shade 20190301
Antiy-AVL RiskWare[NetTool]/Win32.TorJok 20190301
Arcabit Trojan.Razy.D720CA 20190228
Avast Win32:Trojan-gen 20190228
AVG Win32:Trojan-gen 20190228
Avira (no cloud) TR/Crypt.Agent.nbsdy 20190301
BitDefender Gen:Variant.Razy.467146 20190228
Comodo Malware@#35l826uqxgtl3 20190301
CrowdStrike Falcon (ML) win/malicious_confidence_90% (W) 20190212
Cybereason malicious.63c832 20190109
DrWeb Trojan.Encoder.858 20190228
eGambit PE.Heur.InvalidSig 20190301
Emsisoft Gen:Variant.Razy.467146 (B) 20190228
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.GPXP 20190301
Fortinet W32/Kryptik.GOJP!tr.ransom 20190228
GData Gen:Variant.Razy.467146 20190228
Sophos ML heuristic 20181128
Jiangmin Trojan.Shade.qr 20190301
K7AntiVirus Trojan ( 0054830c1 ) 20190301
K7GW Trojan ( 0054830c1 ) 20190228
Kaspersky Trojan-Ransom.Win32.Shade.pqy 20190228
Malwarebytes Ransom.Troldesh 20190228
MAX malware (ai score=100) 20190301
McAfee GenericRXHA-JM!4206CBDB5736 20190301
McAfee-GW-Edition GenericRXHA-JM!4206CBDB5736 20190228
Microsoft Ransom:Win32/Troldesh.A 20190301
eScan Gen:Variant.Razy.467146 20190301
NANO-Antivirus Trojan.Win32.Kryptik.fnhnbz 20190301
Panda Trj/Genetic.gen 20190228
Qihoo-360 Win32/Trojan.7ee 20190301
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Cerber-K 20190228
Symantec Downloader 20190228
Tencent Win32.Trojan.Shade.Oyok 20190301
VBA32 BScope.Malware-Cryptor.Winlock.2014 20190228
ViRobot Trojan.Win32.S.Ransom.1441992.A 20190301
Webroot W32.Trojan.Gen 20190301
Yandex Trojan.Kryptik!Hc/WUaeq6k0 20190228
ZoneAlarm by Check Point Trojan-Ransom.Win32.Shade.pqy 20190228
AegisLab 20190301
Alibaba 20180921
Avast-Mobile 20190228
Babable 20180918
Baidu 20190215
Bkav 20190228
CAT-QuickHeal 20190228
ClamAV 20190228
CMC 20190228
Cyren 20190301
F-Prot 20190228
F-Secure 20190301
Ikarus 20190228
Kingsoft 20190301
SUPERAntiSpyware 20190227
Symantec Mobile Insight 20190220
TACHYON 20190301
TheHacker 20190225
TotalDefense 20190228
Trustlook 20190301
VIPRE 20190228
Zoner 20190228
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification The digital signature of the object did not verify.
Signing date 11:39 PM 3/1/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-21 00:18:16
Entry Point 0x001427D0
Number of sections 3
PE sections
Overlays
MD5 3cede7c637ad1d8de22630a062206295
File type data
Offset 1439232
Size 2760
Entropy 7.39
PE imports
RegQueryValueExW
SetMapMode
TextOutW
SaveDC
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetTextColor
ExtTextOutW
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
PtVisible
ScaleViewportExtEx
SelectObject
SetWindowExtEx
SetViewportExtEx
Escape
SetBkColor
DeleteObject
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
WaitForSingleObject
HeapDestroy
SignalObjectAndWait
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
SetErrorMode
GetLocaleInfoW
WideCharToMultiByte
GetDiskFreeSpaceW
InterlockedExchange
WriteFile
SetEvent
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
GetFullPathNameW
GetCurrentThread
GetEnvironmentVariableW
SetLastError
InterlockedDecrement
GlobalFindAtomW
WriteProcessMemory
OutputDebugStringW
GetModuleFileNameW
ExitProcess
EnumCalendarInfoA
InterlockedExchangeAdd
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FlushInstructionCache
GetPrivateProfileStringW
GetModuleHandleA
SetFileAttributesW
GlobalAddAtomW
CreateThread
GetExitCodeThread
MulDiv
ExitThread
WaitForMultipleObjectsEx
TerminateProcess
SearchPathW
VirtualQuery
VirtualQueryEx
SetEndOfFile
GetVersion
InterlockedIncrement
EnterCriticalSection
LoadLibraryW
GetVersionExW
FreeLibrary
GetTickCount
VirtualProtect
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
OpenProcess
GetDateFormatW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetTempFileNameW
CompareStringW
lstrcpyW
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
CreateEventW
CreateFileW
TlsSetValue
GetCurrentThreadId
LeaveCriticalSection
GetLastError
GlobalDeleteAtom
VirtualAllocEx
GetSystemInfo
FindResourceW
GetThreadLocale
lstrlenW
WinExec
CreateProcessW
SwitchToThread
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
InterlockedCompareExchange
WritePrivateProfileStringW
lstrcpynW
RaiseException
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FreeResource
FileTimeToLocalFileTime
HeapCreate
GetTempPathW
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
CompareStringA
RedrawWindow
CreateDialogIndirectParamW
DrawTextExW
GetScrollInfo
PostQuitMessage
SetClassLongW
FindWindowW
GetProcessDefaultLayout
TrackMouseEvent
ClipCursor
GetMessageW
GetDoubleClickTime
SetDlgItemInt
SetScrollPos
DestroyIcon
SetMenu
SetWindowPlacement
GetDC
DrawIcon
DialogBoxParamW
IntersectRect
AppendMenuW
DestroyCursor
TranslateMessage
GetAsyncKeyState
GetDlgItemInt
CheckDlgButton
DispatchMessageW
GetCursorPos
UpdateLayeredWindow
GetDlgCtrlID
GetIconInfo
LoadAcceleratorsW
GetMenu
LoadStringA
GetClassLongW
GetWindowPlacement
UnregisterClassW
BringWindowToTop
UnionRect
EnableMenuItem
ClientToScreen
DeleteMenu
PeekMessageW
DrawFocusRect
NotifyWinEvent
GetTopWindow
IsDlgButtonChecked
CreateAcceleratorTableW
GetWindowTextW
DragDetect
GetDesktopWindow
IsRectEmpty
LoadIconW
GetWindowTextLengthW
SetScrollInfo
InsertMenuW
SetForegroundWindow
InvalidateRgn
GetMenuStringW
ScrollWindowEx
TranslateAcceleratorW
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2019:02:21 01:18:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1321472

LinkerVersion
2.5

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1427d0

InitializedDataSize
117248

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 4206cbdb57360b292a78a197338b5f7b
SHA1 4e95de363c8325770d2879a284a122914b584db4
SHA256 d0983a72998e2d0601144055f685c7f8d86b874fa612b9644719b5a7ad1c3cfe
ssdeep
24576:H6Hur/I2SLperNAQijFHmuBDxzDUwgdz8kOZNFm:HyuI2SlerNAQgFHmyiwgKv4

authentihash 3492f546346d00e3fef849af42479b9c89f424887d2f61b5f7744ad84a9bba1c
imphash 06bea5f7a92408c8932819e38c0bb4c1
File size 1.4 MB ( 1441992 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (46.0%)
Windows screen saver (21.8%)
Win32 Dynamic Link Library (generic) (10.9%)
Win32 Executable (generic) (7.5%)
Win16/32 Executable Delphi generic (3.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-02-21 01:53:32 UTC ( 1 month, 3 weeks ago )
Last submission 2019-02-21 20:46:04 UTC ( 1 month, 3 weeks ago )
File names csrss.exe
csrss.exe
csrss.exe
d0983a72998e2d0601144055f685c7f8d86b874fa612b9644719b5a7ad1c3cfe.exe
msg.jpg
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications