× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fb0ae9197d638fbaaa58426b07044f244346d8963b4ca5395b4fa28746a0ef56
File name: sserv.jpg
Detection ratio: 18 / 70
Analysis date: 2018-12-22 10:59:09 UTC ( 3 months ago ) View latest
Antivirus Result Update
Acronis malware 20180726
Avast FileRepMalware 20181222
AVG FileRepMalware 20181222
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cylance Unsafe 20181222
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.DHG 20181222
Fortinet W32/Kryptik.GJCI!tr 20181222
Ikarus Trojan-Ransom.Crypted007 20181221
Sophos ML heuristic 20181128
Kaspersky UDS:DangerousObject.Multi.Generic 20181222
Microsoft Ransom:Win32/Troldesh.A 20181222
Palo Alto Networks (Known Signatures) generic.ml 20181222
Qihoo-360 HEUR/QVM20.1.08AD.Malware.Gen 20181222
Rising Malware.Heuristic!ET#82% (RDM+:cmRtazprHFx6B16hGnrNvugG1tv8) 20181222
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181222
Trapmine malicious.high.ml.score 20181205
Ad-Aware 20181222
AegisLab 20181222
AhnLab-V3 20181221
Alibaba 20180921
ALYac 20181222
Antiy-AVL 20181222
Arcabit 20181222
Avast-Mobile 20181222
Avira (no cloud) 20181222
Babable 20180918
Baidu 20181207
BitDefender 20181222
Bkav 20181221
CAT-QuickHeal 20181221
ClamAV 20181222
CMC 20181221
Comodo 20181222
Cybereason 20180225
Cyren 20181222
DrWeb 20181222
eGambit 20181222
Emsisoft 20181222
F-Prot 20181222
GData 20181222
Jiangmin 20181222
K7AntiVirus 20181222
K7GW 20181222
Kingsoft 20181222
Malwarebytes 20181222
MAX 20181222
McAfee 20181222
McAfee-GW-Edition 20181222
eScan 20181222
NANO-Antivirus 20181222
Panda 20181222
Sophos AV 20181222
SUPERAntiSpyware 20181220
Symantec Mobile Insight 20181215
TACHYON 20181222
Tencent 20181222
TheHacker 20181220
TotalDefense 20181222
TrendMicro 20181222
TrendMicro-HouseCall 20181222
Trustlook 20181222
VBA32 20181221
VIPRE 20181221
ViRobot 20181222
Webroot 20181222
Yandex 20181221
Zillya 20181219
ZoneAlarm by Check Point 20181222
Zoner 20181222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2016

Original name 360realpro.exe
Internal name 360realpro.exe
File version 8,8,0,1000
Signature verification The digital signature of the object did not verify.
Signing date 5:57 PM 3/13/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-22 08:22:37
Entry Point 0x00001CF0
Number of sections 4
PE sections
Overlays
MD5 1de391aacd145ac81acc92d97832e0c3
File type data
Offset 1521152
Size 3336
Entropy 7.34
PE imports
RegDeleteKeyA
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyA
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExA
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExA
RegDeleteKeyW
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExW
GetSaveFileNameW
GetOpenFileNameW
SetMetaRgn
GetTextMetricsW
Polygon
CreateFontIndirectW
PatBlt
GdiDeleteSpoolFileHandle
EngTransparentBlt
PATHOBJ_vEnumStart
CreateFontIndirectA
GdiPlayJournal
CreateRectRgnIndirect
ExtTextOutW
GetLayout
GetObjectA
ExcludeClipRect
GetMetaFileBitsEx
GdiPlayPrivatePageEMF
RestoreDC
SetBkMode
CreateBitmap
GetMetaFileA
GetRegionData
GetObjectW
BitBlt
CreateDIBSection
CreateCompatibleBitmap
GetCharacterPlacementA
SetTextColor
STROBJ_vEnumStart
CreatePatternBrush
GetDeviceCaps
CreateMetaFileA
EnableEUDC
SetDIBitsToDevice
MoveToEx
CLIPOBJ_bEnum
GetStockObject
GetCharWidthInfo
SetRelAbs
GetDIBits
RemoveFontResourceTracking
CreateCompatibleDC
GetTextAlign
GdiEndPageEMF
FONTOBJ_pQueryGlyphAttrs
EudcLoadLinkW
SetBrushOrgEx
DeleteDC
GdiEntry9
SelectObject
GetTextExtentPoint32A
DeleteObject
FONTOBJ_cGetAllGlyphHandles
GdiRealizationInfo
CreateSolidBrush
CreateHatchBrush
GetStringBitmapW
SetBkColor
XFORMOBJ_bApplyXform
GetTextExtentPoint32W
EngDeletePalette
DeleteMetaFile
GetGraphicsMode
GetPrivateProfileSectionNamesA
GetStdHandle
GetDriveTypeW
ReleaseMutex
InterlockedPopEntrySList
GetFileAttributesA
WaitForSingleObject
EncodePointer
GetFileAttributesW
DuplicateHandle
VerifyVersionInfoW
DeleteCriticalSection
GetCurrentProcess
FileTimeToDosDateTime
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
ExpandEnvironmentStringsA
_llseek
FreeEnvironmentStringsW
lstrcatW
FileTimeToSystemTime
GetLocaleInfoW
SetStdHandle
GetFileTime
GetTempPathA
WideCharToMultiByte
GetProcAddress
InterlockedExchange
GetTempPathW
FormatMessageW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
GetProfileIntW
GetExitCodeProcess
InterlockedPushEntrySList
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
SetLastError
PeekNamedPipe
DeviceIoControl
InterlockedDecrement
LocalLock
GetNamedPipeInfo
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
RemoveDirectoryA
lstrcmpiW
VerSetConditionMask
HeapSetInformation
GetPriorityClass
LoadLibraryExA
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
FlushInstructionCache
GetModuleHandleA
CreateSemaphoreA
CreateThread
GetPrivateProfileSectionA
GetSystemDirectoryW
CreatePipe
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
FindAtomW
SetCalendarInfoW
GlobalAlloc
GetDiskFreeSpaceExW
CreateEventW
GetCurrentThreadId
InterlockedIncrement
GetNumberFormatW
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GlobalSize
GetStartupInfoA
DosDateTimeToFileTime
GetFileSize
DeleteFileA
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetProcessHeap
GetTempFileNameW
CompareStringW
lstrcpyW
GetModuleFileNameW
FindNextFileW
ResetEvent
GetTempFileNameA
FindFirstFileW
IsValidLocale
lstrcmpW
GetUserDefaultLCID
GetModuleFileNameA
GetTimeZoneInformation
CreateFileW
CopyFileA
GetFileType
TlsSetValue
ExitProcess
LocalUnlock
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
VirtualAllocEx
lstrlenA
GetConsoleCP
FindResourceW
GetConsoleAliasExesW
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
WinExec
CreateProcessW
FileTimeToLocalFileTime
SizeofResource
CompareFileTime
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
InterlockedCompareExchange
lstrcpynW
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
EnumSystemLocalesA
GetACP
GlobalLock
GetModuleHandleW
GetFileAttributesExW
CreateProcessA
IsValidCodePage
HeapCreate
WriteFile
VirtualFree
Sleep
SetComputerNameExW
VirtualAlloc
CompareStringA
SHGetFolderPathW
CheckEscapesW
ExtractIconW
DragQueryFileW
SHBrowseForFolderW
SHFormatDrive
SHGetDesktopFolder
ShellExecuteW
SHGetPathFromIDListW
DragQueryPoint
DragFinish
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetFolderPathA
SHGetSpecialFolderPathW
SHGetMalloc
ShellExecuteA
FindExecutableA
RedrawWindow
GetMessagePos
LoadBitmapW
SetRectEmpty
EnumWindowStationsW
PostQuitMessage
GetForegroundWindow
DrawStateW
SetWindowPos
IsWindow
EndPaint
OpenWindowStationW
WindowFromPoint
AppendMenuW
GetMessageTime
SetMenuItemInfoW
GetDC
GetCursorPos
ReleaseDC
SendMessageW
UnregisterClassA
SendMessageA
GetClientRect
DefWindowProcW
SetMenuDefaultItem
EnumDisplaySettingsA
IsClipboardFormatAvailable
LoadImageW
ClientToScreen
GetActiveWindow
GetWindowTextW
SetDlgItemTextW
GetWindowTextLengthW
LoadAcceleratorsW
DestroyMenu
DrawTextW
GetKeyState
PtInRect
DrawEdge
GetParent
UpdateWindow
CheckRadioButton
GetMessageW
ShowWindow
DrawFrameControl
IMPGetIMEW
PeekMessageW
EnableWindow
CallNextHookEx
GetSystemMenu
ScrollDC
TranslateMessage
IsWindowEnabled
GetWindow
LoadStringA
SetClipboardData
IsZoomed
GetWindowPlacement
LoadStringW
GetKeyboardLayoutList
IsIconic
OpenDesktopA
TrackPopupMenuEx
GetWindowLongA
SetTimer
IsDialogMessageW
FillRect
GetSysColorBrush
IsWindowUnicode
CreateWindowExW
GetWindowLongW
GetMenuItemInfoW
MapWindowPoints
RegisterWindowMessageW
PostMessageA
BeginPaint
OffsetRect
SetFocus
DrawIcon
CopyIcon
KillTimer
TrackMouseEvent
CheckMenuRadioItem
DrawFocusRect
GetClipboardData
GetClassInfoExW
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
CharLowerW
SetWindowLongA
SendDlgItemMessageW
PostMessageW
CheckDlgButton
CreateDialogParamW
CreatePopupMenu
CheckMenuItem
GetSubMenu
SetWindowTextW
GetDlgItem
ScreenToClient
LoadCursorA
LoadIconA
GetMenuItemCount
IsDlgButtonChecked
GetDesktopWindow
SetWindowsHookExW
LoadCursorW
LoadIconW
FindWindowExW
DispatchMessageW
InsertMenuW
OpenClipboard
GetAsyncKeyState
EndDialog
GetCapture
FindWindowA
MessageBeep
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
BeginDeferWindowPos
MessageBoxW
GetMenu
DestroyIcon
RegisterClassExW
SetMenu
MoveWindow
DialogBoxParamW
GetCursor
GetWindowDC
DestroyCursor
GetSysColor
RegisterClipboardFormatW
RegisterClassExA
EndDeferWindowPos
EnableMenuItem
IsWindowVisible
SystemParametersInfoW
FrameRect
InvalidateRect
CharNextW
CallWindowProcW
GetClassNameW
DestroyWindow
ModifyMenuW
CallWindowProcA
IsMenu
GetFocus
wsprintfW
CloseClipboard
GetDlgItemTextW
SetCursor
UnhookWindowsHookEx
TranslateAcceleratorW
OleUninitialize
CoTaskMemAlloc
CoLockObjectExternal
ReleaseStgMedium
CoTaskMemRealloc
CoCreateInstance
DoDragDrop
RevokeDragDrop
CoTaskMemFree
RegisterDragDrop
OleInitialize
Number of PE resources by type
RT_ICON 17
RT_RCDATA 2
RT_GROUP_ICON 2
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 23
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
8.8.0.1000

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
1511936

EntryPoint
0x1cf0

OriginalFileName
360realpro.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2016

FileVersion
8,8,0,1000

TimeStamp
2018:12:22 09:22:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
360realpro.exe

ProductVersion
8,8,0,1000

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
8704

FileSubtype
0

ProductVersionNumber
8.8.0.1000

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 1f8253d25439ff26273733a7c4959547
SHA1 eb095eb2fcdf05095df98cd5130b3d6af72480e1
SHA256 fb0ae9197d638fbaaa58426b07044f244346d8963b4ca5395b4fa28746a0ef56
ssdeep
12288:oSAdGr3TGpnASdmaBjVIA5d5RQ410xF/3a3likkUfQm8iOvWUJdlMuVqQ2xWV0e4:HxrTSzBjVIA5y44slKUINeqdJ2MWVpX

authentihash 23e51be7c91fb842ec62ccd69c9f5647e158bfd435988ee5ada375bf3af15986
imphash 0185e3f7825a5afd929f6f57048652b9
File size 1.5 MB ( 1524488 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (50.8%)
Windows screen saver (21.3%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-12-22 10:59:09 UTC ( 3 months ago )
Last submission 2018-12-22 14:32:56 UTC ( 3 months ago )
File names 360realpro.exe
output.114770246.txt
csrss.exe
sserv.jpg
csrss.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections