Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.19 02:09
66ea645129e6a_jacobs.exe
09.19 11:09
clip64.dll
09.19 11:09
cred64.dll
09.19 10:09
vsfdajg16.exe
09.19 10:09
QuickBooks_Setup.msi
09.19 10:09
QuickBooks_Desktop_Set...
09.19 10:09
game.exe
09.19 10:09
vlsadg.exe
09.19 10:09
lnfsda.exe
09.19 10:09
66eaadab755d2_installs...

Latest News
09.20 03:09
Bridge Detection Gaps ...
09.20 03:09
02 - Performing Basic ...
09.20 03:09
Exploiting Exchange Po...
09.20 03:09
KI in Hollywood: Wie L...
09.20 03:09
Google: PIN-Schutz für...
09.20 03:09
Chrome-Update für Work...
09.20 03:09
Attacker or IT admin? ...
09.20 03:09
EU’s Von der Leyen Ple...
09.20 02:09
Threat Intelligence Sn...
09.20 02:09
Compliance webinar ser...

Summary | ZeroBOX

csrss.exe

Generic Malware PE32 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 24, 2021, 9:14 a.m.	June 24, 2021, 9:42 a.m.

Size	128.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4a97041b159dda7634334d01619fac94`
SHA256	`67e83af6282dac6c860ce6cba06461848fac1841bf7f05feeda727fe722029e9`
CRC32	`690210AF`
ssdeep	`1536:EwbIYEQ7ZbF7hL28c3s3bi9NrAuWhmkOeE7IbuTZ3r0lneQpuO:EwbhEQnh4Ei9NrAVhmMS93wx`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.217.25.14	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Communicates with host for which no DNS query was performed (1 event)

host

172.217.25.14

File has been identified by 14 AntiVirus engines on VirusTotal as malicious (14 events)

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
APEX	Malicious
Kaspersky	UDS:DangerousObject.Multi.Generic
Paloalto	generic.ml
McAfee-GW-Edition	BehavesLike.Win32.Trojan.ch
FireEye	Generic.mg.4a97041b159dda76
SentinelOne	Static AI - Suspicious PE
Microsoft	Program:Win32/Wacapew.C!ml
McAfee	Artemis!4A97041B159D
BitDefenderTheta	Gen:NN.ZevbaF.34758.im0@aCHb4ili
CrowdStrike	win/malicious_confidence_100% (W)