popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

csrss.exe

UPX Malicious Library OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Oct. 27, 2021, 10:23 a.m. Oct. 27, 2021, 10:25 a.m.
Size 236.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 24c4b3e55ca7f7cbd70f48c1f3ea3448
SHA256 a000b23522b61426cc40661c7a0d46b2e897d95c010f9496bbcd848576d64dc2
CRC32 1FB15404
ssdeep 3072:OCqElZKrjWIqMY6NHB7kHq/ZWzL/2vIu31kPcjPzzuVMO6P2+BwvHJ3/R1:zqsKrjWjM7BkSgzL/MF1bzynVP
PDB Path C:\dadomorodod xinavuya11\milokarinomiz18\c.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
162.159.129.233 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\dadomorodod xinavuya11\milokarinomiz18\c.pdb
section .powi
resource name AFX_DIALOG_LAYOUT
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1016
region_size: 61440
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00340000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1016
region_size: 110592
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00350000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x0001c600', u'virtual_address': u'0x00001000', u'entropy': 7.600020737248446, u'name': u'.text', u'virtual_size': u'0x0001c405'} entropy 7.60002073725 description A section with a high entropy has been found
entropy 0.482978723404 description Overall entropy of this PE file is high
host 162.159.129.233
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
FireEye Generic.mg.24c4b3e55ca7f7cb
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0056d16b1 )
K7GW Trojan ( 0056d16b1 )
Cybereason malicious.6d9a09
BitDefenderTheta Gen:NN.ZexaF.34236.ou0@aaz4NpbG
Cyren W32/Kryptik.FOQ.gen!Eldorado
Symantec Packed.Generic.528
ESET-NOD32 a variant of Win32/GenKryptik.FMOR
APEX Malicious
Paloalto generic.ml
Kaspersky UDS:DangerousObject.Multi.Generic
Sophos ML/PE-A + Troj/Krypt-BO
McAfee-GW-Edition BehavesLike.Win32.Generic.dh
SentinelOne Static AI - Malicious PE
Microsoft Trojan:Win32/Pwsteal.Q!bit
Cynet Malicious (score: 100)
Acronis suspicious
VBA32 BScope.Backdoor.Mokes
Malwarebytes MachineLearning/Anomalous.95%
Rising Malware.Heuristic!ET#93% (RDMK:cmRtazr+UIEi6IzIAdyGKhMFecAm)
Ikarus Trojan.Win32.Crypt
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Kryptik.FOQ!tr
CrowdStrike win/malicious_confidence_100% (W)