popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

csrss.exe

Malicious Library Antivirus UPX Malicious Packer PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 2, 2024, 7:42 a.m. July 2, 2024, 7:51 a.m.
Size 2.5MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 a273d142217177ab8013d6ebeafbc22f
SHA256 3cb485a769f6e92536f586f2873bd6a4d8fb5b106773ac0a16a534ef351c0bf1
CRC32 0E20A74E
ssdeep 49152:zF50a6aPVOFMx3SmroCZscivbS6mqxEWoKmqZJffp3vSsqPUYeaw1GxNOmUTREvS:nroA7PFdUC
PDB Path pÔÒ¦¼Åý¼f¿ZFéu}Ó(Ó0lÒi ÑÌ|,5šóÄ[Êé챏>{ñfâÁ5åjw:´¶MÛ×/'‚3|Fꙇ„BÛϲn
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • Antivirus - Contains references to security software
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
pdb_path pÔÒ¦¼Åý¼f¿ZFéu}Ó(Ó0lÒi ÑÌ|,5šóÄ[Êé챏>{ñfâÁ5åjw:´¶MÛ×/'‚3|Fꙇ„BÛϲn
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .managed
section hydrated
resource name BINARY
section {u'size_of_data': u'0x00079400', u'virtual_address': u'0x00264000', u'entropy': 7.999407214791069, u'name': u'.rsrc', u'virtual_size': u'0x000792f0'} entropy 7.99940721479 description A section with a high entropy has been found