ScreenShot
| Created | 2022.01.19 14:04 | Machine | s1_win7_x6401 |
| Filename | .csrss.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 24 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, ZexaF, sqW@aSgc7sje, Kryptik, Eldorado, Attribute, HighConfidence, Convagent, A + Mal, Sabsik, 1RR0I6, score, BScope, ET#88%, RDMK, cmRtazqAjLLphBu3VOKQgq8DpSgd, Static AI, Suspicious PE, GenKryptik, ERHN, confidence, 100%) | ||
| md5 | fb21dbd40d32aad4ee6d1ddbc35a84ba | ||
| sha256 | 4b9031dcd9d84f5784d0bbafdfb7a4a25c1c3251fb9523bd0f4101cb045b6b41 | ||
| ssdeep | 3072:IcugwheSZP8qXJW1BefESYyA6DRjU43xBi/154unyfVggjcGkNIVqI:IFgwjZPvJW1BexNAKRjz3xAf5E7ITsq | ||
| imphash | 83f26d2c85df5b461fefefa1db9ec0a1 | ||
| impfuzzy | 24:ORbG2S19kckrAkrkRofIWtDZTFrWD6x42LOovEG/5l2cfwCeJ36yvuplOFQ8OT4E:91m3PfIc/H6VG/OcfMjKrcB2 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x414008 SetFilePointer
0x41400c SetComputerNameExA
0x414010 VirtualQuery
0x414014 GetDefaultCommConfigW
0x414018 FindResourceExW
0x41401c InterlockedIncrement
0x414020 ReadConsoleA
0x414024 GetConsoleAliasA
0x414028 SleepEx
0x41402c GetConsoleAliasesA
0x414030 GetConsoleAliasesLengthA
0x414034 GlobalAlloc
0x414038 AssignProcessToJobObject
0x41403c GetFileAttributesA
0x414040 DnsHostnameToComputerNameW
0x414044 GetTimeFormatW
0x414048 GetAtomNameW
0x41404c EnumSystemLocalesA
0x414050 GetStdHandle
0x414054 GetProcAddress
0x414058 GetLongPathNameA
0x41405c VirtualAlloc
0x414060 UnhandledExceptionFilter
0x414064 GetModuleFileNameA
0x414068 SetConsoleTitleW
0x41406c GetModuleHandleA
0x414070 SetLocaleInfoW
0x414074 GetStringTypeW
0x414078 GetConsoleTitleW
0x41407c WriteProfileStringW
0x414080 GetFileTime
0x414084 GetVersionExA
0x414088 ReadConsoleInputW
0x41408c CreateThread
0x414090 GetOverlappedResult
0x414094 GetComputerNameA
0x414098 HeapAlloc
0x41409c MultiByteToWideChar
0x4140a0 GetModuleHandleW
0x4140a4 Sleep
0x4140a8 ExitProcess
0x4140ac GetCommandLineA
0x4140b0 GetStartupInfoA
0x4140b4 RaiseException
0x4140b8 RtlUnwind
0x4140bc TerminateProcess
0x4140c0 GetCurrentProcess
0x4140c4 SetUnhandledExceptionFilter
0x4140c8 IsDebuggerPresent
0x4140cc GetLastError
0x4140d0 HeapFree
0x4140d4 DeleteCriticalSection
0x4140d8 LeaveCriticalSection
0x4140dc EnterCriticalSection
0x4140e0 VirtualFree
0x4140e4 HeapReAlloc
0x4140e8 HeapCreate
0x4140ec WriteFile
0x4140f0 GetCPInfo
0x4140f4 InterlockedDecrement
0x4140f8 GetACP
0x4140fc GetOEMCP
0x414100 IsValidCodePage
0x414104 TlsGetValue
0x414108 TlsAlloc
0x41410c TlsSetValue
0x414110 TlsFree
0x414114 SetLastError
0x414118 GetCurrentThreadId
0x41411c SetHandleCount
0x414120 GetFileType
0x414124 CloseHandle
0x414128 LoadLibraryA
0x41412c InitializeCriticalSectionAndSpinCount
0x414130 FreeEnvironmentStringsA
0x414134 GetEnvironmentStrings
0x414138 FreeEnvironmentStringsW
0x41413c WideCharToMultiByte
0x414140 GetEnvironmentStringsW
0x414144 QueryPerformanceCounter
0x414148 GetTickCount
0x41414c GetCurrentProcessId
0x414150 GetSystemTimeAsFileTime
0x414154 LCMapStringA
0x414158 LCMapStringW
0x41415c GetStringTypeA
0x414160 GetLocaleInfoA
0x414164 CreateFileA
0x414168 ReadFile
0x41416c SetStdHandle
0x414170 GetConsoleCP
0x414174 GetConsoleMode
0x414178 FlushFileBuffers
0x41417c HeapSize
0x414180 SetEndOfFile
0x414184 GetProcessHeap
0x414188 WriteConsoleA
0x41418c GetConsoleOutputCP
0x414190 WriteConsoleW
ADVAPI32.dll
0x414000 ReportEventA
EAT(Export Address Table) is none
KERNEL32.dll
0x414008 SetFilePointer
0x41400c SetComputerNameExA
0x414010 VirtualQuery
0x414014 GetDefaultCommConfigW
0x414018 FindResourceExW
0x41401c InterlockedIncrement
0x414020 ReadConsoleA
0x414024 GetConsoleAliasA
0x414028 SleepEx
0x41402c GetConsoleAliasesA
0x414030 GetConsoleAliasesLengthA
0x414034 GlobalAlloc
0x414038 AssignProcessToJobObject
0x41403c GetFileAttributesA
0x414040 DnsHostnameToComputerNameW
0x414044 GetTimeFormatW
0x414048 GetAtomNameW
0x41404c EnumSystemLocalesA
0x414050 GetStdHandle
0x414054 GetProcAddress
0x414058 GetLongPathNameA
0x41405c VirtualAlloc
0x414060 UnhandledExceptionFilter
0x414064 GetModuleFileNameA
0x414068 SetConsoleTitleW
0x41406c GetModuleHandleA
0x414070 SetLocaleInfoW
0x414074 GetStringTypeW
0x414078 GetConsoleTitleW
0x41407c WriteProfileStringW
0x414080 GetFileTime
0x414084 GetVersionExA
0x414088 ReadConsoleInputW
0x41408c CreateThread
0x414090 GetOverlappedResult
0x414094 GetComputerNameA
0x414098 HeapAlloc
0x41409c MultiByteToWideChar
0x4140a0 GetModuleHandleW
0x4140a4 Sleep
0x4140a8 ExitProcess
0x4140ac GetCommandLineA
0x4140b0 GetStartupInfoA
0x4140b4 RaiseException
0x4140b8 RtlUnwind
0x4140bc TerminateProcess
0x4140c0 GetCurrentProcess
0x4140c4 SetUnhandledExceptionFilter
0x4140c8 IsDebuggerPresent
0x4140cc GetLastError
0x4140d0 HeapFree
0x4140d4 DeleteCriticalSection
0x4140d8 LeaveCriticalSection
0x4140dc EnterCriticalSection
0x4140e0 VirtualFree
0x4140e4 HeapReAlloc
0x4140e8 HeapCreate
0x4140ec WriteFile
0x4140f0 GetCPInfo
0x4140f4 InterlockedDecrement
0x4140f8 GetACP
0x4140fc GetOEMCP
0x414100 IsValidCodePage
0x414104 TlsGetValue
0x414108 TlsAlloc
0x41410c TlsSetValue
0x414110 TlsFree
0x414114 SetLastError
0x414118 GetCurrentThreadId
0x41411c SetHandleCount
0x414120 GetFileType
0x414124 CloseHandle
0x414128 LoadLibraryA
0x41412c InitializeCriticalSectionAndSpinCount
0x414130 FreeEnvironmentStringsA
0x414134 GetEnvironmentStrings
0x414138 FreeEnvironmentStringsW
0x41413c WideCharToMultiByte
0x414140 GetEnvironmentStringsW
0x414144 QueryPerformanceCounter
0x414148 GetTickCount
0x41414c GetCurrentProcessId
0x414150 GetSystemTimeAsFileTime
0x414154 LCMapStringA
0x414158 LCMapStringW
0x41415c GetStringTypeA
0x414160 GetLocaleInfoA
0x414164 CreateFileA
0x414168 ReadFile
0x41416c SetStdHandle
0x414170 GetConsoleCP
0x414174 GetConsoleMode
0x414178 FlushFileBuffers
0x41417c HeapSize
0x414180 SetEndOfFile
0x414184 GetProcessHeap
0x414188 WriteConsoleA
0x41418c GetConsoleOutputCP
0x414190 WriteConsoleW
ADVAPI32.dll
0x414000 ReportEventA
EAT(Export Address Table) is none