Resubmissions
08-10-2022 18:09
221008-wrmgtsfcek 8Static task
static1
General
-
Target
csrss.exe
-
Size
31.9MB
-
MD5
9ef9fd18ec48dd834c71999aa5fad791
-
SHA1
44f15c9408277546451f4efcf1ea0b86ddc03fa4
-
SHA256
b2bb4db1daed3f7b4a55f7dbb35eb9941496cbc35ea03abf95fc0c3187d5bc0d
-
SHA512
387b5bf8947ddfe6cc71d0956e693f6f062cf2029b0be7762599f844b13f40d60ef01daac91fef3ea310f395027ac82d923a057df9ad4dd40a650de89c15f844
-
SSDEEP
786432:l/e3pzMcwFWYHAqOsHEsduGKL6v8JBKAtiNi4Qf6/nBAOo:lawcw8YgqOsHEsEGe5JJtiQfZ
Malware Config
Signatures
Files
-
csrss.exe.exe windows x86
63611b317ad59de91aebcea6b061ff32
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
user32
wsprintfW
kernel32
SetEndOfFile
HeapReAlloc
CreateDirectoryW
SetFileTime
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
MultiByteToWideChar
Sleep
LocalFileTimeToFileTime
GetLastError
lstrcatW
DeleteFileW
CloseHandle
CreateProcessW
WideCharToMultiByte
lstrcpyW
DosDateTimeToFileTime
GetFileTime
SizeofResource
WriteFile
LockResource
LoadResource
FindResourceW
FindFirstFileW
FindNextFileW
RemoveDirectoryW
OutputDebugStringW
lstrcmpW
TerminateProcess
K32GetProcessImageFileNameW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetExitCodeProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
EncodePointer
RaiseException
SetLastError
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ReadFile
GetStdHandle
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileType
GetConsoleCP
LCMapStringW
FlushFileBuffers
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
WriteConsoleW
HeapSize
DecodePointer
Sections
.text Size: 107KB - Virtual size: 106KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 284B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 31.8MB - Virtual size: 31.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ