csrss[.]exe[.]7z

General

Target

csrss.exe.7z
Size

22KB
MD5

27bdf5778b160afb6ef7369eff8b704e
SHA1

6310f1437f28d6f8b3bcf93fc1ad8e578628396d
SHA256

4368e594f35a212fa9d375622671c8e6fbd026551647ae22d1bc8c2d65ae7a48
SHA512

35821831f912150f1b235308d30e5f7f236972fd78638b0203c9db89c97b6396453c822e8b92d00924b5fecf1bd46267e8cb3fc339eb6acb13ad83292ccae246
SSDEEP

384:PeX62US2ktnvAg5jrHkHqYWHN5inNi12xn0nFyH29pYL4tUyhdp4FspPMHCSr0Mt:2K81HgjQN0NTn0nkL4tUyEcPEz+aj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/csrss.exe

Files

csrss.exe.7z
.7z

Password: infected
csrss.exe
.exe windows x86

Password: infected

fb691caab6941b1a672a2276ba2100ec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaPut3
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
ord518
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaForEachCollObj
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarTstLt
_CIsin
ord709
ord632
__vbaNextEachCollObj
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
ord529
__vbaVarTstEq
__vbaI2I4
__vbaObjVar
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaInStr
ord648
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaVarSetObj
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaLateMemCall
__vbaVarDup
__vbaStrToAnsi
__vbaVarCopy
ord616
ord617
_CIatan
__vbaStrMove
__vbaCastObj
ord619
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

fb691caab6941b1a672a2276ba2100ec

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 144KB - Virtual size: 141KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 28KB - Virtual size: 104KB

.text
Size: 144KB - Virtual size: 141KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 28KB - Virtual size: 104KB