CRYPSERV[.]EXE

Sharing

Copy URL

Twitter E-mail

General

Target

CRYPSERV.EXE
Size

51KB
MD5

85a6662b5f12b84d599a74119f04b381
SHA1

ecef75b5dd607510d81f3917caf8372e5855150d
SHA256

2ea0bd80560ed8b6e4692336806e6449377ff35ceae4a40729d4c86ad5225229
SHA512

feac7f9142160a825e3ef7ecffaabf9c4381407fb8286770060259d6c514e9e50a129c7926cbecdadca0816bf3acac523a47759e81fb5d43ba14d9f07a791674
SSDEEP

768:eNv9kEcDqbgxodkUw/ty+JHPHnw5erMUiKRjwrFMXdlyLt92b:eN19cgW6A/tXPHFMF4wedsJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CRYPSERV.EXE

Files

CRYPSERV.EXE
.exe windows x86

e3b8bf3b6722ad43f9f70b47435ee016

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegisterServiceCtrlHandlerA
RegisterEventSourceA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
StartServiceCtrlDispatcherA
SetServiceStatus
DeregisterEventSource
ReportEventA

shell32

SHGetMalloc
SHGetDesktopFolder
SHGetPathFromIDListW

kernel32

FindClose
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
lstrlenA
ReadDirectoryChangesW
lstrcatW
lstrcpyW
lstrcpynW
GetQueuedCompletionStatus
CloseHandle
PostQueuedCompletionStatus
WaitForSingleObject
CreateThread
CreateIoCompletionPort
CreateDirectoryW
lstrlenW
CreateFileW
GetDiskFreeSpaceW
GetDriveTypeW
GetLogicalDriveStringsW
InitializeCriticalSection
GetSystemDirectoryA
LocalFree
LocalAlloc
CreateEventA
SetErrorMode
SetPriorityClass
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
SetEvent
SetFileAttributesA
Sleep
DeviceIoControl
GetTickCount
GetLastError
CreateFileA
GetDriveTypeA
GetVolumeInformationA
GetWindowsDirectoryA
GetTempPathA
GetPrivateProfileStringA
GetOEMCP
FindNextFileA
FindFirstFileA
DeleteFileA
GetStringTypeA
GetFileType
RtlUnwind
MoveFileA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
HeapFree
WriteFile
ReadFile
SetFilePointer
HeapAlloc
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetACP
VirtualAlloc
SetHandleCount
SetStdHandle
GetStdHandle
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
SetEndOfFile
HeapReAlloc
FlushFileBuffers
GetProcAddress
LoadLibraryA
LCMapStringA
HeapSize
GetFileAttributesA
LCMapStringW

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3b8bf3b6722ad43f9f70b47435ee016

Headers

File Characteristics

Imports

advapi32

shell32

kernel32

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 6KB - Virtual size: 185KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 6KB - Virtual size: 185KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB