csrss[.]exe | Triage

Sharing

General

Target

csrss.exe
Size

127KB
MD5

1ad665334adfaf19e853ac90fd7a004b
SHA1

b4bfda59a1a66bb117544a6407bb4ab262cab563
SHA256

763f6b72f4a2661bcd54df6fdfd7a6b12885781a9dd73a2eede466d495ef0986
SHA512

a2020536d30cca90127c0c43ba60b1616eefdfea7e6c9ab8d06768e0c412bbc28566aa43aff76c4fb7dc6677a8dc8830223b89aeb97239f8bd16efe5bebb80d8
SSDEEP

1536:7985mcHIqfypX78ZJuuPHbYwEm+5lHtaRWO1NZEjgWQeN+KnkGi:h85mcH9fi8ZJ/DYwiaZaRvnli

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
csrss.exe

Files

csrss.exe
.exe windows:4 windows x86 arch:x86

87bed5a7cba00c7e1f4015f1bdae2183

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress

Sections

DAM
Size: - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�uۊ��
Size: 126KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE