Server Load
雷神过检测 v1.5(修复部分用户无法与模拟器链接,优化卡顿问题).exe    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Basic Information
file name:雷神过检测 v1.5(修复部分用户无法与模拟器链接,优化卡顿问题).exe
file type:EXEx86
Submission time:2018-10-11 22:31:45
Threat level:clean
MD5:6290cfd73b34b57959c5152daffb3516
sha256:76be1475f7224a20f776b85cb2ad5de654024f0213eb1729cf0b9257fccc744e
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Abnormal flow detection system:0
Hunting system:0
DGA domain name recognition system:0
Network behavior report
No behavioral characteristics detected
Document release report
file name:csrss1.exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:3026944
MD5:e0cf8a754216d9a85fd65b1996df34b6
file name:csrss2.exe
file type:PE32 executable (GUI) Intel 80386, for MS Windows
file size:6725632
MD5:fcbd20926ad266b91e517b5e0f24d095
File process number report
Process details:0
Document behavior signature report
api:__exception__
category:__notification__
type:call
category:file
ioc:C:UsersvbccsbAppDataLocalTempcsrss3.exe
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTempcsrss1.exe
type:ioc
category:file
ioc:C:UsersvbccsbAppDataLocalTempcsrss2.exe
type:ioc
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:FindFirstFileExW
category:file
type:call
api:GetSystemInfo
category:system
type:call
api:GetSystemInfo
category:system
type:call
api:GetSystemInfo
category:system
type:call
api:GetSystemInfo
category:system
type:call
api:GetSystemInfo
category:system
type:call
api:GetSystemInfo
category:system
type:call
api:GetSystemInfo
category:system
type:call
api:SetWindowsHookExA
category:system
type:call
api:SetWindowsHookExA
category:system
type:call
api:SetWindowsHookExA
category:system
type:call
api:SetWindowsHookExA
category:system
type:call
category:0
ioc:0
type:generic
category:0
ioc:0
type:generic
Static information
PE section table information
Section name:.text
Virtual address:0x00001000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:R-E
Section name:.rdata
Virtual address:0x0007e000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:R--
Section name:.data
Virtual address:0x009aa000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:RW-
Section name:.vmp0
Virtual address:0x009d4000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:R-E
Section name:.vmp1
Virtual address:0x00d18000
Physical address:0x00001000
Physical size:0x00ea9000
Section permissions:R-E
Section name:.rsrc
Virtual address:0x01bc1000
Physical address:0x00eaa000
Physical size:0x00005000
Section permissions:R--
PE basic information
import_hash:a160b11eeeb892fae2742b0e3d90e17e
time_stamp:2018-10-10 20:26:15
entry_point_section:.vmp1
entry_point_section:.vmp1
image_base:0x400000
entry_point:0x1b55e53
PE resource information
name:RT_ICON
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x01bc120c
size:0x000002e8
name:RT_ICON
language:LANG_CHINESE
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x01bc14f4
size:0x00000128
name:RT_ICON
language:LANG_NEUTRAL
filetype:dBase IV DBT of 200.DBF, blocks size 64, next free block index 40, 1st item \"\034313345377\034313345377\034313345377\034313345370\034313345313\034313345_\034313345\013\034313345\"
sublanguage:SUBLANG_NEUTRAL
offset:0x01bc161c
size:0x00004228
name:RT_GROUP_ICON
language:LANG_NEUTRAL
filetype:MS Windows icon resource - 1 icon
sublanguage:SUBLANG_NEUTRAL
offset:0x01bc5844
size:0x00000014
name:RT_GROUP_ICON
language:LANG_CHINESE
filetype:MS Windows icon resource - 1 icon
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x01bc5858
size:0x00000014
name:RT_GROUP_ICON
language:LANG_CHINESE
filetype:MS Windows icon resource - 1 icon
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x01bc586c
size:0x00000014
name:RT_VERSION
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x01bc5880
size:0x00000240
name:RT_MANIFEST
language:LANG_NEUTRAL
filetype:XML document text
sublanguage:SUBLANG_NEUTRAL
offset:0x01bc5ac0
size:0x000001cd

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号