Analysis Report csrss.exe
Overview
General Information
Detection
Glupteba
Score: | 76 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Glupteba
Found Tor onion address
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Checks if the current process is being debugged
May use bcdedit to modify the Windows boot settings
One or more processes crash
PE file contains sections with non-standard names
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Classification
|
Malware Configuration |
---|
No configs have been found |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Glupteba | Yara detected Glupteba | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Glupteba | Yara detected Glupteba | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Glupteba | Yara detected Glupteba | Joe Security | ||
JoeSecurity_Glupteba | Yara detected Glupteba | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Antivirus / Scanner detection for submitted sample |
Source: | Avira: |
Multi AV Scanner detection for submitted file |
Source: | Virustotal: | Perma Link |
Yara detected Glupteba |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Machine Learning detection for sample |
Source: | Joe Sandbox ML: |
Bitcoin Miner: |
---|
Yara detected Glupteba |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Static PE information: |
Networking: |
---|
Found Tor onion address |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |