home

csess.exe

The executable csess.exe has been detected as malware by 2 anti-virus scanners. While running, it connects to the Internet address 108.61.223.150.vultr.com on port 80 using the HTTP protocol.
MD5:
d10ae4ae0036d2b81ee8f1ecf1b6fabe

SHA-1:
545448f38e5211735b9307cff78c43704fa81fe4

SHA-256:
33a35e0232596558a84bd682c9075281364fc03f6e94682ebaf2110a24ed49c9

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
11/24/2024 1:45:44 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Mishigy.AA trojan
6.3.12010.0

Kaspersky
Trojan-Dropper.Win32.Daws
15.0.2.529

File size:
182 KB (186,368 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\ifile\guard\csess.exe

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x2813C

Entry point:
55, 8B, EC, 83, C4, EC, 53, 33, C0, 89, 45, EC, B8, 74, 80, 42, 00, E8, 5E, DF, FD, FF, 33, C0, 55, 68, EF, 81, 42, 00, 64, FF, 30, 64, 89, 20, E8, B7, A8, FD, FF, B8, 58, BA, 42, 00, BA, 04, 82, 42, 00, E8, 70, C2, FD, FF, B8, 5C, BA, 42, 00, BA, AC, 82, 42, 00, E8, 61, C2, FD, FF, BA, 70, BA, 42, 00, 33, C0, E8, 2D, A8, FD, FF, 8D, 55, EC, 66, B8, 24, 00, E8, 1D, C5, FF, FF, 8B, 55, EC, B8, 74, BA, 42, 00, E8, 3C, C2, FD, FF, 33, C9, B2, 01, A1, F0, 1D, 42, 00, E8, 9A, B1, FE, FF, E8, FD, B4, FE, FF, 33...
 
[+]

Entropy:
6.5383

Developed / compiled with:
Microsoft Visual C++

Code size:
157 KB (160,768 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static.vnpt.vn  (222.255.38.174:80)

TCP (HTTP):
Connects to mail.dnsc.com.vn  (103.48.80.230:80)

TCP (HTTP):
Connects to 108.61.223.150.vultr.com  (108.61.223.150:80)

TCP (HTTP):
Connects to ip-104-238-93-58.ip.secureserver.net  (104.238.93.58:80)

TCP (HTTP):
Connects to 45.76.149.205.vultr.com  (45.76.149.205:80)

Remove csess.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.