Mal-ecule
O(Er)Md₂(Bi₂Si)
Found in 1 archive
Objectives
notable severity, 85% confident.
evasion/masquerade
PE stem disagrees with embedded PDB stem
baseline severity, 100% confident.
evasion/masquerade/brand
backup internal name
Micro-behaviors
baseline severity, 95% confident.
data/embedded
DigiCert timestamp certificate chain
baseline severity, 90% confident.
fs/temp
py2exe embedded Python DLL reference
baseline severity, 90% confident.
mem/c-runtime
Memory fill operation
baseline severity, 90% confident.
mem/sync
Initialize thread-safe list header
Metadata
notable severity, 100% confident.
binary
PE binary has trailing overlay data
notable severity, 100% confident.
signed
Signed by Python Software Foundation
baseline severity, 90% confident.
binary/section
PE .reloc section presence
baseline severity, 100% confident.
build
Depends on Common-Controls v6
baseline severity, 95% confident.
dylib::api-ms-win-crt-heap-l1-1-0
links api-ms-win-crt-heap-l1-1-0 (set_new_mode)
baseline severity, 95% confident.
dylib::api-ms-win-crt-locale-l1-1-0
links api-ms-win-crt-locale-l1-1-0 (configthreadlocale)
baseline severity, 95% confident.
dylib::api-ms-win-crt-math-l1-1-0
links api-ms-win-crt-math-l1-1-0 (setusermatherr)
baseline severity, 95% confident.
dylib::api-ms-win-crt-runtime-l1-1-0
links api-ms-win-crt-runtime-l1-1-0 (initialize_onexit_table, register_onexit_function, cexit, terminate, get_initial_wide_environment, ... +13 more)
baseline severity, 95% confident.
dylib::api-ms-win-crt-stdio-l1-1-0
links api-ms-win-crt-stdio-l1-1-0 (p__commode, set_fmode)
baseline severity, 95% confident.
dylib::kernel32
links kernel32 (IsDebuggerPresent, GetModuleHandleW, GetCurrentProcessId, QueryPerformanceCounter, IsProcessorFeaturePresent, ... +10 more)
baseline severity, 95% confident.
dylib::python310
links python310 (Py_Main)
baseline severity, 95% confident.
dylib::vcruntime140
links vcruntime140 (current_exception, current_exception_context, memset, C_specific_handler)
baseline severity, 100% confident.
hardening
High-entropy ASLR (64-bit)
baseline severity, 95% confident.
lang/compiler
Python runtime DLL import
20 of 45 traits shown
Identity
| SHA-256 | 94a83686261e9364cf3386b61a01a9f70936e8547da8962d16f1f850226b8954 |
|---|---|
| Filename | csshost.exe |
Origin
| Source | harvest |
|---|
Timeline
| First seen | 31 May 2026 04:18 UTC |
|---|---|
| First analyzed | 31 May 2026 04:16 UTC |
| Last analyzed | 31 May 2026 04:16 UTC |
| Last updated | 31 May 2026 04:18 UTC |
Labeling
| Label | bad |
|---|---|
| Label source | harvest |
Not seeing what you expected? Let us know