csrss.exe

Daniel Monteiro

The application csrss.exe by Daniel Monteiro has been detected as a potentially unwanted program by 5 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘KernelSys32M’.
Publisher:
Daniel Monteiro  (signed and verified)

MD5:
dcaa0aee6f6d22f8db427d6f1f294aa4

SHA-1:
1357aaa9c0c102b46c6581e056918dc49bc1ff7e

SHA-256:
96db2ae96a3fcaa1ed8ca1841f0ad934f0ecd3de12619282a2d4ed54b9237713

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 1:24:07 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/LogicielsEspions.C potentially unsafe (variant)
10.11584

Fortinet FortiGate
W32/LogicielsEspions.C
8/26/2016

K7 AntiVirus
Unwanted-Program
13.203.15820

Sophos
Mal/Behav-053
4.98

Trend Micro House Call
Suspicious_GEN.F47V0406
7.2.239

File size:
1.6 MB (1,704,672 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/25/2013 1:00:00 AM

Valid to:
2/26/2014 12:59:59 AM

Subject:
CN=Daniel Monteiro, O=Daniel Monteiro, STREET="Condominio Costa Nova. Rua Dois, 601", L=Caraguatatuba, S=SP, PostalCode=11677-000, C=BR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00899BB4D3DAE16CC66EF4EB9C6BBF803E

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:jiWuImTZW5AIJDGUVyWo7sv1IMCrnCAfT2MQ7ihplHWJ92nNp31JDrlVitR:jEWkrWo7mCGITXceC92f1JDK

Entry address:
0xDD3A8

Entry point:
55, 8B, EC, 83, C4, F0, B8, 90, CF, 4D, 00, E8, 5C, 9C, F2, FF, A1, 3C, 6D, 4E, 00, 8B, 00, E8, 6C, 34, F8, FF, 8B, 0D, 78, 6E, 4E, 00, A1, 3C, 6D, 4E, 00, 8B, 00, 8B, 15, 0C, 54, 4D, 00, E8, 6C, 34, F8, FF, 8B, 0D, B8, 6E, 4E, 00, A1, 3C, 6D, 4E, 00, 8B, 00, 8B, 15, 9C, F2, 4C, 00, E8, 54, 34, F8, FF, A1, 3C, 6D, 4E, 00, 8B, 00, E8, C8, 34, F8, FF, E8, 2F, 73, F2, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.3951

Developed / compiled with:
Microsoft Visual C++

Code size:
881.5 KB (902,656 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
KernelSys32M

Command:
C:\msc\sp\csrss.exe rke


Remove csrss.exe - Powered by Reason Core Security