home

csrss.exe

Daniel Monteiro

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘KernelSys32M’.
Publisher:
Daniel Monteiro  (signed and verified)

MD5:
58670eb782d2283266635b42d12d9334

SHA-1:
2f1798b805c4154dc9653f028ac1e61733015533

SHA-256:
bcf90ca339113684d8bc8e4212fb8e8735b17e7aaec43540c71f036c5735dc34

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/25/2024 8:22:16 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/LogicielsEspions.C potentially unsafe application
6.3.12010.0

F-Secure
Variant.Symmi.56603
5.15.154

File size:
1.7 MB (1,758,896 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
Daniel Monteiro

Authority:
COMODO CA Limited

Valid from:
2/11/2014 1:00:00 AM

Valid to:
2/12/2016 12:59:59 AM

Subject:
CN=Daniel Monteiro, O=Daniel Monteiro, STREET="Rua Dois,601 Costa Nova", L=Caraguatatuba, S=SP, PostalCode=11678-122, C=BR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00DFF6D1C08352FE36A9B12F50EC41A883

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:CjfAHefDW6ii2FXTIQCyoyQ3jpCn/eUMStTuwJLb:CjfAHaS7ie4yy1Cn/eUVt/JLb

Entry address:
0xE51A8

Entry point:
55, 8B, EC, 83, C4, F0, B8, D8, 4D, 4E, 00, E8, 28, 1E, F2, FF, A1, DC, ED, 4E, 00, 8B, 00, E8, 64, B4, F7, FF, 8B, 0D, 14, EF, 4E, 00, A1, DC, ED, 4E, 00, 8B, 00, 8B, 15, 4C, D3, 4D, 00, E8, 64, B4, F7, FF, 8B, 0D, 58, EF, 4E, 00, A1, DC, ED, 4E, 00, 8B, 00, 8B, 15, 5C, 72, 4D, 00, E8, 4C, B4, F7, FF, A1, DC, ED, 4E, 00, 8B, 00, E8, C0, B4, F7, FF, E8, 2F, F5, F1, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
913 KB (934,912 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
KernelSys32M

Command:
C:\msc\sp\csrss.exe rke


Scan csrss.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.