CSRSS.exe

Процесс исполнения клиент-сервер

Microsoft Corporation

Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Процесс исполнения клиент-сервер

Version:
6.3.9600.16384

MD5:
bc3297e7aa01e0f0a65c307236f62d1a

SHA-1:
3009266c023ec3da07b992dd060ea63e21fbb800

SHA-256:
8e527ec5f8787f1da2342f70541bd461a0e1ca44ed84290726d4ac4d77925cd9

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 11:22:56 PM UTC  (a few moments ago)

File size:
635 KB (650,240 bytes)

Product version:
6.3.9600.16384

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
CSRSS.Exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\csrss.exe

File PE Metadata
Compilation timestamp:
8/9/2015 3:00:56 PM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
12.0

CTPH (ssdeep):
12288:bPSFBSkdRYnKrpGEgMAH+gttgS/JfY8DDX8FRHEGOo:b6OkdRYnwgMAH+g3gSi8q6o

Entry address:
0x54BC4

Entry point:
48, 83, EC, 28, E8, 43, 05, 00, 00, 48, 83, C4, 28, E9, 7E, FE, FF, FF, FF, 25, 74, A9, 00, 00, FF, 25, A6, A9, 00, 00, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 6C, 24, 10, 48, 89, 74, 24, 18, 57, 48, 83, EC, 10, 33, C9, 33, C0, 33, FF, 0F, A2, C7, 05, 5E, FB, 03, 00, 02, 00, 00, 00, C7, 05, 50, FB, 03, 00, 01, 00, 00, 00, 44, 8B, DB, 8B, D9, 44, 8B, C2, 81, F3, 6E, 74, 65, 6C, 44, 8B, CA, 41, 8B, D3, 41, 81, F0, 69, 6E, 65, 49, 81, F2, 47, 65, 6E, 75, 8B, E8, 44, 0B, C3, 8D, 47, 01, 44, 0B, C2, 41, 0F, 94, C2...
 
[+]

Entropy:
6.0715

Code size:
376 KB (385,024 bytes)

The file CSRSS.exe has been seen being distributed by the following URL.

Scan CSRSS.exe - Powered by Reason Core Security