home

csrss.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from goodbe.co and multiple other hosts.
MD5:
00aa440f85f8b71da6e8e2cefccc5e7b

SHA-1:
4a05d139cc09b8b50fc909686660050a508a4c4a

SHA-256:
37d8a892684803deaf87581cb9b1678ef64379a407a19172478e7025fbb22748

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/15/2024 11:34:38 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Bkav FE
HW64.packed
1.3.0.7744

ESET NOD32
Win64/BitCoinMiner.AF potentially unsafe application
6.3.12010.0

File size:
1.2 MB (1,308,672 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\csrss.exe

File PE Metadata
Compilation timestamp:
3/20/2016 2:44:29 AM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
12.0

CTPH (ssdeep):
24576:eoAPZY7KhziAFLKX3QRUN0p90aBVgxr2002Zp9Lg8qK0uG9echd2cb:eJTziABIgW0AR2AD9rqFuGtj2

Entry address:
0x362CA0

Entry point:
53, 56, 57, 55, 48, 8D, 35, 55, 13, EC, FF, 48, 8D, BE, 00, D0, DD, FF, 57, 31, DB, 31, C9, 48, 83, CD, FF, E8, 50, 00, 00, 00, 01, DB, 74, 02, F3, C3, 8B, 1E, 48, 83, EE, FC, 11, DB, 8A, 16, F3, C3, 48, 8D, 04, 2F, 83, F9, 05, 8A, 10, 76, 21, 48, 83, FD, FC, 77, 1B, 83, E9, 04, 8B, 10, 48, 83, C0, 04, 83, E9, 04, 89, 17, 48, 8D, 7F, 04, 73, EF, 83, C1, 04, 8A, 10, 74, 10, 48, FF, C0, 88, 17, 83, E9, 01, 8A, 10, 48, 8D, 7F, 01, 75, F0, F3, C3, FC, 41, 5B, EB, 08, 48, FF, C6, 88, 17, 48, FF, C7, 8A, 16, 01...
 
[+]

Code size:
1.2 MB (1,306,624 bytes)

The file csrss.exe has been seen being distributed by the following 3 URLs.

http://goodbe.co/csrss.exe

http://lp7.bongacams24.com/csrss.exe

http://lp6.bongacams24.com/csrss.exe

Scan csrss.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.