home

CSRSS.exe

Процесс исполнения клиент-сервер

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from lp4.bongacams24.com.
Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Процесс исполнения клиент-сервер

Version:
6.3.9600.16384

MD5:
24efa019d8a3dbfdb86701c086ec09f6

SHA-1:
4f11e0d1cf2f1841920ca5089de2c5f408072d9d

SHA-256:
369ff56aeb4527e776a7e77732ff827bcc0235488102d0e504bc61ccfb32b168

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 11:32:10 PM UTC  (a few moments ago)

File size:
1.5 MB (1,553,920 bytes)

Product version:
6.3.9600.16384

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
CSRSS.Exe

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\csrss.exe

File PE Metadata
Compilation timestamp:
2/2/2016 1:57:48 PM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
12.0

CTPH (ssdeep):
12288:aqT9QCrVt0onICB2Jwpy0jPiFg/JfY6v0GXG7D7vrV/o:JT9QCrDJB2Jwpy0jiFgi68Gw

Entry address:
0x5B1E4

Entry point:
48, 83, EC, 28, E8, 43, 05, 00, 00, 48, 83, C4, 28, E9, 7E, FE, FF, FF, FF, 25, 14, C4, 00, 00, FF, 25, 46, C4, 00, 00, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 6C, 24, 10, 48, 89, 74, 24, 18, 57, 48, 83, EC, 10, 33, C9, 33, C0, 33, FF, 0F, A2, C7, 05, EE, 45, 04, 00, 02, 00, 00, 00, C7, 05, E0, 45, 04, 00, 01, 00, 00, 00, 44, 8B, DB, 8B, D9, 44, 8B, C2, 81, F3, 6E, 74, 65, 6C, 44, 8B, CA, 41, 8B, D3, 41, 81, F0, 69, 6E, 65, 49, 81, F2, 47, 65, 6E, 75, 8B, E8, 44, 0B, C3, 8D, 47, 01, 44, 0B, C2, 41, 0F, 94, C2...
 
[+]

Code size:
405 KB (414,720 bytes)

The file CSRSS.exe has been seen being distributed by the following URL.

http://lp4.bongacams24.com/csrss.exe

Scan CSRSS.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.