home

CSRSS.exe

Процесс исполнения клиент-сервер

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from lp7.bongacams24.com.
Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Процесс исполнения клиент-сервер

Version:
6.3.9600.16384

MD5:
498c526c12ffd2d1a4fb7c3e5017ff60

SHA-1:
5d14b2a6cb5e8797d0c5638d8fbe0f299d18f090

SHA-256:
a0987d0f75f0f0fd16048d2c51590b6b2400a5cdeb2c28bdfb364c348d6ac936

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/29/2024 3:58:14 AM UTC  (today)

File size:
15.7 MB (16,418,721 bytes)

Product version:
6.3.9600.16384

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
CSRSS.Exe

File type:
Executable application (Win64 EXE)

Common path:
C:\windows\csrss.exe

File PE Metadata
Compilation timestamp:
8/4/2014 2:35:38 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
2.23

CTPH (ssdeep):
393216:3oPgtbTTTpT1TITHThTtTwTaTtTVTFTZTlTNTbTwTuTzT1T0TtTlT1ToTlTzTVTk:3Tt5

Entry address:
0x14F0

Entry point:
48, 83, EC, 28, C7, 05, 72, F5, 3E, 00, 00, 00, 00, 00, E8, 3D, 85, 24, 00, E8, 78, FC, FF, FF, 90, 90, 48, 83, C4, 28, C3, 90, 57, 56, 53, 48, 81, EC, C0, 01, 00, 00, 0F, 29, B4, 24, B0, 01, 00, 00, 66, 0F, 57, F6, 89, CB, 48, 8D, 0D, A9, DC, 3E, 00, 48, 89, D6, E8, 59, F7, 1F, 00, 44, 8B, 0D, F2, DF, 3E, 00, 45, 85, C9, 7E, 1C, 4C, 8B, 15, 66, DC, 3E, 00, 66, 0F, 57, F6, 31, C0, F2, 41, 0F, 58, 34, C2, 48, 83, C0, 01, 41, 39, C1, 7F, F1, 85, DB, 0F, 84, F9, 00, 00, 00, 83, 05, 62, DC, 3E, 00, 01, 48, 8D...
 
[+]

Code size:
2.3 MB (2,444,288 bytes)

The file CSRSS.exe has been seen being distributed by the following URL.

http://lp7.bongacams24.com/csrss.exe

Scan CSRSS.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.