CSRSS.exe

Процесс исполнения клиент-сервер

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from lp6.bongacams24.com.
Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Процесс исполнения клиент-сервер

Version:
6.3.9600.16384

MD5:
b4ecb6c1823237548449358d1298c113

SHA-1:
e36b79547d067249319690f34a9c786e6ff96168

SHA-256:
92c985ede028fc3206857357064fa4e0a1533e24d1fc118299c9a39dbcf4fc13

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/27/2024 9:23:11 PM UTC  (today)

File size:
635 KB (650,240 bytes)

Product version:
6.3.9600.16384

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
CSRSS.Exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\csrss.exe

File PE Metadata
Compilation timestamp:
8/9/2015 4:00:56 PM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
12.0

CTPH (ssdeep):
12288:dPSFBSkdRYnKrpGEgMAH+gttgS/JfY8DDX8FRHEGOo:d6OkdRYnwgMAH+g3gSi8q6o

Entry address:
0x54BC4

Entry point:
48, 83, EC, 28, E8, 43, 05, 00, 00, 48, 83, C4, 28, E9, 7E, FE, FF, FF, FF, 25, 74, A9, 00, 00, FF, 25, A6, A9, 00, 00, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 6C, 24, 10, 48, 89, 74, 24, 18, 57, 48, 83, EC, 10, 33, C9, 33, C0, 33, FF, 0F, A2, C7, 05, 5E, FB, 03, 00, 02, 00, 00, 00, C7, 05, 50, FB, 03, 00, 01, 00, 00, 00, 44, 8B, DB, 8B, D9, 44, 8B, C2, 81, F3, 6E, 74, 65, 6C, 44, 8B, CA, 41, 8B, D3, 41, 81, F0, 69, 6E, 65, 49, 81, F2, 47, 65, 6E, 75, 8B, E8, 44, 0B, C3, 8D, 47, 01, 44, 0B, C2, 41, 0F, 94, C2...
 
[+]

Code size:
376 KB (385,024 bytes)

The file CSRSS.exe has been seen being distributed by the following URL.

Scan CSRSS.exe - Powered by Reason Core Security