home

csrssremovaltool.exe

Security Stronghold LLC

The application csrssremovaltool.exe by Security Stronghold has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. Additionally, the file is typically installed by a number of programs including SQLServer Removal Tool by Security Stronghold and Zedocookie Removal Tool by Security Stronghold.
Publisher:
Security Stronghold LLC  (signed and verified)

Version:
1.0.0.0

MD5:
103b206b7f7b17ec948446e5b7d0d7e7

SHA-1:
1aa2a776732c4203ff0bfc6b20e4c6a3331a6bcd

SHA-256:
71d135cdf33b3ff3e594415e145abaee9ec42c445b10200f762b565e41114f44

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 9:39:02 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.6.20.11

File size:
5.5 MB (5,766,584 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\csrssremoval tool\csrssremovaltool.exe

Digital Signature
Signed by:
Security Stronghold LLC

Authority:
GlobalSign nv-sa

Valid from:
8/16/2012 4:41:30 AM

Valid to:
11/10/2013 5:49:56 AM

Subject:
E=manager@securitystronghold.com, CN=Security Stronghold LLC, O=Security Stronghold LLC, L=Astrakhan, S=Astrakhan region, C=RU

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121A8E6D4E8876A9E02DB5215F60B91C5F5

File PE Metadata
Compilation timestamp:
12/11/2012 2:21:33 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:pXSWdqYVFPM0SndC0R0LHIR+cPkzc2ayj3HzNz9C+0pb+INqxMcWgO3UEOT8MzPV:pNPVmCQRxkc4HzVSb+INq+rgOkEsCJTW

Entry address:
0x3B7BE8

Entry point:
55, 8B, EC, B9, 0A, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, B8, 1C, 83, 7A, 00, E8, F8, 42, C5, FF, 8B, 35, 00, 67, 81, 00, 33, C0, 55, 68, FE, 7D, 7B, 00, 64, FF, 30, 64, 89, 20, 8D, 55, E4, 33, C0, E8, 4A, CF, C4, FF, 8B, 45, E4, 8D, 55, E8, E8, 97, BD, C6, FF, 8B, 45, E8, 8D, 4D, EC, 33, D2, E8, 96, BB, C6, FF, 8B, 55, EC, 8B, C6, E8, C8, 00, C5, FF, BB, 02, 00, 00, 00, 8D, 45, DC, 8B, 16, 0F, B7, 54, 5A, FC, E8, 0C, 0C, C5, FF, 8B, 45, DC, 8D, 55, E0, E8, 3D, 9D, C6, FF, 8B, 45, E0, 50, 8D...
 
[+]

Entropy:
6.7146

Developed / compiled with:
Microsoft Visual C++

Code size:
3.7 MB (3,894,784 bytes)

The file csrssremovaltool.exe has been discovered within the following programs.

Ares Removal Tool  by Security Stronghold
During installation, the Security Stronghold Removal Tool utility will provide various bundled applications including RegClean Pro registry cleaner. It will then download utilities from its server and scan the user's PC.
www.SecurityStronghold.com
50% remove it
HPdriversrelatedsoftware Removal Tool  by Security Stronghold
As part of the installation, the Security Stronghold Removal utility will provide various bundled offers including a PC optimization utility. It will then download utilities from its server and scan the user's PC.
badware.securitystronghold.com/badware_hp-drivers-related-software.html
75% remove it
SQLServer Removal Tool  by Security Stronghold
55% remove it
Start .search .us .com Removal Tool  by Security Stronghold
73% remove it
USBFlashdisk Removal Tool  by Security Stronghold
Publisher's description - “Fast, easy, and handy, USB Flashdisk Removal Tool protects your computer against USB Flashdisk that does harm to your computer and breaks your privacy. USB Flashdisk Removal Tool scans your hard disks and registry and destroys any manifestation of USB Flashdisk.”
54% remove it
Zedocookie Removal Tool  by Security Stronghold
64% remove it
 
Powered by Should I Remove It?

Remove csrssremovaltool.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.