» {1d20339d-30d6-ce4a-f63a-dcac12e1ecdd}-csrss.exe
Overview
Analysis
File Details

{1d20339d-30d6-ce4a-f63a-dcac12e1ecdd}-csrss.exe

The executable {1d20339d-30d6-ce4a-f63a-dcac12e1ecdd}-csrss.exe has been detected as malware by 14 anti-virus scanners.

File name:

MD5:

b6a588e9ddff3e2c71eb0697d78149a2

SHA-1:

7f404258b4cd962a21f0b01ea4ee373268745f0c

SHA-256:

c67888b8b14225804ad653d0862a4fbe54df4fa38d8cbf7632a96af0cc21b498

Scanner detections:

14 / 68

Status:

Malware

Analysis date:

4/26/2024 5:03:40 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Jaik.3546

870

Avira AntiVirus

TR/Soperu.A

7.11.173.16

AVG

Trojan horse SHeur4.CBZX

2014.0.4015

Bitdefender

Gen:Variant.Jaik.3546

1.0.20.1300

Dr.Web

Trojan.DownLoader11.32950

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Jaik.3546

8.14.09.17.10

F-Secure

Gen:Variant.Jaik.3546

11.2014-17-09_4

G Data

Gen:Variant.Jaik.3546

14.9.24

IKARUS anti.virus

Trojan.Win32.Crypt

t3scan.1.7.8.0

Kaspersky

Trojan.Win32.Reconyc

15.0.0.494

McAfee

Trojan-FEUO!57C28769763F

5600.7004

MicroWorld eScan

Gen:Variant.Jaik.3546

15.0.0.780

NANO AntiVirus

Trojan.Win32.Reconyc.dfeynw

0.28.2.62151

Quick Heal

Trojan.Reconyc.r4

9.14.14.00

File size:

104.9 KB (107,439 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\ProgramData\microsoft\windows\wer\reportqueue\noncritical_windows defender_783da64061ae58e2d996ad2fb24cfd6b7a54bd1b_00000000_cab_289a2b94\{1d20339d-30d6-ce4a-f63a-dcac12e1ecdd}-csrss.exe

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

1536:Jhg4A+kumle6X7BXsl4ngAbuOPyjTfI+zS90Neg12x+q682y:J+rSmle6X7B8l4ngAbYj1+yNexx+qH

Entry point:

B2, A5, 6F, FF, FC, FF, FF, FF, FB, FF, FF, FF, 00, 00, FF, FF, 47, FF, FF, FF, FF, FF, FF, FF, BF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, 0F, FF, FF, FF, F1, E0, 45, F1, FF, 4B, F6, 32, DE, 47, FE, B3, 32, DE, AB, 97, 96, 8C, DF, 8F, 8D, 90, 98, 8D, 9E, 92, DF, 9C, 9E, 91, 91, 90, 8B, DF, 9D, 9A, DF, 8D, 8A, 91, DF, 96, 91, DF, BB, B0, AC, DF, 92, 90, 9B, 9A, D1, F2, F2, F5, DB, FF, FF, FF, FF, FF, FF, FF... 
[+]

Entropy:

6.3490

Remove {1d20339d-30d6-ce4a-f63a-dcac12e1ecdd}-csrss.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.