» 20111492
Overview
Analysis
File Details
Behaviors (1)

20111492

COM Surrogate

Microsoft

It runs as a windows Service named “Microsoft .Net Framework COM+ Support”.

File name:

20111492

Publisher:

Microsoft Corporation (signed by Microsoft)

Product:

Microsoft® Windows® Operating System

Description:

COM Surrogate

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

MD5:

d6f4707ce0b2c78e2280d3230b150b66

SHA-1:

c861114c7bf82e580a652b3d550dc769e335a5e6

SHA-256:

fbd7e75b5ed12fc9181acf72f156f833a49c27d1e45d0a7a6bbb1ba63e66023d

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

5/26/2024 8:21:55 PM UTC (today)

File size:

1.6 MB (1,664,960 bytes)

Product version:

6.1.7600.16385

Original file name:

dllhost.exe

Common path:

C:\windows\temp\20111492

Digital Signature

Signed by:

Microsoft

Authority:

Microsoft

Valid from:

1/24/2017 12:58:50 AM

Valid to:

1/1/2040 8:59:59 AM

Subject:

CN=Microsoft

Issuer:

CN=Microsoft

Serial number:

3E42C243EC938B834B1EF29155D979BF

File PE Metadata

Compilation timestamp:

12/2/2016 2:05:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x40E000

Entry point:

EB, 08, 0F, 42, 19, 00, 00, 00, 00, 00, E9, 00, 20, 00, 00, 54, 41, 47, 47, 00, 20, 00, 00, 1D, 1B, 00, 00, 01, 00, 30, 82, 1B, 19, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 07, 02, A0, 82, 1B, 0A, 30, 82, 1B, 06, 02, 01, 01, 31, 09, 30, 07, 06, 05, 2B, 0E, 03, 02, 1A, 30, 82, 0F, 20, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 07, 01, A0, 82, 0F, 11, 04, 82, 0F, 0D, D0, 00, 01, 00, 01, C1, B1, A1, 02, 00, 03, 00, 07, 00, 00, 00, 26, 00, 00, 00, 01, 00, D1, A6, DE, 08, 61, 2F, 01, 6F, A1, 7E, 74, E6, 4D, CE, 8E, 53, EA... 
[+]

Entropy:

7.9407 (probably packed)

Service

Display name:

Microsoft .Net Framework COM+ Support

Service name:

.Net CLR

Description:

Microsoft .NET COM+ Integration with SOAP

Type:

Win32OwnProcess, InteractiveProcess

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.