» aspnet_state.exe
Overview
Analysis
File Details
Behaviors (1)

aspnet_state.exe

Microsoft .NET Framework

The Microsoft ASP.NET State Server is distributed with version 4.0 of the .NET Framework This assembly is part of version 4.0 of the .NET Framework . While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable aspnet_state.exe, “Microsoft ASP.NET State Server” has been detected as malware by 10 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “ASP.NET State Service”.

File name:

aspnet_state.exe

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Microsoft® .NET Framework

Description:

Microsoft ASP.NET State Server

Version:

4.5.27.0 built by: FX453PREVIEWREL

MD5:

b74ecf6e96dae08bfe9422be81578e45

SHA-1:

7bab8478e16354b5d5a594873e90c477d6981c65

SHA-256:

c70017fe3430cba45f037f3102ef0c3d967567030149d02630267c2ce351943d

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

4/26/2024 4:11:02 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Expiro-DF

160214-1

AVG

Win32/Expiro

2015.0.4522

Dr.Web

Win64.Expiro.108

9.0.1.05190

ESET NOD32

Win64/Expiro.AC virus

7.0.302.0

F-Secure

Win64.Expiro.Gen.3

5.15.21

McAfee

Virus.W64/Expiro.a

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.6208.0

Norman

Win64.Expiro.Gen.3

13.02.2016 01:47:07

Sophos

Virus 'W64/Expiro-S'

5.23

VIPRE Antivirus

Threat.4792728

46838

File size:

617 KB (631,808 bytes)

Product version:

4.5.27.0

Original file name:

aspnet_state.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe

File PE Metadata

Compilation timestamp:

11/7/2014 6:18:08 PM

OS version:

6.0

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

9.0

CTPH (ssdeep):

12288:r/ReRmadsGUzNzIjjb2gRZkU1vLOwC+FQWEwm/owLmGp5VffOY9JgPjGtL6iuk7j:rpeRmesGUzNzIjP2gRZkU1vLOwC+FrE4

Entry address:

0x4F80

Entry point:

90, 55, 48, 89, E5, 56, 48, FF, CE, 57, 41, 54, 41, 55, 41, 56, 41, 57, 48, 81, EC, D0, 00, 00, 00, 48, C7, 85, 70, FF, FF, FF, 00, 00, 00, 00, 48, C7, 45, A8, 0E, 00, 00, 00, 4C, 8B, 55, A8, 49, 83, EA, 0E, 4C, 89, 55, A0, 48, C7, 45, 98, 09, 00, 00, 00, 45, 31, F6, 4C, 8B, 55, A0, 4D, 89, D5, 49, 83, ED, 00, 49, BA, 99, 1F, 00, 00, 00, 00, 00, 00, 4C, 89, 95, 40, FF, FF, FF, BE, 6F, A2, 9D, 12, 4C, 8B, 95, 40, FF, FF, FF, 49, B9, 8B, 06, 02, 00, 00, 00, 00, 00, 4D, 89, D6, 4D, 0F, AF, F1, 41, BD, 55, 5D... 
[+]

Entropy:

7.2221

Code size:

20 KB (20,480 bytes)

Service

Display name:

ASP.NET State Service

Service name:

aspnet_state

Description:

Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly dep

Type:

Win32OwnProcess

Remove aspnet_state.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.