Download
Community
knowledgeBase
» csrss.exe
Overview
Analysis
File Details
Network (1)
csrss.exe
The executable csrss.exe has been detected as malware by 40 anti-virus scanners. While running, it connects to the Internet address www.turktelekom.com.tr on port 80 using the HTTP protocol.
File name:
csrss.exe
MD5:
a2aa4e162ed9aad18bc10bf280c03d52
SHA-1:
08c6a9d352ada45fa6509d630530519f2813bd22
SHA-256:
3f97bd398e585c2291758a50c741bf5ada64e32dc1c62e24794fb18c584cc500
Analysis
Scanner detections:
40 / 68
Status:
Malware
Analysis date:
5/21/2024 8:32:37 AM UTC
(today)
Scan engine
Detection
Engine version
Lavasoft Ad-Aware
Win32.Generic.497594
684
Agnitum Outpost
I-Worm.Brontok
7.1.1
AhnLab V3 Security
Win-Trojan/Brontok.524288
2015.03.14
Avira AntiVirus
Worm/Brontok.D.5
7.11.217.28
avast!
Win32:Brontok-CE [Wrm]
2014.9-150322
AVG
Worm/Generic_c
2016.0.3162
Baidu Antivirus
Trojan.Win32.Agent
4.0.3.15322
Bitdefender
Win32.Generic.497594
1.0.20.405
Bkav FE
W32.RontokbroYO
1.3.0.6379
Clam AntiVirus
Worm.Brontok.S
0.98/21511
Comodo Security
Worm.Win32.Brontok.CE
21406
Dr.Web
BackDoor.Generic.3162
9.0.1.081
Emsisoft Anti-Malware
Win32.Generic.497594
8.15.03.22.06
ESET NOD32
Win32/Brontok.CE
9.11319
Fortinet FortiGate
W32/Brontok.C@mm
3/22/2015
F-Prot
W32/Brontok.EP@mm
4.6.5.141
F-Secure
Win32.Generic.497594
11.2015-22-03_1
G Data
Win32.Generic.497594
15.3.25
IKARUS anti.virus
Email-Worm.Win32.Brontok
t3scan.1.8.6.0
K7 AntiVirus
EmailWorm
13.200.15261
Kaspersky
Email-Worm.Win32.Brontok
14.0.0.2306
Malwarebytes
Trojan.Dropper
v2015.03.22.06
McAfee
W32/Rontokbro.worm
5600.6818
Microsoft Security Essentials
Worm:Win32/Brontok.M@mm
1.1.11400.0
MicroWorld eScan
Win32.Generic.497594
16.0.0.243
NANO AntiVirus
Trojan.Win32.Alman.btuxjj
0.30.0.296
Norman
Rontokbro
11.20150322
nProtect
Worm/W32.Brontok.45543.B
15.03.13.01
Panda Antivirus
W32/Brontok.N.worm
15.03.22.06
Qihoo 360 Security
Trojan.Generic
1.0.0.1015
Quick Heal
W32.Brontok.Q
3.15.14.00
Rising Antivirus
PE:Trojan.Win32.Generic.12EE11FE!317592062
23.00.65.15320
Sophos
W32/Brontok-K
4.98
SUPERAntiSpyware
Trojan.Agent/Gen-SV
9981
Total Defense
Win32/Robknot.BM
37.0.11493
Trend Micro House Call
WORM_RONTKBR.GEN
7.2.81
Trend Micro
WORM_RONTKBR.GEN
10.465.22
Vba32 AntiVirus
Trojan.VBRA.06574
3.12.26.3
VIPRE Antivirus
Email-Worm.Win32.Brontok.a
38410
ViRobot
I-Worm.Win32.Brontok.45543[h]
2014.3.20.0
File Details
File size:
44.5 KB (45,543 bytes)
File type:
Executable application (Win32 EXE)
Common path:
C:\users\{user}\appdata\local\csrss.exe
File PE Metadata
OS version:
4.0
OS bitness:
Win32
Subsystem:
Windows GUI
Linker version:
5.12
CTPH (ssdeep):
768:ref/+PHWTguw3tlp6PqHHyBw1+VTO6gGpF0XeTe4dXFexFFJN5pBwM02sYqv35B6:CHJDw3tlsY0wAQ2F0XeXeN35pBF02rcu
Entry address:
0x32FCE
Entry point:
E9, 81, D1, FC, FF, 0C, 80, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, A5, 2F, 03, 00, 0C, 80, 02, 00...
[+]
Packer / compiler:
RLPack FullEdition V1.1X
Code size:
512 Bytes (512 bytes)
Network Communications
The executing file has been seen to make the following network communication in live environments.
TCP (HTTP):
Connects to
www.turktelekom.com.tr
 (195.175.254.2:80)
Remove csrss.exe
- Powered by Reason Core Security
X