» csrss.exe
Overview
Analysis
File Details
Behaviors (1)

csrss.exe

The executable csrss.exe has been detected as malware by 40 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Windows Update’.

File name:

csrss.exe

MD5:

506cf4d78b44bc51b0ebd474b69dd611

SHA-1:

39fa2d8c5c67510f76552ab28a531a6ea9bfa512

Scanner detections:

40 / 68

Status:

Malware

Analysis date:

4/25/2024 4:13:42 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Worm.Generic.230976

647

Agnitum Outpost

Trojan.Brambul

7.1.1

AhnLab V3 Security

Trojan/Win32.Npkon

2015.02.21

Avira AntiVirus

TR/Agent.mtv

3.6.1.96

avast!

Win32:Agent-AOKX [Trj]

2014.9-150428

AVG

PSW.Agent

2016.0.3125

Baidu Antivirus

Trojan.Win32.Agent

4.0.3.15428

Bitdefender

Worm.Generic.230976

1.0.20.590

Bkav FE

W32.TBrambulA.Trojan

1.3.0.6379

Clam AntiVirus

Trojan.Spy-78857

0.98/21511

Comodo Security

Worm.Win32.Pepex.E0

21922

Dr.Web

Win32.HLLW.Bumble

9.0.1.0118

Emsisoft Anti-Malware

Worm.Generic.230976

8.15.04.28.03

ESET NOD32

Win32/Pepex

9.11210

Fortinet FortiGate

W32/Bagz.E!worm

4/28/2015

F-Prot

W32/Agent.IX.gen

v6.4.7.1.166

F-Secure

Worm.Generic.230976

11.2015-28-04_3

G Data

Worm.Generic.230976

15.4.25

IKARUS anti.virus

Trojan-Spy.Win32.Agent

t3scan.1.8.6.0

K7 AntiVirus

Backdoor

13.203.15726

Kaspersky

Trojan-Spy.Win32.Agent

14.0.0.2122

McAfee

Downloader-CUZ

5600.6781

Microsoft Security Essentials

Trojan:Win32/Brambul.A

1.1.11602.0

MicroWorld eScan

Worm.Generic.230976

16.0.0.354

NANO AntiVirus

Trojan.Win32.Agent.bmgds

0.30.20.1219

Norman

EMailWorm

11.20150428

nProtect

Trojan-Spy/W32.Agent.86016.AK

15.04.27.01

Panda Antivirus

Generic Malware

15.04.28.03

Qihoo 360 Security

Win32/Trojan.Spy.f64

1.0.0.1015

Quick Heal

W32.Virut.D

4.15.14.00

Rising Antivirus

PE:Backdoor.Win32.Mnless.diy!1075283159

23.00.65.15426

Sophos

Mal/Spy-Y

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Spy

9908

Total Defense

Win32/Tnega.WW

37.1.62.1

Trend Micro House Call

TROJ_BRAMBUL.A

7.2.118

Trend Micro

TROJ_BRAMBUL.A

10.465.28

Vba32 AntiVirus

TrojanSpy.Agent

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

39738

ViRobot

Trojan.Win32.Agent.57344.TI[h]

2014.3.20.0

Zillya! Antivirus

Trojan.Agent.Win32.80264

2.0.0.2156

File size:

84 KB (86,016 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\csrss.exe

File PE Metadata

Compilation timestamp:

10/14/2009 2:45:54 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

768:mW8+9FisiTZdz4HLCLTRnVuwGiJTPpfl6dW6WsyqAgg8RCW+jl2WDMrL4:msisiTuLCLTRVuwZp5l/lsyqFg8B+RP

Entry address:

0x369E

Entry point:

55, 8B, EC, 6A, FF, 68, A0, 71, 40, 00, 68, D8, 42, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 5C, 70, 40, 00, 33, D2, 8A, D4, 89, 15, 78, 97, 40, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 74, 97, 40, 00, C1, E1, 08, 03, CA, 89, 0D, 70, 97, 40, 00, C1, E8, 10, A3, 6C, 97, 40, 00, 6A, 01, E8, A5, 0A, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, C5, 09, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

24 KB (24,576 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Windows Update

Command:

C:\windows\csrss.exe

Remove csrss.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.