home

csrss.exe

The executable csrss.exe has been detected as malware by 8 anti-virus scanners. The file has been seen being downloaded from a1285858501.f3322.org.
MD5:
d32d8b58db2f72d375eaa6c9f313d22d

SHA-1:
cdbe7cd099288f2f58735180123c1d2e9ae311e1

SHA-256:
3b0d9dad6d8e6d7ed5d73f0783f62c4823069affbaea10fc186aed3b8a80a199

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
7/15/2025 4:49:08 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Farfli-CP [Trj]
160113-1

Dr.Web
Trojan.Siggen6.30052
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Kazy.544493
10.0.0.5366

ESET NOD32
Win32/Farfli.BDZ trojan
7.0.302.0

Kaspersky
Trojan.Win32.Vehidis
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.213.3222.0

Norman
Gen:Variant.Kazy.544493
11.01.2016 17:30:26

VIPRE Antivirus
Threat.4150696
46456

File size:
135.1 KB (138,362 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\temp\csrss.exe

File PE Metadata
Compilation timestamp:
1/28/2015 9:10:25 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:E7Q2jngfYkyulO9w1DGubK6DYlAOiH9iV+0y20dU1trwqF5gOHRXe7ggCCyODv8:awZL2kUX/7dReggDyODv8

Entry address:
0x17EEF

Entry point:
E8, AC, 05, 00, 00, E9, D7, FC, FF, FF, CC, FF, 25, AC, E2, 41, 00, 8B, 00, 81, 38, 63, 73, 6D, E0, 74, 03, 33, C0, C3, E9, 24, 06, 00, 00, 6A, 14, 68, 18, 16, 42, 00, E8, AE, 04, 00, 00, 83, 65, FC, 00, FF, 4D, 10, 78, 3A, 8B, 4D, 08, 2B, 4D, 0C, 89, 4D, 08, FF, 55, 14, EB, ED, 8B, 45, EC, 89, 45, E4, 8B, 45, E4, 8B, 00, 89, 45, E0, 8B, 45, E0, 81, 38, 63, 73, 6D, E0, 74, 0B, C7, 45, DC, 00, 00, 00, 00, 8B, 45, DC, C3, E8, D8, 05, 00, 00, 8B, 65, E8, C7, 45, FC, FE, FF, FF, FF, E8, A4, 04, 00, 00, C2, 10...
 
[+]

Entropy:
6.3466

Code size:
104 KB (106,496 bytes)

The file csrss.exe has been seen being distributed by the following URL.

http://a1285858501.f3322.org/6666.exe

Remove csrss.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.