» csrss.exe
Overview
Analysis
File Details
Behaviors (1)

csrss.exe

Firefox

The executable csrss.exe has been detected as malware by 30 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Client Server Runtime Process’.

File name:

csrss.exe

Publisher:

Mozilla Corporation* (Invalid match)

Product:

Firefox

Version:

31.0

MD5:

c93366338b2efa5eac15623928161cee

SHA-1:

f6611aec703bb88ac43b7377ded39a91e2a3a842

SHA-256:

cd20de3a28010054758a898e6d30861d0b83eaebd634cc370663cd973b65ccaa

Scanner detections:

30 / 68

Status:

Malware

Analysis date:

4/18/2024 8:38:37 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1888296

856

AhnLab V3 Security

Trojan/Win32.Tepfer

2014.10.02

Avira AntiVirus

TR/Crypt.Xpack.96264

7.11.175.230

avast!

Win32:Malware-gen

2014.9-141002

AVG

SHeur4

2015.0.3334

Baidu Antivirus

Trojan.Win32.Reconyc

4.0.3.14102

Bitdefender

Trojan.GenericKD.1888296

1.0.20.1375

Dr.Web

Trojan.DownLoad3.25251

9.0.1.0209

Emsisoft Anti-Malware

Trojan.GenericKD.1888296

8.14.10.02.06

ESET NOD32

Win32/Injector.BMPD (variant)

8.10493

Fortinet FortiGate

W32/BMPD!tr

10/2/2014

F-Prot

W32/Backdoor2.HVLC

v6.4.7.1.166

F-Secure

Trojan.GenericKD.1888296

11.2014-02-10_5

G Data

Trojan.GenericKD.1888296

14.10.24

IKARUS anti.virus

Trojan.Win32.Inject

t3scan.1.7.8.0

K7 AntiVirus

Riskware

13.183.13550

Kaspersky

Trojan.Win32.Reconyc

14.0.0.3164

Malwarebytes

Trojan.FakeMoz

v2014.10.02.06

McAfee

RDN/Generic Downloader.x!la

5600.6990

Microsoft Security Essentials

TrojanDownloader:Win32/Recslurp.A

1.11005

MicroWorld eScan

Trojan.GenericKD.1888296

15.0.0.825

Norman

Troj_Generic.WBHZG

11.20141002

nProtect

Trojan.GenericKD.1888296

14.10.01.01

Panda Antivirus

Trj/Chgt.I

14.10.02.06

Qihoo 360 Security

HEUR/QVM19.1.Malware.Gen

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

15.7.27.22

Sophos

Mal/Generic-S

4.98

Total Defense

Win32/Tnega.BZGfPJC

37.0.11208

VIPRE Antivirus

Trojan.Win32.Generic

41936

ViRobot

Trojan.Win32.Agent.143494

2011.4.7.4223

File size:

140.1 KB (143,494 bytes)

Product version:

31.0

Trademarks:

Firefox is a Trademark of The Mozilla Foundation.

Original file name:

firefox.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\csrss.exe

File PE Metadata

Compilation timestamp:

8/7/2014 7:41:57 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

18.0

CTPH (ssdeep):

3072:chvwpdIVMwQmB/gm2byObYk5eytIwcij7g9Aec:cyd1wzkRbFgAIwlj7g91c

Entry address:

0x3437

Entry point:

55, 8B, EC, 6A, FF, 68, 4D, 11, 40, 00, 68, 84, 34, 40, 00, 64, A1, 00, 00, 00, 00, 40, 64, 89, 25, 00, 00, 00, 00, 8B, 40, 04, B9, 03, 00, 00, 00, 33, D2, 09, CA, 0F, AF, C1, 83, C0, 05, 6B, C0, 02, 6B, C0, 03, 8B, C1, 41, 03, C1, 49, 49, 0F, AF, C1, 8B, C8, E8, 83, 0D, 00, 00, 75, 05, 39, 55, BC, 74, 54, FF, 25, 14, 78, 40, 00, FF, 25, 18, 78, 40, 00, FF, 25, 48, 78, 40, 00, 45, D4, DB, 45, E4, 8B, C8, 0F, AF, C8, 89, 4D, E4, 51, DB, 45, E4, DB, 45, EC, 51, DD, 5D, C0, D8, C1, DD, 1C, 24, DD, D8, E8, 4C... 
[+]

Entropy:

7.2031

Developed / compiled with:

Microsoft Visual C++

Code size:

16 KB (16,384 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Client Server Runtime Process

Command:

C:\users\{user}\appdata\roaming\csrss.exe

Remove csrss.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.