home

cssswd.exe

SnoopStick

Solid Oak Software, Inc.

The executable cssswd.exe has been detected as malware by 14 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “Monitoring Service”.
Publisher:
Solid Oak Software, Inc.  (signed and verified)

Product:
SnoopStick

Description:
Monitor Service

Version:
1.8.3.19

MD5:
346064a80e400b3cea267c29c4340aaa

SHA-1:
3d479a962742a1306133ecef76e782e1bd9d9ddb

SHA-256:
133783dedb8156c92f36c5b9cec5b65a1fb96071152511e111f1c651ab25e1a4

Scanner detections:
14 / 68

Status:
Malware

Analysis date:
4/19/2024 9:59:24 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Packed/PECompact
7.1.1

AhnLab V3 Security
Malware/Win32.Suspicious
2013.11.18

Avira AntiVirus
TR/Spy.489704
7.11.113.240

Comodo Security
UnclassifiedMalware
17288

F-Prot
W32/Trojan4.LOE
v6.4.7.1.166

IKARUS anti.virus
Trojan-Spy
t3scan.2.2.29

K7 AntiVirus
Trojan
13.173.10217

McAfee
Generic.dx!346064A80E40
5600.7081

Norman
Suspicious_Gen2.KLMK
11.20140702

Panda Antivirus
Suspicious file
14.07.02.11

Rising Antivirus
Trojan.Win32.Generic.12471EF1
23.00.65.14630

Sophos
Generic PUA DN
4.94

Trend Micro House Call
TROJ_GEN.RCBCECO
7.2.183

Trend Micro
TROJ_GEN.RCBCECO
10.465.02

File size:
478.2 KB (489,704 bytes)

Product version:
1.0.0.0

Copyright:
Solid Oak Software, Inc.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\cssswd.exe

Digital Signature
Signed by:
Solid Oak Software, Inc.

Authority:
The USERTRUST Network

Valid from:
6/25/2008 8:00:00 AM

Valid to:
6/26/2010 7:59:59 AM

Subject:
CN="Solid Oak Software, Inc.", O="Solid Oak Software, Inc.", POBox=PO Box 6826, STREET=1209 De La Vina Street, L=Santa Barbara, S=CA, PostalCode=93101, C=US

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
00CC642DF014178AF1EB829B91F838F928

File PE Metadata
Compilation timestamp:
3/20/2008 4:10:55 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:/CZmKhgLhoMGhODwKjs/jzl66Gm/v2xBIgI//zRcXnpMf:nWuoMGhODwKkjhdd/v1nzKOf

Entry address:
0x1000

Entry point:
B8, 6C, 1D, 53, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 13, 5F, AC, 93, F6, DA, 0E, 4A, 3E, 62, 1D, 64, 84, 49, A8, 0C, 99, B2, F5, 69, 35, D4, 52, AF, E7, 82, B9, EB, DF, 2D, 1B, DD, 5F, 55, ED, BE, 51, CB, BA, 79, 06, CE, B9, 06, C3, 57, 03, D8, 92, 66, 83, 3E, 63, CF, BF, AD, A3, E9, EF, F3, 52, AE, 0A, A5, DF, 59, 93, 9E, CE, E4, D8, D0, 15, 4F, 3E, 32, F6, F9, 2A, 83, D0, 95, A4, 50, B5, 67, D6, DD, 48, 2C, 15, 57, 27...
 
[+]

Entropy:
7.8974

Packer / compiler:
PECompact v2

Code size:
861.5 KB (882,176 bytes)

Service
Display name:
Monitoring Service

Service name:
ChatRecMonSvc

Type:
Win32OwnProcess


Remove cssswd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.