» cssurf.exe
Overview
Analysis
File Details
Behaviors (1)

cssurf.exe

Comodo CA Limited

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘COMODO SafeSurf’.

File name:

cssurf.exe

Publisher:

COMODO (signed by Comodo CA Limited)

Description:

COMODO SafeSurf

Version:

1, 0, 0, 5

MD5:

fab8b23c5203039563ff5f11c2f61eed

SHA-1:

779061072eb15d41886628155f4eabbcff8e77c2

SHA-256:

426ddeb8e0ea884a1a42a2c2edc00fd6b0183adb6b5450d4e7c8404ef7eb774c

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/20/2024 2:06:21 AM UTC (today)

File size:

264.7 KB (271,096 bytes)

Product version:

1, 0, 0, 5

Original file name:

cssurf.exe

File type:

Executable application (Win64 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\comodo\safesurf\cssurf.exe

Digital Signature

Signed by:

Comodo CA Limited

Authority:

The USERTRUST Network

Valid from:

5/13/2007 5:00:00 PM

Valid to:

5/13/2010 4:59:59 PM

Subject:

CN=Comodo CA Limited, O=Comodo CA Limited, STREET="3rd Floor, 26 Office Village", STREET=Exchange Quay, STREET=Trafford Road, L=Salford, S=Greater Manchester, PostalCode=M5 3EQ, C=GB

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

00863A68583ED1EF52040D77BDDDCED365

File PE Metadata

Compilation timestamp:

5/29/2008 9:15:29 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

6144:flJMHknA471Gk58GtdPJMHknA471G558r:NJMEf1GkqGtdPJMEf1G5qr

Entry address:

0x2890

Entry point:

40, 57, 48, 81, EC, 70, 07, 00, 00, 33, D2, 48, 8D, 4C, 24, 70, 44, 8D, 42, 50, E8, 73, 07, 00, 00, FF, 15, 31, 18, 00, 00, 48, 8D, 94, 24, 80, 07, 00, 00, 48, 8B, C8, FF, 15, 40, 18, 00, 00, 83, BC, 24, 80, 07, 00, 00, 01, 48, 8B, F8, 0F, 8E, 33, 03, 00, 00, 48, 8D, 94, 24, 30, 01, 00, 00, 41, B8, 04, 01, 00, 00, 33, C9, FF, 15, B9, 17, 00, 00, 85, C0, 0F, 84, 15, 03, 00, 00, 48, 8B, 4F, 08, 48, 8D, 15, 7A, 1F, 00, 00, E8, 01, E7, FF, FF, 85, C0, 0F, 85, 12, 02, 00, 00, 33, C0, 48, 8D, 15, 6C, 1D, 00, 00... 
[+]

Entropy:

6.9793

Code size:

8.5 KB (8,704 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

COMODO SafeSurf

Command:

"C:\Program Files\comodo\safesurf\cssurf.exe" -s

Scan cssurf.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.