home

DNSService.exe

DnsService

CSIS Security Group A/S

It runs as a separate (within the context of its own process) windows Service named “Heimdal Secure DNS Service”.
Publisher:
Microsoft  (signed by CSIS Security Group A/S)

Product:
DnsService

Version:
1.2.2.236

MD5:
ddf52408a040924465fff43d2b9b1e52

SHA-1:
136a5966b49cbdaeb36a88023ccc61fcce459fd5

SHA-256:
5219443d0124f6082a1f17c78c26c586f574c590d1d5ea588f22893bdc70d993

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 1:10:17 PM UTC  (today)

File size:
89.1 KB (91,280 bytes)

Product version:
1.2.2.236

Copyright:
Copyright © Microsoft 2011

Original file name:
DNSService.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\heimdal\heimdalsecuredns\dnsservice.exe

Digital Signature
Signed by:
CSIS Security Group A/S

Authority:
Thawte, Inc.

Valid from:
4/20/2011 2:00:00 AM

Valid to:
4/20/2013 1:59:59 AM

Subject:
CN=CSIS Security Group A/S, OU=CSIS Operations, O=CSIS Security Group A/S, L=Copenhagen, S=Denmark, C=DK

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6D62D441966EE037399103B7CD093B93

File PE Metadata
Compilation timestamp:
9/7/2012 4:06:20 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:1+zAG/lxQDttIV7BOh99q4rhc4GJC+PE2+8AEKbq31YuTP1O:A7xQDcVVW9/R+F+/EK2lYuT1O

Entry address:
0x160AE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
80.5 KB (82,432 bytes)

Service
Display name:
Heimdal Secure DNS Service

Service name:
HeimdalSecureDNS

Type:
Win32OwnProcess

Depends on:
tcpip


Scan DNSService.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.