» mDNSResponder.exe
Overview
Analysis
File Details
Behaviors (1)

mDNSResponder.exe

Bonjour

Apple Inc.

The executable mDNSResponder.exe has been detected as malware by 3 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “Bonjour Service”.

File name:

mDNSResponder.exe

Publisher:

Apple Inc.

Product:

Bonjour

Description:

Bonjour Service

Version:

3,0,0,10

MD5:

17539db9408328bc148f07424cc31ea0

SHA-1:

7b34475d922edfec131332a8a9e984640b0c0a06

SHA-256:

d2179434a8a1ba1efef30aaf6f59c8e5156b4d68c258d4e0a0c653ae664ba3ab

Scanner detections:

3 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/29/2024 5:48:51 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Floxif.H virus

6.3.12010.0

F-Prot

W32/Floxif.B

4.6.5.141

F-Secure

Win32.Floxif.A

5.16.24

File size:

461.8 KB (472,885 bytes)

Product version:

3,0,0,10

Original file name:

mDNSResponder.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\bonjour\mdnsresponder.exe

File PE Metadata

Compilation timestamp:

8/31/2011 6:40:52 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

10.0

Entry address:

0x3C1C8

Entry point:

E9, 4A, D3, FD, FF, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, E0, 9D, 47, 00, 89, 0D, DC, 9D, 47, 00, 89, 15, D8, 9D, 47, 00, 89, 1D, D4, 9D, 47, 00, 89, 35, D0, 9D, 47, 00, 89, 3D, CC, 9D, 47, 00, 66, 8C, 15, F8, 9D, 47, 00, 66, 8C, 0D, EC, 9D, 47, 00, 66, 8C, 1D, C8, 9D, 47, 00, 66, 8C, 05, C4, 9D, 47, 00, 66, 8C, 25, C0, 9D, 47, 00, 66, 8C, 2D, BC, 9D, 47, 00, 9C, 8F, 05, F0, 9D, 47, 00, 8B, 45, 00, A3, E4, 9D, 47, 00, 8B, 45, 04, A3, E8, 9D, 47, 00, 8D, 45, 08, A3, F4, 9D, 47... 
[+]

Entropy:

7.0529

Packer / compiler:

Xtreme-Protector v1.05

Code size:

273 KB (279,552 bytes)

Service

Display name:

Bonjour Service

Description:

Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence.

Type:

Win32OwnProcess

Depends on:

Tcpip

Remove mDNSResponder.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.