How to remove csrss.exe
csrss.exe
The module csrss.exe has been detected as Trojan.CoinMiner
File Details
| Product Name: | NSSM 64-bit |
| MD5: | 0a7d7ed55c4202f5106824f11ecb22fa |
| Size: | 292 KB |
| First Published: | 2017-09-18 09:07:32 (7 years ago) |
| Latest Published: | 2020-06-07 04:24:13 (4 years ago) |
| Status: | Trojan.CoinMiner (on last analysis) | |
| Analysis Date: | 2020-06-07 04:24:13 (4 years ago) |
Common Places:
| %windir%\fonts |
| %windir% |
| %windir% |
| %windir% |
| %windir% |
| %windir% |
| %windir% |
| %windir% |
| %windir% |
| %windir% |
File Names:
| svchost.exe |
| csrss.exe |
Geography:
| 59.3% | ||
| 8.1% | ||
| 5.8% | ||
| 5.2% | ||
| 4.7% | ||
| 3.5% | ||
| 2.9% | ||
| 2.9% | ||
| 2.3% | ||
| 1.7% | ||
| 1.2% | ||
| 1.2% | ||
| 1.2% |
OS Version:
| Windows 7 | 41.3% | |
| Windows Server 2012 | 37.8% | |
| Windows Server 2008 R2 | 12.2% | |
| Windows Server 2012 R2 | 8.1% | |
| Windows Vista | 0.6% |
Analysis
| Subsystem: | Windows CUI |
| PE Type: | pe |
| OS Bitness: | 64 |
| Image Base: | 0x0000000140000000 |
| Entry Address: | 0x000189a0 |
PE Sections:
| Name | Size of data | MD5 |
| .text | 132096 | 6b9da9b3af829181411e1f4e9bc9e02f |
| .rdata | 28160 | cc275d47891f4edeefe92205296be5cf |
| .data | 7680 | 12c0638d9bbd762feed41fb94a045a03 |
| .pdata | 6656 | 7936e3d95bbe6c52b78154fcb6315229 |
| .rsrc | 123392 | 9d0566a42d885e9254767bfbb5a82368 |
More information:
Download GridinSoft
Anti-Malware - Removal tool for csrss.exe
