How to remove csrss.exe
csrss.exe
The module csrss.exe has been detected as Risk.CoinMiner

File Details
Product Name: | Microsoft® .NET Framework |
Company Name: | Microsoft Corporation |
MD5: | cf7341a71cb0117e651fd1b4dc414657 |
Size: | 684 KB |
First Published: | 2017-08-05 17:08:48 (7 years ago) |
Latest Published: | 2024-11-29 23:01:11 (7 months ago) |
Status: | Risk.CoinMiner (on last analysis) | |
Analysis Date: | 2024-11-29 23:01:11 (7 months ago) |
Common Places:
%windir%\java\wk |
%windir%\microsoft.net\framework64\v3.0.50727 |
%windir%\debug\b3 |
%windir%\debug\feng |
%windir%\fonts |
%windir%\apppatch |
%windir% |
%system% |
%profile% |
%windir%\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\ogken2gt |
File Names:
mscorsvw.exe |
csrss.exe |
csres.exe |
Geography:
25.5% | ||
21.3% | ||
14.9% | ||
10.6% | ||
8.5% | ||
8.5% | ||
4.3% | ||
2.1% | ||
2.1% | ||
2.1% |
OS Version:
Windows Server 2008 R2 | 32.6% | |
Windows 7 | 19.6% | |
Windows Server 2003 | 19.6% | |
Windows Server 2012 R2 | 15.2% | |
Windows Server 2012 | 4.3% | |
Windows 10 | 4.3% | |
Windows Embedded Standard | 2.2% | |
Windows Server 2016 | 2.2% |
Analysis
Subsystem: | Windows CUI |
PE Type: | pe |
OS Bitness: | 32 |
Image Base: | 0x00400000 |
Entry Address: | 0x000c4bb9 |
PE Sections:
Name | Size of data | MD5 |
.text | 0 | 00000000000000000000000000000000 |
.rdata | 0 | 00000000000000000000000000000000 |
.data | 0 | 00000000000000000000000000000000 |
.vmp0 | 0 | 00000000000000000000000000000000 |
.vmp1 | 692224 | c74ac5e32b7a59e5d525c8a7389c532e |
.rsrc | 4096 | 4b8e1e460435858e289e7ae72e5f147d |
More information:
Download GridinSoft
Anti-Malware - Removal tool for csrss.exe
