plasrv.exe

  • File Path: C:\WINDOWS\system32\plasrv.exe
  • Description: Performance Logs and Alerts DCOM Server

Hashes

Type Hash
MD5 674D2B06AD7CDC7EC370EB189D308D59
SHA1 AE0AB8B96EA4CE14EFA3E1DF10644974EBAB5ED7
SHA256 2D0DBEACC174F37BA63C8443E53387E30F9777A0E789006D06C984644DD14063
SHA384 1DCB0EBD3355C680456119732544D0C36D8C7BDFD338AD203D59555665DB9FD79387FEEE19FCF699ED42B41868CF9445
SHA512 8ACE6740D673BCF49B1111B6DB2100BE5955DE65B53E929399EC15334A11D054F7FCEA90BBE5D47477AA4AEDAE8E48A02032289ED1C677B26203C8E91A21F221
SSDEEP 192:Ngw0YLT9ki6jQTLCqt4TaQp3xZSahIr5WWtXW:+wtn9n6j+LCaipZYYWtXW
IMP 71297308FDB1BE310422F78B8E23F73C
PESHA1 8472C681F5AF9C80F66CC2E294C85CE0A89A90DC
PE256 D58C511741B164F0953B60382EDF730EEC24BD07164CC3F6D507DC3C5939C583

Runtime Data

Open Handles:

Path Type
(RW-) C:\Windows\System32 File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section

Loaded Modules:

Path
C:\WINDOWS\System32\KERNEL32.DLL
C:\WINDOWS\System32\KERNELBASE.dll
C:\WINDOWS\System32\msvcrt.dll
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\system32\plasrv.exe

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: plasrv.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/2d0dbeacc174f37ba63c8443e53387e30f9777a0e789006d06c984644dd14063/detection

Possible Misuse

The following table contains possible examples of plasrv.exe being misused. While plasrv.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc nukesped_lazarus .plasrv.dll``{:.highlight .language-cmhg} © ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.