plasrv.exe

  • File Path: C:\Windows\system32\plasrv.exe
  • Description: Performance Logs and Alerts DCOM Server

Hashes

Type Hash
MD5 9C338B7DD0916E2E282E15B385ED0716
SHA1 92B157CD2EF81C4649C491C4FC76C2422DCE45C6
SHA256 2D1C235DDC76D427C48C39C22E6DC50141F09734270EAF01778713F987E99CC4
SHA384 292A1C7F2736C5F2CD22FFF6B04ED1DD9EC06D1198C0CF2C778E410C1414288A654CC12488A2B76FB5C2DB39751167B8
SHA512 B34F659A85F9621FE75D087B8A9D502ECD600AD182863B134A071DC7877900CFBAD6A2C17FEC7DAF0B25891E9F66EDB8596B74860F2D745DC1046A72ACC71399
SSDEEP 192:F4tGfanJwH7XLc8B+Ps9nCuYgLrgdRFn5OW+XW:F4tLJwbXYq+U1YgPgNgW+XW
IMP 71297308FDB1BE310422F78B8E23F73C
PESHA1 98074B41AAD64CC5B31633D886377CD5E8717B7D
PE256 AF4E7D29CD9FF88DAE11F1D17E29ACCDD872D502E36809419199A5F03893D736

Runtime Data

Open Handles:

Path Type
(RW-) C:\Users\user File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section

Loaded Modules:

Path
C:\Windows\System32\ADVAPI32.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\system32\pla.dll
C:\Windows\system32\plasrv.exe
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\USER32.dll

Signature

  • Status: Signature verified.
  • Serial: 330000026551AE1BBD005CBFBD000000000265
  • Thumbprint: E168609353F30FF2373157B4EB8CD519D07A2BFF
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: plasrv.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/75
  • VirusTotal Link: https://www.virustotal.com/gui/file/2d1c235ddc76d427c48c39c22e6dc50141f09734270eaf01778713f987e99cc4/detection

Possible Misuse

The following table contains possible examples of plasrv.exe being misused. While plasrv.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc nukesped_lazarus .plasrv.dll``{:.highlight .language-cmhg} © ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.