plasrv.exe

  • File Path: C:\Windows\system32\plasrv.exe
  • Description: Performance Logs and Alerts DCOM Server

Hashes

Type Hash
MD5 AA45F47592F227078BE1907DFAC7034F
SHA1 9AE56ACF2A23A4CA3FECC0727B72584495E862FE
SHA256 30370F7EC771E86DC4908A7E52D43946D9FE3DA956069A8000CADE71BF8A7865
SHA384 CE8DED39EE29B09BCD38C4D907317E91968913243AE173E445D555BFDC50DFDE37863609D6C5401905BD9C27D80F4811
SHA512 CE2162180BCE565B931407CD2A31824A3187BE484265EFAE9707EA8BBFED5BB22A6C1BE7EBCA33EFC1F17CFB471C363B393D339C1B00A00DC5298E7FFF3FC4EC
SSDEEP 192:TgvfedAPgkqDzEM4r1RWXIZCRvhIuPdS1reDR5eWdXW:TgvfKkqXynW4SvGuPJwWdXW

Runtime Data

Child Processes:

chrome.exe

Signature

  • Status: Signature verified.
  • Serial: 33000000BCE120FDD27CC8EE930000000000BC
  • Thumbprint: E85459B23C232DB3CB94C7A56D47678F58E8E51E
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: plasrv.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.14393.0 (rs1_release.160715-1616)
  • Product Version: 10.0.14393.0
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of plasrv.exe being misused. While plasrv.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc nukesped_lazarus .plasrv.dll``{:.highlight .language-cmhg} © ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.