dllhost.exe
COM Surrogate by Microsoft Corporation (Signed)
| Version: | 6.1.7600.16385 (win7_rtm.090713-1255) |
| MD5: | a63dc5c2ea944e6657203e0c8edeaf61 |
| SHA1: | ace762c51db1908c858c898d7e0f9b36f788d2d9 |
| SHA256: | f7ad4b09afb301ce46df695b22114331a57d52e6d4163ff74787bf68ccf44c78 |
This is a Windows system installed file with Windows File Protection (WFP) enabled.
What is dllhost.exe?
The COM Surrogate is a fancy name for Sacrificial process for a COM object that is run outside of the process that requested it. Explorer uses the COM Surrogate when extracting thumbnails, for example. If you go to a folder with thumbnails enabled, Explorer will fire off a COM Surrogate and use it to compute the thumbnails for the documents in the folder. It does this because Explorer has learned not to trust thumbnail extractors; they have a poor track record for stability.
Overview
dllhost.exe runs as a service under the name Aplikacja systemowa modelu COM+ (COMSysApp) within the local user context within the context of the Service Host (SvcHost). The file is digitally signed by Microsoft Corporation. This version is designed to run on Windows 7 and is compiled as a 32 bit program.
Details
| File name: | dllhost.exe |
| Publisher: | Microsoft Corporation |
| Product name: | COM Surrogate |
| Description: | Microsoft® Windows® Operating System |
| Typical file path: | C:\Windows\System32\dllhost.exe |
| File version: | 6.1.7600.16385 (win7_rtm.090713-1255) |
| Product version: | 6.1.7600.16385 |
| Size: | 7 KB (7,168 bytes) |
| Certificate |
| Issued to: | Microsoft Corporation |
| Authority (CA): | Microsoft Corporation |
| Expiration date: | Tuesday, July 9, 2013 |
| Digital DNA |
| PE subsystem: | Windows GUI |
| Entropy: | 4.980855 |
| File packed: | No |
| Code language: | Microsoft Visual C++ |
| .NET CLR: | No |
More details
Behaviors
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
- 'COMSysApp' (Aplikacja systemowa modelu COM+)
- 'PrlVssProvider'
- Symantec SymSnap VSS Provider
- 'COMSysApp'
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.12111885% | |
| Kernel CPU: | 0.06896480% | |
| User CPU: | 0.05215405% | |
| Kernel CPU time: | 475,287 ms/min | |
| CPU cycles: | 257,327/sec | |
| Context switches: | 16/sec | |
| Memory |
| Private memory: | 4.92 MB | |
| Private (maximum): | 10.83 MB | |
| Private (minimum): | 5.84 MB | |
| Non-paged memory: | 4.92 MB | |
| Virtual memory: | 58.72 MB | |
| Virtual memory (peak): | 66.83 MB | |
| Working set: | 7.17 MB | |
| Working set (peak): | 15.79 MB | |
| Page faults: | 28,932/min | |
| I/O |
| I/O read transfer: | 17.94 KB/sec | |
| I/O read operations: | 81/sec | |
| I/O write transfer: | 54.56 KB/sec | |
| I/O write operations: | 4/sec | |
| I/O other transfer: | 80 Bytes/sec | |
| I/O other operations: | 11/sec | |
| Resource allocations |
| Threads: | 6 | |
| Handles: | 135 | |
| GUI GDI count: | 25 | |
| GUI GDI peak: | 30 | |
| GUI USER count: | 20 | |
| GUI USER peak: | 26 | |
Process properties
| Integrety level: | System |
| Platform: | 32-bit |
| Command lines: |
- C:\Windows\System32\dllhost.exe /processiC:{30d49246-d217-465f-b00b-ac9ddd652eb7}
- C:\windows\syswow64\dllhost.exe /processiC:{78fd0120-d39c-45d8-a9be-2b802b3c23e5}
- C:\windows\syswow64\dllhost.exe /processiC:{cb45d4ca-8a34-4ef1-9957-6134e5270e83}
- C:\Windows\System32\dllhost.exe /processiC:{3eb3c877-1f16-487c-9050-104dbcd66683}
- C:\Windows\System32\dllhost.exe /processiC:{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}
- C:\windows\syswow64\dllhost.exe /processiC:{3f6b5e16-092a-41ed-930b-0b4125d91d4e}
- C:\Windows\System32\dllhost.exe /processiC:{f9717507-6651-4edb-bff7-ae615179bccf}
- (29 more)
|
| Owner: | User |
| Windows Service |
| Service name: | COMSysApp |
| Display name: | Aplikacja systemowa modelu COM+ |
| Description: | “Administra la configuración y el seguimiento de los componentes del Modelo de objetos componentes (COM+). Si se detiene el servicio, la mayoría de los componentes COM+ no funcionarán correctamente. Si se deshabilita este servicio, no se podrá iniciar ningún servicio que dependa específicamente de él.” |
| Type: | Win32OwnProcess |
| Parent processes: |
|
Threads
Averages
| msvcrt.dll |
| Total CPU: | 4.26252315% | |
| Kernel CPU: | 0.00211857% | |
| User CPU: | 4.26040458% | |
| CPU cycles: | 72,896,089/sec | |
| Memory: | 688 KB | |
| SHLWAPI.dll |
| Total CPU: | 0.32681038% | |
| Kernel CPU: | 0.09818648% | |
| User CPU: | 0.22862390% | |
| CPU cycles: | 8,339,182/sec | |
| Context switches: | 11/sec | |
| Memory: | 348 KB | |
| wow64.dll |
| Total CPU: | 0.01097689% | |
| Kernel CPU: | 0.00691669% | |
| User CPU: | 0.00406020% | |
| CPU cycles: | 266,842/sec | |
| Context switches: | 1/sec | |
| Memory: | 252 KB | |
| ole32.dll |
| Total CPU: | 0.00888051% | |
| Kernel CPU: | 0.00547979% | |
| User CPU: | 0.00340072% | |
| CPU cycles: | 317,079/sec | |
| Context switches: | 4/sec | |
| Memory: | 1.36 MB | |
| ntdll.dll |
| Total CPU: | 0.00704012% | |
| Kernel CPU: | 0.00601222% | |
| User CPU: | 0.00102790% | |
| CPU cycles: | 50,253/sec | |
| Memory: | 1.66 MB | |
| COMSVCS.DLL |
| Total CPU: | 0.00178388% | |
| Kernel CPU: | 0.00094586% | |
| User CPU: | 0.00083802% | |
| CPU cycles: | 83,378/sec | |
| Context switches: | 1/sec | |
| Memory: | 1.21 MB | |
| MSDTCPRX.DLL |
| Total CPU: | 0.00122988% | |
| Kernel CPU: | 0.00033542% | |
| User CPU: | 0.00089446% | |
| CPU cycles: | 45,755/sec | |
| Memory: | 584 KB | |
| DllHost.exe (main module) |
| Total CPU: | 0.00112299% | |
| Kernel CPU: | 0.00073742% | |
| User CPU: | 0.00038557% | |
| CPU cycles: | 23,910/sec | |
| Memory: | 20 KB | |
| wow64cpu.dll |
| Total CPU: | 0.00048160% | |
| Kernel CPU: | 0.00040533% | |
| User CPU: | 0.00007627% | |
| CPU cycles: | 16,504/sec | |
| Memory: | 32 KB | |
| ESENT.dll |
| Total CPU: | 0.00039448% | |
| Kernel CPU: | 0.00036493% | |
| User CPU: | 0.00002955% | |
| CPU cycles: | 9,900/sec | |
| Memory: | 1.64 MB | |
| gdiplus.dll |
| Total CPU: | 0.00001207% | |
| Kernel CPU: | 0.00001207% | |
| User CPU: | 0.00000000% | |
| CPU cycles: | 209/sec | |
| Memory: | 1.56 MB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
34.00% |
|
| Windows 8.1 |
19.00% |
|
| Windows 8.1 Pro |
10.00% |
|
| Windows 7 Ultimate |
9.50% |
|
| Windows 8.1 Single Language |
7.00% |
|
| Windows 7 Professional |
5.00% |
|
| Windows 8 Single Language |
3.50% |
|
| Windows 8 |
3.00% |
|
| Windows 8 Pro |
3.00% |
|
| Windows 8.1 Pro with Media Center |
2.00% |
|
| Windows Seven Black Edition |
1.00% |
|
| Windows Vista Home Premium |
1.00% |
|
| Windows 8.1 N |
0.50% |
|
| Windows 8 Enterprise N |
0.50% |
|
| Windows 7 Home Basic |
0.50% |
|
| Windows 8.1 Enterprise Evaluation |
0.50% |
|
Distribution by country
United States installs about 50.51% of COM Surrogate.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Dell |
23.17% |
|
| Hewlett-Packard |
17.37% |
|
| ASUS |
13.90% |
|
| Acer |
11.20% |
|
| Toshiba |
10.04% |
|
| Lenovo |
10.04% |
|
| Sony |
7.72% |
|
| Alienware |
2.70% |
|
| Intel |
1.54% |
|
| Samsung |
1.16% |
|
| GIGABYTE |
1.16% |
|
