dllhost.exe
COM Surrogate by Microsoft Corporation (Signed)
| Version: | 6.0.6000.16386 (vista_rtm.061101-2205) |
| MD5: | be01e566d1f569aab32d0335613e1eea |
| SHA1: | 58c379b077944d2ba79c0251977e8ede3dfbc829 |
| SHA256: | 997b248bfbdb290206a8496722d6102903634ec0d397694569bc237a681c088f |
This is a Windows system installed file with Windows File Protection (WFP) enabled.
What is dllhost.exe?
The COM Surrogate is a fancy name for Sacrificial process for a COM object that is run outside of the process that requested it. Explorer uses the COM Surrogate when extracting thumbnails, for example. If you go to a folder with thumbnails enabled, Explorer will fire off a COM Surrogate and use it to compute the thumbnails for the documents in the folder. It does this because Explorer has learned not to trust thumbnail extractors; they have a poor track record for stability.
Overview
dllhost.exe runs as a service under the name Aplikacja systemowa modelu COM+ (COMSysApp) with extensive SYSTEM privileges (full administrator access) within the context of the Service Host (SvcHost). The file is digitally signed by Microsoft Corporation. This version is designed to run on Windows Vista and is compiled as a 32 bit program.
Details
| File name: | dllhost.exe |
| Publisher: | Microsoft Corporation |
| Product name: | COM Surrogate |
| Description: | Microsoft® Windows® Operating System |
| Typical file path: | C:\Windows\System32\dllhost.exe |
| File version: | 6.0.6000.16386 (vista_rtm.061101-2205) |
| Product version: | 6.0.6000.16386 |
| Size: | 7 KB (7,168 bytes) |
| Certificate |
| Issued to: | Microsoft Corporation |
| Authority (CA): | Microsoft Corporation |
| Expiration date: | Tuesday, July 9, 2013 |
| Digital DNA |
| PE subsystem: | Windows GUI |
| Entropy: | 4.980855 |
| File packed: | No |
| Code language: | Microsoft Visual C++ |
| .NET CLR: | No |
More details
Behaviors
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
- 'COMSysApp' (Aplikacja systemowa modelu COM+)
- 'PrlVssProvider'
- Symantec SymSnap VSS Provider
- 'COMSysApp'
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.07499347% | |
| Kernel CPU: | 0.04702686% | |
| User CPU: | 0.02796661% | |
| Kernel CPU time: | 593,404 ms/min | |
| User CPU time: | 0 ms/min | |
| CPU cycles: | 302,630/sec | |
| Context switches: | 2/sec | |
| Memory |
| Private memory: | 5.81 MB | |
| Private (maximum): | 5.99 MB | |
| Private (minimum): | 3.2 MB | |
| Non-paged memory: | 5.81 MB | |
| Virtual memory: | 46.67 MB | |
| Virtual memory (peak): | 48.79 MB | |
| Working set: | 4.59 MB | |
| Working set (peak): | 7.15 MB | |
| Page faults: | 2,277,003/min | |
| I/O |
| I/O read transfer: | 794.93 KB/sec | |
| I/O read operations: | 33/sec | |
| I/O write transfer: | 3 Bytes/sec | |
| I/O write operations: | 1/sec | |
| I/O other transfer: | 3.19 KB/sec | |
| I/O other operations: | 240/sec | |
| Resource allocations |
| Threads: | 4 | |
| Handles: | 1202 | |
| GUI GDI count: | 8 | |
| GUI USER count: | 4 | |
Process properties
| Integrety level: | System |
| Platform: | 32-bit |
| Command lines: |
- C:\Windows\System32\dllhost.exe /processiC:{304ce942-6e39-40d8-943a-b913c40c9cd4}
- C:\Windows\System32\dllhost.exe /processiC:{02d4b3f1-fd88-11d1-960d-00805fc79235}
- C:\windows\syswow64\dllhost.exe /processiC:{78fd0120-d39c-45d8-a9be-2b802b3c23e5}
- C:\Windows\System32\dllhost.exe /processiC:{78fd0120-d39c-45d8-a9be-2b802b3c23e5}
- C:\windows\syswow64\dllhost.exe /processiC:{304ce942-6e39-40d8-943a-b913c40c9cd4}
- C:\Windows\System32\dllhost.exe /processiC:{b366debe-645b-43a5-b865-ddd82c345492}
- C:\Windows\System32\dllhost.exe /processiC:{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}
- (12 more)
|
| Owner: | SYSTEM |
| Windows Service |
| Service name: | COMSysApp |
| Display name: | Aplikacja systemowa modelu COM+ |
| Description: | “Administra la configuración y el seguimiento de los componentes del Modelo de objetos componentes (COM+). Si se detiene el servicio, la mayoría de los componentes COM+ no funcionarán correctamente. Si se deshabilita este servicio, no se podrá iniciar ningún servicio que dependa específicamente de él.” |
| Type: | Win32OwnProcess |
| Parent processes: |
|
Threads
Averages
| ole32.dll |
| Total CPU: | 18.02334954% | |
| Kernel CPU: | 9.55361029% | |
| User CPU: | 8.46973925% | |
| CPU cycles: | 473,766,034/sec | |
| Memory: | 1.27 MB | |
| wow64.dll |
| Total CPU: | 0.60460798% | |
| Kernel CPU: | 0.28316700% | |
| User CPU: | 0.32144099% | |
| CPU cycles: | 19,437,437/sec | |
| Memory: | 276 KB | |
| RPCRT4.dll |
| Total CPU: | 0.02102157% | |
| Kernel CPU: | 0.01579122% | |
| User CPU: | 0.00523035% | |
| CPU cycles: | 390,729/sec | |
| Memory: | 780 KB | |
| wow64cpu.dll |
| Total CPU: | 0.01418049% | |
| Kernel CPU: | 0.00000000% | |
| User CPU: | 0.01418049% | |
| CPU cycles: | 6,578/sec | |
| Memory: | 36 KB | |
| DllHost.exe (main module) |
| Total CPU: | 0.00055169% | |
| Kernel CPU: | 0.00036857% | |
| User CPU: | 0.00018311% | |
| CPU cycles: | 7,636/sec | |
| Memory: | 20 KB | |
| COMSVCS.DLL |
| Total CPU: | 0.00047567% | |
| Kernel CPU: | 0.00020806% | |
| User CPU: | 0.00026761% | |
| CPU cycles: | 60,265/sec | |
| Context switches: | 1/sec | |
| Memory: | 1.18 MB | |
| msvcrt.dll (Windows NT CRT DLL by Microsoft) |
| Total CPU: | 0.00009233% | |
| Kernel CPU: | 0.00009233% | |
| User CPU: | 0.00000000% | |
| CPU cycles: | 1,986/sec | |
| Memory: | 680 KB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
34.00% |
|
| Windows 8.1 |
19.00% |
|
| Windows 8.1 Pro |
10.00% |
|
| Windows 7 Ultimate |
9.50% |
|
| Windows 8.1 Single Language |
7.00% |
|
| Windows 7 Professional |
5.00% |
|
| Windows 8 Single Language |
3.50% |
|
| Windows 8 |
3.00% |
|
| Windows 8 Pro |
3.00% |
|
| Windows 8.1 Pro with Media Center |
2.00% |
|
| Windows Seven Black Edition |
1.00% |
|
| Windows Vista Home Premium |
1.00% |
|
| Windows 8.1 N |
0.50% |
|
| Windows 8 Enterprise N |
0.50% |
|
| Windows 7 Home Basic |
0.50% |
|
| Windows 8.1 Enterprise Evaluation |
0.50% |
|
Distribution by country
United States installs about 50.51% of COM Surrogate.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Dell |
23.17% |
|
| Hewlett-Packard |
17.37% |
|
| ASUS |
13.90% |
|
| Acer |
11.20% |
|
| Toshiba |
10.04% |
|
| Lenovo |
10.04% |
|
| Sony |
7.72% |
|
| Alienware |
2.70% |
|
| Intel |
1.54% |
|
| Samsung |
1.16% |
|
| GIGABYTE |
1.16% |
|
