home

svchospt.exe

Parents Friend V 8.0

FK2

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘svchospt’.
Publisher:
FK2

Product:
Parents Friend V 8.0

Version:
8.00.0060

MD5:
e866ff54cd90b7ea76661a179fe749ff

SHA-1:
c4cc72306946b7951a17362fcac43eeda88b5b77

SHA-256:
fea89b585fa102c18356f8606744a5d0219dbd81b67daebbb1de8abfc668b5b2

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/23/2024 1:03:39 PM UTC  (today)

Scan engine
Detection
Engine version

SUPERAntiSpyware
Trojan.Agent/Gen-Falint
10668

File size:
972 KB (995,328 bytes)

Product version:
8.00.0060

Copyright:
Lunasoft

Original file name:
svchospt.exe

File type:
Executable application (Win32 EXE)

Language:
German (Germany)

Common path:
C:\windows\syswow64\svchospt.exe

File PE Metadata
Compilation timestamp:
8/6/2011 5:06:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:eUvhrctYhJ5d9s5HlMFlnPm1ZaWv+0gjx+zRgia/jICGZyp/on:NnXsfMDPmDo7jqSiCICGZyk

Entry address:
0x5B88

Entry point:
68, D8, 54, 44, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 23, 49, 52, 89, C8, C0, 4B, 4F, B7, 06, 85, 62, 3E, DA, E6, 78, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 42, 00, 82, 50, 83, 01, 50, 61, 72, 65, 6E, 74, 73, 46, 72, 69, 65, 6E, 64, 00, 20, 06, 00, 00, 00, 00, FF, CC, 31, 00, 9D, 2E, 85, E9, 29, 9E, 9F, CF, 42, B5, F8, FD, DE, 93, A4, 8C, 68, 59, C4, F6, 0E, 71, BE, BE, 46, BA, 17, F6, A0, 18, 1B, 31, 87, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
956 KB (978,944 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
svchospt

Command:
C:\windows\syswow64\svchospt.exe


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to w92.rzone.de  (81.169.145.146:80)

Scan svchospt.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.