» svchost.exe
Overview
Analysis
File Details
Behaviors (1)

svchost.exe

The executable svchost.exe has been detected as malware by 19 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS.

File name:

svchost.exe

MD5:

47efaef7bf8033f51771a907bd10742c

SHA-1:

06a0d179d60aef943ce9e68cd3a4e6d3aa24fd23

SHA-256:

7047422feb1e02c50a8be60bf168ea745e1f9b72f2ada8e524e8d32ccbba6a34

Scanner detections:

19 / 68

Status:

Malware

Analysis date:

4/19/2024 7:44:22 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Graftor.145797

827

Avira AntiVirus

TR/Graftor.145797

7.11.157.220

avast!

Win32:Malware-gen

2014.9-141030

AVG

Downloader.Small

2015.0.3305

Bitdefender

Gen:Variant.Graftor.145797

1.0.20.1515

Bkav FE

HW32.CDB

1.3.0.4959

Dr.Web

Trojan.DownLoad3.28650

9.0.1.0303

Emsisoft Anti-Malware

Gen:Variant.Graftor.145797

8.14.10.30.08

ESET NOD32

Win32/TrojanDownloader.Wauchos.AE

8.10026

Fortinet FortiGate

W32/Wauchos.AE!tr.dldr

10/30/2014

F-Secure

Gen:Variant.Graftor.145797

11.2014-30-10_5

G Data

Gen:Variant.Graftor.145797

14.10.24

Kaspersky

Backdoor.Win32.Androm

14.0.0.3021

McAfee

Artemis!47EFAEF7BF80

5600.6961

MicroWorld eScan

Gen:Variant.Graftor.145797

15.0.0.909

Panda Antivirus

Trj/CI.A

14.10.30.08

Qihoo 360 Security

HEUR/Malware.QVM20.Gen

1.0.0.1015

Sophos

Mal/Generic-S

4.98

VIPRE Antivirus

Trojan.Win32.Generic

30840

File size:

65.5 KB (67,072 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\ProgramData\svchost.exe

File PE Metadata

Compilation timestamp:

6/26/2014 8:36:41 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

1536:cMg+fSP2iYPKo/wYCmzCEU27O4WFhj9euDGXR:VgLXmy1meELi4WFhjsuDGXR

Entry address:

0x4A70

Entry point:

55, 8B, EC, 81, EC, A8, 00, 00, 00, 56, C6, 45, E7, FE, B8, 01, 01, 00, 00, 66, 89, 45, C4, C6, 45, DF, 88, B9, CB, 00, 00, 00, 66, 89, 4D, E8, BA, 80, 00, 00, 00, 66, 89, 55, E0, B8, 38, 00, 00, 00, 66, 89, 45, B0, C7, 45, F0, EA, 00, 00, 00, C6, 45, B7, 72, C7, 45, C0, E9, 00, 00, 00, B9, 3B, 00, 00, 00, 66, 89, 4D, D0, C7, 45, B8, DF, 00, 00, 00, C7, 45, F4, 1A, 00, 00, 00, C7, 45, A4, 1D, 00, 00, 00, BA, B7, 00, 00, 00, 66, 89, 55, FC, C6, 45, D7, 98, C7, 45, EC, 0A, 00, 00, 00, 0F, BF, 45, FC, 8B, 0D... 
[+]

Entropy:

7.1358

Developed / compiled with:

Microsoft Visual C++

Code size:

39 KB (39,936 bytes)

Policies Explorer Run

Name:

33672

Remove svchost.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.