» svchost.exe
Overview
Analysis
File Details
Behaviors (1)

svchost.exe

The application svchost.exe has been detected as a potentially unwanted program by 24 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘svchost’. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS.

File name:

svchost.exe

Version:

5.0.0.525

MD5:

d8c804554b77554daf1291a58dc63ba7

SHA-1:

0b1c31407b27fd1f041c568c052015c0aaec6115

SHA-256:

8db1e5976d2ba10c4a67910d5e349da8f831af3a09fc3202a4b1c852b892fbb7

Scanner detections:

24 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 4:07:48 AM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

W32.W.Deecee

2.1.4+

Avira AntiVirus

SPR/ActualSpy.B

8.3.3.2

avast!

Win32:Trojan-gen

2014.9-170316

AVG

Logger

2018.0.2438

Comodo Security

UnclassifiedMalware

24247

Dr.Web

Trojan.ActualSpy.399

9.0.1.075

ESET NOD32

Win32/OrvellMonitoring.500 potentially unsafe

11.13047

Fortinet FortiGate

Riskware/ActualSpy

3/16/2017

F-Prot

W32/Monitor.SM

v6.4.7.1.166

G Data

Win32.Application.Agent.FTKSKC

17.3.25

IKARUS anti.virus

not-a-virus:Monitor.Win32.ActualSpy

t3scan.2.0.6.0

K7 AntiVirus

Trojan

13.213.18781

Kaspersky

not-a-virus:Monitor.Win32.ActualSpy

14.0.0.-1316

McAfee

Generic PUP.x!bj

5600.6094

Microsoft Security Essentials

MonitoringTool:Win32/ActualSpy

1.1.12400.0

NANO AntiVirus

Riskware.Win32.ActualSpy.ddctkz

1.0.14.6204

Panda Antivirus

Generic Malware

17.03.16.06

Qihoo 360 Security

Win32/Trojan.2ff

1.0.0.1120

Quick Heal

MonitoringTool.ActualSpy.r8 (Not a Virus)

3.17.14.00

Rising Antivirus

PE:Malware.Generic/QRS!1.9E2D [F]

23.00.65.17314

Sophos

Mal/Behav-417

4.98

Trend Micro House Call

Dialer_Win32Dial

7.2.75

Trend Micro

Dialer_Win32Dial

10.465.16

VIPRE Antivirus

Actual Spy

47290

File size:

888 KB (909,312 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

German (Germany)

Common path:

C:\windows\svchost.exe

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0xBFA60

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, 00, F7, 4B, 00, E8, EB, 79, F4, FF, 68, 14, FB, 4B, 00, 6A, 00, 6A, 00, E8, F5, 7C, F4, FF, 8B, D8, 6A, 00, 53, E8, 03, 80, F4, FF, 3D, 02, 01, 00, 00, 74, 7D, A1, 2C, 39, 4C, 00, 8B, 00, E8, 40, 49, FB, FF, E8, BB, CE, FE, FF, 8B, 0D, A0, 37, 4C, 00, A1, 2C, 39, 4C, 00, 8B, 00, 8B, 15, 28, 5E, 4B, 00, E8, 3B, 49, FB, FF, 8B, 0D, 64, 36, 4C, 00, A1, 2C, 39, 4C, 00, 8B, 00, 8B, 15, A4, 59, 4B, 00, E8, 23, 49, FB, FF, A1, 98, 39, 4C, 00, 8A, 00, 8B, 15, 2C, 39, 4C, 00, 8B, 12... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

763 KB (781,312 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

svchost

Command:

C:\windows\svchost.exe

Remove svchost.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.