home

svchost.exe

Onur Karagoz

The executable svchost.exe has been detected as malware by 28 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “svchost”. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS.
Publisher:
Onur Karagoz  (signed and verified)

Version:
1.0.0.0

MD5:
7b0169b6fd97fab97d82f39bbae2a9d2

SHA-1:
0fe860e136269f819ad83c3edd19673ac7dadc9d

SHA-256:
5bc425471f753bb6098fb243c07deed96485837b7325eb074e8d5d5c54d8ebe4

Scanner detections:
28 / 68

Status:
Malware

Analysis date:
5/1/2024 8:43:12 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2140259
532

Agnitum Outpost
Trojan.Bamgadin
7.1.1

Avira AntiVirus
TR/Dropper.MSIL.124137
8.3.1.6

Arcabit
Trojan.Generic.D20A863
1.0.0.425

AVG
MSIL6
2016.0.3010

Baidu Antivirus
Trojan.MSIL.Bamgadin
4.0.3.15821

Bitdefender
Trojan.GenericKD.2140259
1.0.20.1165

Comodo Security
UnclassifiedMalware
22867

Emsisoft Anti-Malware
Trojan.GenericKD.2140259
8.15.08.21.03

ESET NOD32
MSIL/Bamgadin (variant)
9.11997

Fortinet FortiGate
MSIL/Bamgadin.D!tr
8/21/2015

F-Secure
Trojan.GenericKD.2140259
11.2015-21-08_6

G Data
Trojan.GenericKD.2140259
15.8.25

IKARUS anti.virus
Trojan.MSIL.Bamgadin
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.207.16684

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.1547

McAfee
Artemis!7B0169B6FD97
5600.6666

Microsoft Security Essentials
TrojanClicker:MSIL/Balamid.B
1.1.11903.0

MicroWorld eScan
Trojan.GenericKD.2140259
16.0.0.699

NANO AntiVirus
Trojan.Win32.Bamgadin.dnkigs
0.30.24.2668

nProtect
Trojan.GenericKD.2140259
15.07.23.01

Panda Antivirus
Trj/CI.A
15.08.21.03

Quick Heal
TrojanClicker.Balamid.r4
8.15.14.00

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_SPNR.07AN15
7.2.233

Trend Micro
TROJ_SPNR.07AN15
10.465.21

VIPRE Antivirus
Trojan.Win32.Clicker
42344

Zillya! Antivirus
Trojan.Bamgadin.Win32.16
2.0.0.2316

File size:
106.3 KB (108,816 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2014

Original file name:
SV.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\svchost.exe

Digital Signature
Signed by:
Onur Karagoz

Authority:
COMODO CA Limited

Valid from:
11/13/2014 4:00:00 AM

Valid to:
11/14/2015 3:59:59 AM

Subject:
CN=Onur Karagoz, O=Onur Karagoz, STREET=UĞURMUMCU MAH. UĞURMUMCU CAD., STREET=184 ÇATIEVLER SİTESİ, STREET=BLOK:C D:210, L=Ankara, S=Yenimahalle, PostalCode=06370, C=TR

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CD82F99CAD17F58E443C98C1BD258CBA

File PE Metadata
Compilation timestamp:
11/19/2014 8:42:25 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:kW8SLeosiYNeuTtjZzHlNXPBqftYbax6RZYJUkK7EMtsfckla9:kSSo9YNeG54GOIRuJx+EM83a9

Entry address:
0x1A85E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
98.5 KB (100,864 bytes)

Service
Display name:
svchost

Type:
Win32OwnProcess


Remove svchost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.