home

svchost.exe

Host Process for Windows Services

ABDULKADIR SAHIN

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application svchost.exe, “Host Process for Windows Services” by ABDULKADIR SAHIN has been detected as adware by 23 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “svchost”. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS.
Publisher:
Microsoft Corporation  (signed by ABDULKADIR SAHIN)

Product:
Microsoft® Windows® Operating System

Description:
Host Process for Windows Services

Version:
6.1.7600.16385

MD5:
7b60305fc6e68ac0ede9532d91305cb7

SHA-1:
2f1d33b9d3b0fb529df4bc83321c974d41dc752e

SHA-256:
d915c49d3119a2c3cbfb29f67f0a53d685185bb3dd8dc6829eb611502b22d8db

Scanner detections:
23 / 68

Status:
Adware

Analysis date:
4/24/2024 12:57:43 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.DL.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.Agent
2014.11.30

Avira AntiVirus
TR/Balamid.A
7.11.189.146

avast!
MSIL:Agent-BOF [Trj]
2014.9-141223

AVG
Luhe.MSIL.D
2015.0.3252

Comodo Security
UnclassifiedMalware
20237

ESET NOD32
MSIL/TrojanDownloader.Agent.OB (variant)
8.10802

Fortinet FortiGate
MSIL/Agent.OB!tr.dldr
12/23/2014

IKARUS anti.virus
Trojan.Msil
t3scan.1.8.3.0

K7 AntiVirus
Trojan
13.186.14174

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.2753

Malwarebytes
Trojan.MSIL.FakeMS
v2014.12.23.09

McAfee
Artemis!7B60305FC6E6
5600.6908

Microsoft Security Essentials
Trojan:MSIL/Balamid.A
1.11202

Norman
Suspicious_Gen4.FRAOH
11.20141223

Panda Antivirus
Generic Malware
14.12.23.09

Qihoo 360 Security
Win32/Trojan.Multi.daf
1.0.0.1015

Quick Heal
Trojan.Balamid.r4
12.14.14.00

Reason Heuristics
PUP.Service.ABDULKADIRSAHIN.H
14.12.23.9

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_SPNR.07AR14
7.2.357

Trend Micro
TROJ_SPNR.07AR14
10.465.23

VIPRE Antivirus
Trojan.Win32.Generic
35266

File size:
90.8 KB (93,008 bytes)

Product version:
6.1.7600.16385

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
svchost.exe

File type:
Executable application (Win32 EXE)

Language:
Turkish (Turkey)

Common path:
C:\ProgramData\svchost.exe

Digital Signature
Signed by:
ABDULKADIR SAHIN

Authority:
VeriSign, Inc.

Valid from:
1/18/2013 2:00:00 AM

Valid to:
3/20/2014 1:59:59 AM

Subject:
CN=ABDULKADIR SAHIN, OU=Individual Developer, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=No Organization Affiliation, L=ANKARA, S=KECIOREN, C=TR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
516CAE126302D8B129C8550A077CDF6F

File PE Metadata
Compilation timestamp:
1/12/2014 3:25:38 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:Y6hMUnTllwxAgHoHjqWWnQQr5oQ+r8/xXl0wAC+aFT:/MATQOioHtYoq/xX9AXo

Entry address:
0x162BE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
81 KB (82,944 bytes)

Service
Display name:
svchost

Type:
Win32OwnProcess


Remove svchost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.