home

svchost.exe

hania

The executable svchost.exe has been detected as malware by 9 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘ba4c12bee3027d94da5c81db2d196bfd’. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS.
Product:
hania

Version:
1.0.0.0

MD5:
cb19a602059bb843283456f0d3f35f19

SHA-1:
31ec4593f990194795d434da0c5099f827b6d889

SHA-256:
ca5a531b62e320760b5d64f7e027aef31884e036aa2b8c852fa418a133b3f89f

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
4/25/2024 6:59:39 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11194135
1022

avast!
Win32:Malware-gen
2014.9-140419

Baidu Antivirus
Trojan.Win32.Generik.IEFTRXL
4.0.3.14419

Bitdefender
Trojan.Generic.11194135
1.0.20.545

Emsisoft Anti-Malware
Trojan.Generic.11194135
8.14.04.19.08

ESET NOD32
Generik.IEFTRXL (variant)
8.9670

Fortinet FortiGate
W32/Generik.IEFTRXL!tr
4/19/2014

G Data
Trojan.Generic.11194135
14.4.24

MicroWorld eScan
Trojan.Generic.11194135
15.0.0.327

File size:
312.5 KB (320,000 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2014

Original file name:
hania.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\svchost.exe

File PE Metadata
Compilation timestamp:
3/28/2014 10:31:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:1bzBqFmJ8+GCB37CEcMS/5w5TAnM6I3bBDGp0GrXcRSk:7qFmLGg37CN7pnM6WbBK

Entry address:
0x492FE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.2879

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
285 KB (291,840 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ba4c12bee3027d94da5c81db2d196bfd

Command:
"C:\users\{user}\appdata\local\temp\svchost.exe"..


Remove svchost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.