home

svchost.exe

Microsoft Windows Operating System

Microsoft Corporation

The Windows Service Host (SvcHost) is a system process that hosts multiple Windows services in a shared process. Services run in SvcHost are implemented as dynamically-linked libraries (DLLs). It runs as a windows Service named “Microsoft .NET Framework NGEN v3.0.42936_X86”.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft(R) Windows(R) Operating System

Description:
Microsoft Corporation

Version:
2, 0, 0, 0

MD5:
5ee1e5a4d1bb0afd234fe8d7f70b0deb

SHA-1:
32929c807ae2c3cd740e76ba78145a6c3f79240f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/23/2024 5:02:28 PM UTC  (today)

File size:
679.7 KB (696,024 bytes)

Product version:
2, 0, 0, 0

Copyright:
Copyright ? 2009

Original file name:
Server.dll

File type:
Executable application (Win32 EXE)

Language:
Chinese (PRC)

Common path:
C:\windows\system\svchost.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
5/25/2014 9:30:00 PM

Valid to:
5/25/2024 9:30:00 PM

Subject:
CN=Microsoft Corporation

Issuer:
CN=Microsoft Corporation

Serial number:
92FA610A5F0A9AB54380316ECF72F40B

File PE Metadata
Compilation timestamp:
3/18/2014 8:10:06 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:UxcDO4rd4ruS0vUSFIF8rQoXY+t6Uv8iMROqNcvpXo8MHLTvsg7GPjg6dDFlh94e:eordquc8Q3+t6UvAO5hjsTvtSLtDNWe

Entry address:
0xBEA30

Entry point:
E9, F2, 74, 09, 00, 9C, C7, 44, 24, 44, 96, 10, E8, 4B, FF, 74, 24, 04, 51, 8D, 64, 24, 4C, E9, A6, 25, 0A, 00, 69, 7D, 21, E4, 53, C9, C7, 5D, 81, BD, 71, 2D, 75, 30, 00, 00, AC, A6, FF, CF, 24, 9A, 6E, 42, 48, F2, DE, C7, D1, 4D, 26, 3C, 59, D3, CF, C3, 7F, 93, FF, B3, 9F, E3, 9F, EC, 5E, 71, C7, BB, C8, 74, A3, 12, 12, 40, F1, ED, 45, F5, BE, C4, 60, 5F, 0A, 40, 7C, 8B, 01, 11, CA, 03, EA, C7, D5, 44, 36, 3A, E2, 5A, 85, 74, 74, 98, 34, 14, 60, 7B, D1, E7, 9F, 03, 5F, 27, 53, DB, 4B, 57, 0B, 01, 9E, C1...
 
[+]

Entropy:
7.9516

Packer / compiler:
Xtreme-Protector v1.05

Code size:
12 KB (12,288 bytes)

Service
Display name:
Microsoft .NET Framework NGEN v3.0.42936_X86

Service name:
clr_optimization_v3.0.42936_32

Description:
Microsoft .NET Framework NGEN

Type:
Win32OwnProcess, InteractiveProcess


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.