» svchost.exe
Overview
Analysis
File Details
Behaviors (1)

svchost.exe

Select'Assistance Pro

The executable svchost.exe has been detected as malware by 10 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Sidebar(x34) Build19’. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS.

File name:

svchost.exe

Publisher:

Microsoft® Windows® Operating System (signed by Select'Assistance Pro)

Product:

Microsoft® Windows® Operating System

Description:

svchost.exe

Version:

6.2.9200.16420

MD5:

9f13739d2d57d9e44a90d2c49b4b6d75

SHA-1:

43fc305145d0f544c1a62660391d241b57f00874

SHA-256:

5bab773e060b18edca9348984269600a5980373af05073099c7014116a47dd2c

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

4/25/2024 4:09:21 PM UTC (today)

Scan engine

Detection

Engine version

avast!

MSIL:Agent-CHS [Trj]

160414-2

Emsisoft Anti-Malware

Gen:Variant.MSIL.Lynx.14

11.5.0.6191

ESET NOD32

MSIL/Packed.EzirizNetReactor.AD trojan

8.0.319.0

F-Secure

Variant.MSILPerseus.1806

5.15.21

G Data

Win32.Trojan.Agent.Z1E4CX

16.6.24

IKARUS anti.virus

Trojan.Win32.Agent

t3scan.1.6.1.0

McAfee

Trojan.Artemis!9F13739D2D57

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.223.2587.0

Norman

Gen:Variant.MSILPerseus.1806

19.05.2016 01:04:49

Qihoo 360 Security

HEUR/Malware.QVM03.Gen

1.0.0.1015

File size:

261.7 KB (267,960 bytes)

Product version:

6.2.9200.16420

Trademarks:

Microsoft Fonction Basic

Original file name:

garcon.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\programme files(x34)build19\svchost.exe

Digital Signature

Signed by:

Select'Assistance Pro

Authority:

DigiCert Inc

Valid from:

4/3/2014 1:00:00 AM

Valid to:

4/7/2017 1:00:00 PM

Subject:

CN=Select'Assistance Pro, O=Select'Assistance Pro, L=Strasbourg, C=FR

Issuer:

CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

06CE209477F1AC19A2049BDC5846A831

File PE Metadata

Compilation timestamp:

5/3/2014 12:30:01 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:8wWxp8zPwmxuli5LWMsmRImofHrdOruBI6QsSc48cRCG1cnOG61Go:ep8z4mZBofIwBQs/8CG1cnOOo

Entry address:

0x3C8DE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

234.5 KB (240,128 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Sidebar(x34) Build19

Command:

C:\users\{user}\appdata\roaming\programme files(x34)build19\svchost.exe

Remove svchost.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.