home

svchost..exe

WindowsFormsApplication5

The executable svchost..exe, “Host Process for Windows Services” has been detected as malware by 39 anti-virus scanners.
Publisher:
Microsoft*  (Invalid match)

Product:
WindowsFormsApplication5

Description:
Host Process for Windows Services

Version:
1.0.0.0

MD5:
add24f826b396675b744ae470a031d00

SHA-1:
531c54d82b201966e757c6125ae7fd0f6402db9f

SHA-256:
eeec7d3bbe0cf98b6bee988554e72f0d00d9c0f0cb4354053d4e3e5851adc3ae

Scanner detections:
39 / 68

Status:
Malware

Analysis date:
4/19/2024 3:19:49 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Worm.Generic.357426
734

Agnitum Outpost
Worm.Agent
7.1.1

AhnLab V3 Security
Win-Trojan/Agent.29184.ANC
2015.01.26

Avira AntiVirus
Worm/Small.Y.6
7.11.205.54

avast!
MSIL:Agent-ABU [Trj]
2014.9-150201

AVG
Small
2016.0.3212

Baidu Antivirus
Worm.MSIL.Agent
4.0.3.1521

Bitdefender
Worm.Generic.357426
1.0.20.160

Clam AntiVirus
Win.Trojan.Agent-340208
0.98/21511

Comodo Security
Worm.MSIL.Agent.AT
20850

Dr.Web
Trojan.MulDrop3.30524
9.0.1.032

Emsisoft Anti-Malware
Worm.Generic.357426
8.15.02.01.03

ESET NOD32
MSIL/Agent.AT
9.11073

Fortinet FortiGate
MSIL/Agent.AT!worm
2/1/2015

F-Prot
W32/Small.IJ
v6.4.7.1.166

F-Secure
Worm.Generic.357426
11.2015-01-02_1

G Data
Worm.Generic.357426
15.2.24

IKARUS anti.virus
Worm.Win32.Msil
t3scan.1.8.6.0

K7 AntiVirus
Riskware
13.192.14752

Kaspersky
Worm.MSIL.Agent
14.0.0.2554

Malwarebytes
Trojan.MSIL
v2015.02.01.03

McAfee
W32/IRCbot.gen.a
5600.6868

Microsoft Security Essentials
Worm:Win32/Small.Y
1.11302

MicroWorld eScan
Worm.Generic.357426
16.0.0.96

NANO AntiVirus
Trojan.Win32.Agent.dcieux
0.30.0.64812

Norman
Agent.AKXUE
11.20150201

nProtect
Worm/W32.Agent.29184.L
15.01.23.01

Qihoo 360 Security
Win32/Worm.380
1.0.0.1015

Quick Heal
Worm.Small.Y3
2.15.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.14C625AB!348530091
23.00.65.15130

Sophos
Mal/MSIL-EY
4.98

SUPERAntiSpyware
Trojan.Agent/Gen
10081

Total Defense
Win32/Small.AHR
37.0.11405

Trend Micro House Call
TROJ_SPNR.06AJ12
7.2.32

Trend Micro
TROJ_SPNR.06AJ12
10.465.01

Vba32 AntiVirus
Worm.MSIL.Agent
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
36988

ViRobot
Trojan.Win32.S.Agent.29184.KE[h]
2014.3.20.0

Zillya! Antivirus
Worm.Agent.Win32.4371
2.0.0.2045

File size:
28.5 KB (29,184 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2011

Original file name:
WindowsFormsApplication5.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\svchost..exe

File PE Metadata
Compilation timestamp:
1/1/2009 12:41:11 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:1olzG1c+PSaMFGHynLLLrst59BvIkw2fLFLbL5tAW4woaPWjqDK7j+kaoXpm8aGm:2ASaMFGSLPKrZfbAW4wo6Dd3iqGXH5i

Entry address:
0x5FEE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 48, 00, 00, 80, 10, 00, 00, 00, 60, 00, 00, 80, 18, 00, 00, 00, 78, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 02, 00, 00, 00, 90, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 7F, 00, 00, A8, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.8485

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
16 KB (16,384 bytes)

User Start Menu Item
Name:
svchost..exe


Remove svchost..exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.