» svchost.exe
Overview
Analysis
File Details

svchost.exe

Select'Assistance Pro

The executable svchost.exe has been detected as malware by 7 anti-virus scanners. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS.

File name:

svchost.exe

Publisher:

Microsoft® Windows® Operating System (signed by Select'Assistance Pro)

Product:

Microsoft® Windows® Operating System

Description:

svchost.exe

Version:

3.3.9200.16420

MD5:

fda93cdaf0ba78464791cd9782417596

SHA-1:

61ad7335ea3316f8a7112846f4599b472b2acc9a

SHA-256:

26a945cb2e5ef0e204589c922966a7d39ae0fcffa9bd98e967134e95350d3754

Scanner detections:

7 / 68

Status:

Malware

Analysis date:

4/29/2024 10:20:31 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

W32/Ramnit.A

7.11.30.172

AVG

MSIL8

2016.0.2947

ESET NOD32

MSIL/Packed.EzirizNetReactor.AD trojan

7.0.302.0

Kaspersky

Trojan.Win32.Reconyc

14.0.0.1231

NANO AntiVirus

Trojan.Win32.Reconyc.dutwki

0.30.26.3947

Panda Antivirus

Trj/CI.A

15.10.23.07

Rising Antivirus

PE:Malware.RDM.36!5.2A[F1]

23.00.65.151021

File size:

320.2 KB (327,864 bytes)

Product version:

3.3.9200.16420

Trademarks:

Microsoft Fonction Basic

Original file name:

Project35.3.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\programme files(35.3)\svchost.exe

Digital Signature

Signed by:

Select'Assistance Pro

Authority:

DigiCert Inc

Valid from:

4/3/2014 2:00:00 AM

Valid to:

4/7/2017 2:00:00 PM

Subject:

CN=Select'Assistance Pro, O=Select'Assistance Pro, L=Strasbourg, C=FR

Issuer:

CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

055B429F44BDEC64C1AC6E0873322026

File PE Metadata

Compilation timestamp:

5/7/2015 8:51:54 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:8m/mklyC9Em0cLxiYJubLIfBAt82c4bk0cD:J/mk4C9EeiYJubLIfy/cD

Entry address:

0x4B22E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

293 KB (300,032 bytes)

Remove svchost.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.