home

svchost.exe

Aurora

Supersoft

The application svchost.exe by Supersoft has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS. It is also typically executed from the user's temporary directory.
Publisher:
Firefox and Mozilla Developers  (signed by Supersoft)

Product:
Aurora

Version:
25.0.0.4994

MD5:
fae313752329c9c6b11ac6d56ac94621

SHA-1:
80b57dea3094730b9d134151c3726f340091ce8c

SHA-256:
3bb0af70e3ec6ab85932648f2f5a18f14e14a55f3894d62f4977e7a95557eff5

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/19/2024 8:53:42 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Supersof (M)
16.4.29.17

File size:
44.2 KB (45,248 bytes)

Product version:
25.0.0.0

Copyright:
Copyright (C) 1999-2013 Firefox and Mozille; MPL 2 license. All rights reserved.

Original file name:
Aurora

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\svchost.exe

Digital Signature
Signed by:
Supersoft

Authority:
Supersoft

Valid from:
9/30/2012 10:26:38 AM

Valid to:
1/1/2040 12:59:59 AM

Subject:
CN=Supersoft

Issuer:
CN=Supersoft

Serial number:
6B50254A40C7CFB14A405056B8F04272

File PE Metadata
Compilation timestamp:
9/5/2013 7:11:11 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
768:K21f6aYiQQ991l55e0M3fxmM88sc2iNI5Fruis5Xk9Z8H+mkn/mQb:zf1P71TM3fxmM87XiyOtXKZm+mkn/Lb

Entry address:
0x11136

Entry point:
E9, C5, 1E, 00, 00, E9, 40, 0F, 00, 00, E9, EB, 30, 00, 00, E9, C8, 20, 00, 00, E9, B7, 20, 00, 00, E9, FC, 0A, 00, 00, E9, D7, 01, 00, 00, E9, 94, 36, 00, 00, E9, EE, 31, 00, 00, E9, 62, 30, 00, 00, E9, 53, 0C, 00, 00, E9, A6, 20, 00, 00, E9, 86, 30, 00, 00, E9, DD, 30, 00, 00, E9, 65, 36, 00, 00, E9, 47, 31, 00, 00, E9, A5, 20, 00, 00, E9, A6, 20, 00, 00, E9, 51, 29, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC...
 
[+]

Developed / compiled with:
Microsoft Visual C++ 8.0 (Debug)

Code size:
18 KB (18,432 bytes)

Remove svchost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.