svchost.exe

Catalyst Control Center

ATI Technologies.

The executable svchost.exe, “Catalyst Center: Host application” has been detected as malware by 6 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘svchost.exe’. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS.
Remove svchost.exe - Powered by Reason Core Security
Publisher:
ATI Technologies.

Product:
Catalyst Control Center

Description:
Catalyst Center: Host application

Version:
4.4.0.0

MD5:
689500411346f4cbfa09bebb5d2a55ad

SHA-1:
86be4a69de3ca00d4a2b26b70ad8fb05cbc89166

SHA-256:
0ded72d78da67e84ae16557b794d40dbd3525541dd18ad08a63eafcc19372653

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
12/5/2016 1:37:03 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Changeling.A.1193
7.11.139.0

avast!
Win32:Malware-gen
2014.9-140610

AVG
Autoit_c
2015.0.3447

G Data
Win32.Trojan.Agent.CEXY9Y
14.6.24

Kaspersky
Trojan.Win32.Reconyc
14.0.0.3732

Qihoo 360 Security
HEUR/Malware.QVM10.Gen
1.0.0.1015

Remove svchost.exe - Powered by Reason Core Security
File size:
2 MB (2,123,413 bytes)

Product version:
4.5.0.0

Copyright:
2012-2014

Original file name:
CeC.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\roaming\svchost.exe

File PE Metadata
Compilation timestamp:
3/7/2010 6:08:39 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:BfmMv6Cvr7+nyHQSMLNtzoDEUJRfnjLL9nvsxfUbBqpt6tcNTbQj4HTyA27gK:B3vF7RHQHLH8Tfjn9APUtcNgj4zk

Entry address:
0x16310

Entry point:
E8, A7, C0, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A4, 01, 00, 00, 81, F9, 00, 01, 00, 00, 72, 1F, 83, 3D, E0, 94, 4A, 00, 00, 74, 16, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 08, 5E, 5F, 5D, E9, 65, 04, 00, 00, F7, C7, 03, 00, 00, 00, 75, 15, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 2A, F3, A5, FF, 24, 95, 94, 64, 41, 00, 90, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C...
 
[+]

Entropy:
7.3417

Code size:
512.5 KB (524,800 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
svchost.exe

Command:
"C:\users\{user}\appdata\roaming\svchost.exe"


Remove svchost.exe - Powered by Reason Core Security