» svchost.exe
Overview
Analysis
File Details

svchost.exe

face

The executable svchost.exe has been detected as malware by 20 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS.

File name:

svchost.exe

Product:

face

Version:

1, 0, 0, 1

MD5:

bf0f5c2e06659c00ec4556f470a56c6d

SHA-1:

8bf45799939e903bef7917444bec1dfad7e41635

SHA-256:

aa8bf038788bfc4edbf9d7976bf9c6813b7f96ffb6ddad3f317a03663a3ca35d

Scanner detections:

20 / 68

Status:

Malware

Analysis date:

4/19/2024 5:21:46 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Agent.BDZP

918

AhnLab V3 Security

Dropper/Win32.Necurs

2014.07.15

Avira AntiVirus

TR/Crypt.ZPACK.66333

7.11.160.182

AVG

Downloader.Generic13

2015.0.3396

Bitdefender

Trojan.Agent.BDZP

1.0.20.1060

Dr.Web

Trojan.DownLoad3.28912

9.0.1.0212

ESET NOD32

Win32/Injector.BHUB (variant)

8.10094

Fortinet FortiGate

W32/Androm.EOMW!tr.bdr

7/31/2014

F-Secure

Trojan.Agent.BDZP

11.2014-31-07_5

G Data

Trojan.Agent.BDZP

14.7.24

IKARUS anti.virus

Backdoor.Win32.Androm

t3scan.1.6.1.0

Kaspersky

Backdoor.Win32.Androm

14.0.0.3477

Malwarebytes

Trojan.Kelihos

v2014.07.31.02

McAfee

Artemis!BF0F5C2E0665

5600.7052

Microsoft Security Essentials

Trojan:Win32/Malagent!gmb

1.10701

MicroWorld eScan

Trojan.Agent.BDZP

15.0.0.636

NANO AntiVirus

Trojan.Win32.Hlux.dcfoch

0.28.0.60698

Panda Antivirus

Trj/Genetic.gen

14.07.31.02

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

Suspicious_GEN.F47V0713

7.2.212

File size:

96.1 KB (98,382 bytes)

Product version:

1, 0, 0, 1

Original file name:

face.exe

File type:

Executable application (Win64 EXE)

Language:

Turkish (Turkey)

Common path:

C:\users\{user}\appdata\local\temp\svchost.exe

File PE Metadata

Compilation timestamp:

7/9/2014 10:59:55 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

1.0

CTPH (ssdeep):

1536:R9WIRNOUzuKW3IMHXCGs7JcY8Gcs6enIZFCiqo:RQIHOCLW4GCGs7JFXcsDnCFCxo

Entry address:

0x5736

Entry point:

4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, F8, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.4470

Code size:

24 KB (24,576 bytes)

Remove svchost.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.