home

svchost.exe

The executable svchost.exe has been detected as malware by 37 anti-virus scanners. This is a setup program which is used to install the application. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS. The file has been seen being downloaded from minecraft-alex.ru.
MD5:
9d2890095ea235d8c6d7e7927b75615d

SHA-1:
8f244e5c302ab84d581b179747fd5c654796c1d4

SHA-256:
06062b7db408e33a39704e1ae2640b7589109cb3ec566bbaced3c5177d6a9fd2

Scanner detections:
37 / 68

Status:
Malware

Analysis date:
4/26/2024 1:49:57 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Barys.7348
384

Agnitum Outpost
Trojan.RatJn.Gen.MG
7.1.1

AhnLab V3 Security
Trojan/Win32.Generic
2015.12.15

Avira AntiVirus
TR/ATRAPS.Gen
8.3.2.4

Arcabit
Trojan.Barys.D1CB4
1.0.0.629

avast!
MSIL:Agent-CTT [Trj]
2014.9-160117

AVG
PSW.ILUSpy
2017.0.2862

Baidu Antivirus
Trojan.Win32.Generic
4.0.3.16117

Bitdefender
Gen:Variant.Barys.7348
1.0.20.85

Clam AntiVirus
Win.Backdoor.Bladabindi-1
0.98/21511

Comodo Security
TrojWare.MSIL.Bladabindi.KX
23764

Dr.Web
Trojan.DownLoader10.29092
9.0.1.017

Emsisoft Anti-Malware
Gen:Variant.Barys.7348
8.16.01.17.10

ESET NOD32
MSIL/Bladabindi.AS (variant)
10.12719

Fortinet FortiGate
MSIL/Agent.PPV!tr
1/17/2016

F-Prot
W32/MSIL_Bladabindi.A2.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Barys.7348
11.2016-17-01_1

G Data
Gen:Variant.Barys.7348
16.1.25

IKARUS anti.virus
Trojan.Msil
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.18097

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.803

Malwarebytes
Trojan.Agent.MSIL
v2016.01.17.10

McAfee
BackDoor-NJRat!9D2890095EA2
5600.6518

Microsoft Security Essentials
Backdoor:MSIL/Bladabindi.AJ
1.1.12300.0

MicroWorld eScan
Gen:Variant.Barys.7348
17.0.0.51

NANO AntiVirus
Trojan.Win32.DownLoader10.ctopxm
1.0.10.5081

Panda Antivirus
Trj/CI.A
16.01.17.10

Qihoo 360 Security
Win32/Trojan.81a
1.0.0.1077

Quick Heal
Backdoor.Bladabindi.AL3
1.16.14.00

Rising Antivirus
PE:Backdoor.MSIL.Bladabindi!1.9E49 [F]
23.00.65.16115

Sophos
Mal/Bbindi-C
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Barys
9380

Trend Micro House Call
BKDR_BLADABI.SMC
7.2.17

Trend Micro
BKDR_BLADABI.SMC
10.465.17

VIPRE Antivirus
Backdoor.MSIL.Bladabindi.a
45826

ViRobot
Trojan.Win32.S.Agent.29184.AWM[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Bladabindi.Win32.15117
2.0.0.2561

File size:
28.5 KB (29,184 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\svchost.exe

File PE Metadata
Compilation timestamp:
8/9/2015 9:03:36 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:64Th+4r5Y5gMiufvF+BTzSp4Yx/ll/EgTx/pxn3//q0LE2hYmbicoxwiaevLjnJ:6AVr5OykvcB2tNEG/ptq0LQmbsFv

Entry address:
0x891E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
26.5 KB (27,136 bytes)

The file svchost.exe has been seen being distributed by the following URL.

http://minecraft-alex.ru/.../svchost.exe

Remove svchost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.