» svchost.exe
Overview
Analysis
File Details
Behaviors (1)

svchost.exe

AlwaysUpService

Core Technologies Consulting, LLC

It runs as a separate (within the context of its own process) windows Service named “Java Updater”.

File name:

svchost.exe

Publisher:

Core Technologies Consulting, LLC (signed and verified)

Product:

AlwaysUpService

Version:

8, 0, 7, 65

MD5:

1b995441a1d07c594bc1b8d82f20929d

SHA-1:

96b8e99caeb4c77cf1ee88fb83586d53aab929d8

SHA-256:

66e7676535db505fbb876840e677631ca0b8b5d81b79c08de6b3ed3da2e14589

Scanner detections:

5 / 68

Status:

Clean (5 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/18/2024 12:42:24 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Packed/PECompact

7.1.1

Bkav FE

W32.Clod3df.Trojan

1.3.0.4959

IKARUS anti.virus

not-a-virus:RiskTool.Win32

t3scan.1.7.8.0

Kaspersky

not-a-virus:RiskTool.Win32.AlwaysUp

14.0.0.2363

Trend Micro House Call

Suspicious_GEN.F47V0914

7.2.70

File size:

674 KB (690,208 bytes)

Product version:

8, 0, 7, 65

Original file name:

AlwaysUpService.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\windows\ehome\svchost.exe

Digital Signature

Signed by:

Core Technologies Consulting, LLC

Authority:

COMODO CA Limited

Valid from:

3/9/2012 1:00:00 AM

Valid to:

3/10/2017 12:59:59 AM

Subject:

CN="Core Technologies Consulting, LLC", O="Core Technologies Consulting, LLC", STREET=7028-B Thornhill Drive, L=Oakland, S=CA, PostalCode=94611, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00D00935DF99CBA1C55CAFE1BFAB858701

File PE Metadata

Compilation timestamp:

8/4/2012 1:44:43 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

9.0

CTPH (ssdeep):

12288:1CosLrtRbBmDsq5JN6Rnd2wJUUkJ8TwHJoqqVM93qw:1Co61gr6FdRLTwH6PM93qw

Entry address:

0x1000

Entry point:

B8, 80, 8F, 61, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, CA, 04, 41, 2D, 2A, 8E, D3, D7, 6E, 00, 59, CA, EC, DC, A4, D5, 47, 82, B7, 9A, 30, 32, 55, 1C, 81, CE, FF, E3, E5, 17, 1D, BC, D3, 07, E0, A4, C6, BC, 07, 44, 87, 61, E5, 76, 72, A9, FA, 1E, A7, 8B, AB, 35, A5, 78, C7, A6, 10, 74, 4C, DC, C1, 1F, D1, 43, 4F, 7F, AD, 7D, 1E, 93, 29, 82, 8A, CE, 81, D2, CC, 1B, 09, 68, A4, 16, 63, F3, 0A, 05, 65, 66, 55, 3A, F1, 2B, 68... 
[+]

Packer / compiler:

PECompact v2

Code size:

1.4 MB (1,518,080 bytes)

Service

Display name:

Java Updater

Service name:

Bios

Description:

Prefetches JRE files for faster startup of Java applets and applications

Type:

Win32OwnProcess

Scan svchost.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.