» svchost.exe
Overview
Analysis
File Details

svchost.exe

Microsoft.net

The executable svchost.exe has been detected as malware by 27 anti-virus scanners. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS.

File name:

svchost.exe

Publisher:

Microsoft.net

Product:

Microsoft.net

Version:

5.0.0.0

MD5:

d50599583527df8443fc9776c6ae08af

SHA-1:

a633ea13bd02a5ff7f03422019d563cf3ad1a4f4

SHA-256:

8469160321f013b2cbd2ca216289070a4aaefccd83637a243fdd2c62241b4408

Scanner detections:

27 / 68

Status:

Malware

Analysis date:

4/26/2024 9:52:23 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Heur.MSIL.Krypt.2

800

Agnitum Outpost

Trojan.Agent

7.1.1

AhnLab V3 Security

Trojan/Win32.Generic

2014.11.22

Avira AntiVirus

TR/Dropper.Gen

7.11.188.16

avast!

MSIL:KillAV-B [Trj]

2014.9-141126

AVG

Dropper.Generic8

2015.0.3278

Bitdefender

Gen:Heur.MSIL.Krypt.2

1.0.20.1650

Clam AntiVirus

WIN.Trojan.Agent-320776

0.98/21511

Dr.Web

BackDoor.Bladabindi.25

9.0.1.0330

Emsisoft Anti-Malware

Gen:Heur.MSIL.Krypt

8.14.11.26.01

ESET NOD32

MSIL/Spy.Agent.QN (variant)

8.10760

Fortinet FortiGate

MSIL/Agent.NRZX!tr

11/26/2014

F-Secure

Gen:Heur.MSIL.Krypt.2

11.2014-26-11_4

G Data

Gen:Heur.MSIL.Krypt

14.11.24

IKARUS anti.virus

Worm.Win32.Msil

t3scan.1.8.3.0

K7 AntiVirus

Backdoor

13.185.14098

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.2887

Malwarebytes

Trojan.MSIL

v2014.11.26.01

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi.AT

1.11202

MicroWorld eScan

Gen:Heur.MSIL.Krypt.2

15.0.0.990

NANO AntiVirus

Trojan.Win32.DownLoader11.dbipcq

0.28.6.63474

Norman

Kryptik.STUB

11.20141126

Qihoo 360 Security

Malware.QVM03.Gen

1.0.0.1015

Sophos

Mal/MSIL-BZ

4.98

Vba32 AntiVirus

TScope.Trojan.MSIL

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

34992

Zillya! Antivirus

Trojan.Agent.Win32.356360

2.0.0.1989

File size:

170.1 KB (174,224 bytes)

Product version:

5.0.0.0

Trademarks:

Microsoft.net

Original file name:

Stub.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\microsoft\svchost.exe

File PE Metadata

Compilation timestamp:

3/28/2013 1:46:27 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:LA1wctAHKZRX9k8KvdoItwUeQzpnGlRuu4KXIzPCyZXK0lNOzzzzzYZt1xrWt8:M1ltAHKZRX9YmuVeopnGh4zRZ/FZR88

Entry address:

0x2B842

Entry point:

FF, 25, 50, B8, 42, 00, 00, 00, 00, 00, 00, 00, 00, 00, 24, B8, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Code size:

166.5 KB (170,496 bytes)

Remove svchost.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.