home

svchost.exe

Ammyy Admin

Ammyy

The application svchost.exe by Ammyy has been detected as adware by 25 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Ammyy Admin”. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS.
Publisher:
Ammyy LLC  (signed by Ammyy)

Product:
Ammyy Admin

Version:
3.2

MD5:
3cf537f0598ec4add06e27bfa8799793

SHA-1:
af4953fc4c69e5e9aecb5ca3345a4da51f25f881

Scanner detections:
25 / 68

Status:
Adware

Analysis date:
4/19/2024 3:32:15 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11035611
858

AhnLab V3 Security
Unwanted/Win32.RemoteAdmin
14.05.03

AVG
RemoteAdmin
2015.0.3486

Baidu Antivirus
Hacktool.Win32.RemoteAdmin
4.0.3.14929

Bitdefender
Trojan.Generic.11035611
1.0.20.1360

Dr.Web
Program.RemoteAdmin.701
9.0.1.0123

Emsisoft Anti-Malware
Trojan.Generic.11035611
8.14.09.29.05

ESET NOD32
Win32/RemoteAdmin.Ammyy (variant)
8.9752

Fortinet FortiGate
Riskware/Ammyy
9/29/2014

F-Secure
Trojan.Generic.11035611
11.2014-29-09_2

G Data
Trojan.Generic.11035611
14.9.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.177.12041

Kaspersky
not-a-virus:RemoteAdmin.Win32.Ammyy
14.0.0.3924

McAfee
Artemis!0ECDB503FCA9
5600.6992

MicroWorld eScan
Trojan.Generic.11035611
15.0.0.816

NANO AntiVirus
Riskware.Win32.RemoteAdmin.cvflri
0.28.0.59608

nProtect
Trojan.Generic.11035611
14.05.12.01

Panda Antivirus
Trj/CI.A
14.09.29.05

Qihoo 360 Security
Win32/Virus.RemoteAdmin.f90
1.0.0.1015

Reason Heuristics
PUP.Service.Ammyy.H
14.9.30.13

Rising Antivirus
PE:Malware.Ammyy!6.1139
23.00.65.14501

Sophos
Generic PUA EK
4.98

Trend Micro House Call
TROJ_GEN.R0C1H07BC14
7.2.272

VIPRE Antivirus
Remote-Access.Win32.Ammyy
29128

File size:
738.3 KB (755,992 bytes)

Product version:
3.2

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\system\svchost.exe

Digital Signature
Signed by:
Ammyy

Authority:
VeriSign, Inc.

Valid from:
11/12/2012 3:30:00 AM

Valid to:
12/13/2013 3:29:59 AM

Subject:
CN=Ammyy, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ammyy, L=Moscow, S=Russian Federation, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
18CA484C639D98F0F877B32777CF778D

File PE Metadata
Compilation timestamp:
10/28/2013 11:48:44 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:lzJUxbtiiTHRJuEkQO7EwC2ZwFRtAdRXRryd+sq1zSgM:l9oNTHRz/O7rT6FRteRXR2IsqBM

Entry address:
0x7945E

Entry point:
55, 8B, EC, 6A, FF, 68, F0, 46, 48, 00, 68, 00, 96, 47, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 9C, 03, 48, 00, 59, 83, 0D, C8, FC, 4A, 00, FF, 83, 0D, CC, FC, 4A, 00, FF, FF, 15, A0, 03, 48, 00, 8B, 0D, B0, FC, 4A, 00, 89, 08, FF, 15, A4, 03, 48, 00, 8B, 0D, AC, FC, 4A, 00, 89, 08, A1, A8, 03, 48, 00, 8B, 00, A3, C4, FC, 4A, 00, E8, 30, 52, FB, FF, 39, 1D, E0, 85, 4A, 00, 75, 0C, 68, 2A, 96, 47, 00, FF, 15, 10, 05...
 
[+]

Entropy:
6.5914

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
508 KB (520,192 bytes)

Service
Display name:
Ammyy Admin

Service name:
AmmyyAdmin

Type:
Win32OwnProcess


Remove svchost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.