home

svchost.exe

nslookup

Jiajie Yin

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application svchost.exe by Jiajie Yin has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS.
Publisher:
Microsoft Corporation  (signed by Jiajie Yin)

Product:
Microsoft® Windows® Operating System

Description:
nslookup

Version:
6.2.9200.16384 (win8_rtm.120725-1247)

MD5:
7d03fb594a240057de93c930c8dc2909

SHA-1:
c391c31d192440c86efb34e51376de13c03587c3

SHA-256:
0334ce9fee7a6bfebd51a3cd05e6f385fe16d115abe4291c6c968f13be975bcb

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/25/2024 12:12:11 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.JiajieYin (M)
16.2.1.9

File size:
339.6 KB (347,760 bytes)

Product version:
6.2.9200.16384

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
nslookup.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\win\svchost.exe

Digital Signature
Signed by:
Jiajie Yin

Authority:
WoSign CA Limited

Valid from:
5/14/2014 12:46:39 PM

Valid to:
5/15/2015 12:46:39 PM

Subject:
CN=Jiajie Yin, E=cpa.baidu@gmail.com, L=桂林市, S=广西壮族自治区, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
3F13D1662B5F2172EF525E77D131CC4E

File PE Metadata
Compilation timestamp:
7/20/2014 4:53:05 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:NW1WjXYNUvXGEyr5shFMRylLg4oXQUNE5p+5bwN3aXr/yVWpcMv:NW12NfGPrqB/Ut8N3uTKg

Entry address:
0x2A773

Entry point:
E8, 94, B3, 00, 00, E9, 17, FE, FF, FF, 6A, 0C, 68, E0, E5, 44, 00, E8, EF, 79, 00, 00, 8B, 4D, 08, 33, FF, 3B, CF, 76, 2E, 6A, E0, 58, 33, D2, F7, F1, 3B, 45, 0C, 1B, C0, 40, 75, 1F, E8, 85, 4B, 00, 00, C7, 00, 0C, 00, 00, 00, 57, 57, 57, 57, 57, E8, 59, ED, FF, FF, 83, C4, 14, 33, C0, E9, D5, 00, 00, 00, 0F, AF, 4D, 0C, 8B, F1, 89, 75, 08, 3B, F7, 75, 03, 33, F6, 46, 33, DB, 89, 5D, E4, 83, FE, E0, 77, 69, 83, 3D, FC, 25, 45, 00, 03, 75, 4B, 83, C6, 0F, 83, E6, F0, 89, 75, 0C, 8B, 45, 08, 3B, 05, EC, 25...
 
[+]

Code size:
268 KB (274,432 bytes)

Remove svchost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.