» svchost..exe
Overview
Analysis
File Details
Behaviors (1)

svchost..exe

WindowsFormsApplication5

The executable svchost..exe, “Host Process for Windows Services” has been detected as malware by 35 anti-virus scanners.

File name:

svchost..exe

Publisher:

Microsoft* (Invalid match)

Product:

WindowsFormsApplication5

Description:

Host Process for Windows Services

Version:

1.0.0.0

MD5:

4b8e83a0ce362a84cf2e3d40a59149be

SHA-1:

e2c3b0dcd2186d2924958b80e627dfe79ce87a9d

SHA-256:

a5857348283363605bcf0416ab08db74c4ec278b3929951b2dc2b00efaa1c329

Scanner detections:

35 / 68

Status:

Malware

Analysis date:

5/4/2024 12:52:05 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Worm.Agent

7.1.1

AhnLab V3 Security

Win32/Agent.worm.102400.K

2013.11.09

Avira AntiVirus

TR/Spy.Gen8

7.11.112.66

avast!

Win32:Malware-gen

2014.9-170315

AVG

Worm/Generic2

2018.0.2438

Baidu Antivirus

Trojan.MSIL.Agent

4.0.3.17315

Bitdefender

Trojan.Generic.9025006

1.0.20.370

Clam AntiVirus

Win.Worm.Msil

0.98/18155

Comodo Security

Worm.MSIL.Agent.AY

17237

Dr.Web

Trojan.Siggen3.17171

9.0.1.074

Emsisoft Anti-Malware

Trojan.Generic.9025006

8.17.03.15.02

ESET NOD32

MSIL/Agent.AY

11.9024

Fortinet FortiGate

MSIL/Agent.QBS!tr

3/15/2017

F-Prot

W32/MSIL_Agent.K.gen

v6.4.7.1.166

F-Secure

Trojan.Generic.9025006

11.2017-15-03_4

G Data

Trojan.Generic.9025006

17.3.22

IKARUS anti.virus

Worm.Win32.Msil

t3scan.2.0.127

K7 AntiVirus

Riskware

13.173.10137

Kaspersky

Trojan.MSIL.Agent

14.0.0.-1313

Malwarebytes

Trojan.MSIL

v2017.03.15.02

McAfee

Generic Malware.og!ats

5600.6094

Microsoft Security Essentials

Worm:MSIL/Necast.F

1.163.1557.3

MicroWorld eScan

Trojan.Generic.9025006

18.0.0.222

Norman

Smallworm.EIRO

11.20170315

nProtect

Trojan/W32.Agent.1220608.CN

13.11.08.01

Panda Antivirus

Trj/Sinowal.WWG

17.03.15.02

Quick Heal

Worm.Necast.A3

3.17.12.00

Sophos

W32/Palevo-BZ

4.94

SUPERAntiSpyware

Worm.Necast

8534

Total Defense

Win32/Gampass.AD

37.0.10498

Trend Micro House Call

TROJ_SPNR.03JH11

7.2.74

Trend Micro

TROJ_SPNR.03JH11

10.465.15

Vba32 AntiVirus

Worm.MSIL.Agent

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

23174

ViRobot

Worm.Win32.Agent.843280

2011.4.7.4223

File size:

1.2 MB (1,220,608 bytes)

Product version:

1.0.0.0

Original file name:

WindowsFormsApplication5.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\svchost..exe

File PE Metadata

Compilation timestamp:

5/5/2011 8:39:19 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

Entry address:

0x516E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.5894

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

12.5 KB (12,800 bytes)

User Start Menu Item

Name:

svchost..exe

Remove svchost..exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.