» svchost.exe
Overview
Analysis
File Details
Behaviors (1)

svchost.exe

Generic Host Process for Win32 Services

Microsoft Corporation

The executable svchost.exe, “Generic Host Process for Win32 Services” has been detected as malware by 31 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “Power Manager”. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS.

File name:

svchost.exe

Publisher:

Microsoft Corporation

Product:

Microsoft® Windows® Operating System

Description:

Generic Host Process for Win32 Services

Version:

5.1.0.0

MD5:

71e1837f14cff68c7dac46418e160201

SHA-1:

e341d1c74321f01d9a367d285ab69fefdf88335e

Scanner detections:

31 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/25/2024 9:59:04 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win32/Hidrag

2011.05.29

Avira AntiVirus

W32/Jeefo.A

7.11.8.161

avast!

Win32:Hidrag

2014.9-140725

AVG

Win32/Hidrag.A

2015.0.3403

Bitdefender

Win32.Jeefo.B

1.0.20.1030

Clam AntiVirus

W32.Jeefo-3

0.98/18011

Comodo Security

Win32.Jeefo.A

8871

Dr.Web

Win32.HLLP.Jeefo.36352

9.0.1.05190

Emsisoft Anti-Malware

Win32.Jeefo

11.5.0.6191

ESET NOD32

Win32/Jeefo.A virus

8.0.319.0

Fortinet FortiGate

W32/Jeefo.A

7/25/2014

F-Prot

W32/Jeefo.A

4.6.5.141

F-Secure

Win32.Jeefo.B

5.15.96

G Data

Win32.Jeefo

14.7.22

IKARUS anti.virus

Virus.Win32.Hidrag

t3scan.1.1.104.0

K7 AntiVirus

Virus

13.104.4734

Kaspersky

Virus.Win32.Hidrag

15.0.0.562

McAfee

W32/Jeefo

5600.7059

Microsoft Security Essentials

Virus:Win32/Jeefo.I

1.163.1557.0

Norman

Win32.Jeefo.B

19.05.2016 05:17:13

nProtect

Win32.Jeefo.B

11.05.28.01

Panda Antivirus

W32/Jeefo.A.drp

14.07.25.08

Quick Heal

W32.Jeefo.A

7.14.11.00

Reason Heuristics

Threat.Win.Reputation.IMP

14.7.25.8

Rising Antivirus

Dropper.Win32.Undef.ccq

23.00.65.14723

Sophos

W32/Jeefo-A

4.65

Trend Micro House Call

TROJ_FLOOD.AF

7.2.206

Trend Micro

TROJ_FLOOD.AF

10.465.25

Vba32 AntiVirus

Win32.HLLP.Jeefo

3.12.16.0

VIPRE Antivirus

Jeefo

9417

ViRobot

Win32.Hidrag

2011.5.28.4484

File size:

35.5 KB (36,352 bytes)

Product version:

5.1.0.0

Original file name:

svchost.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\windows\svchost.exe

File PE Metadata

Compilation timestamp:

8/24/2001 7:30:00 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.55

CTPH (ssdeep):

768:tkWumaoDu3hAyN95/KTSZsOTb/Kc6H0anc6HEvT66vlm3GWBk5hr2C56r:amaoDu3BN95/g4byc6H5c6HcT66vlm3j

Entry address:

0x11F0

Entry point:

55, 89, E5, 83, EC, 08, 83, C4, F4, 6A, 02, A1, C8, B2, 40, 00, FF, D0, E8, 79, FF, FF, FF, C9, C3, 00, 00, 00, 00, 00, 00, 00, 49, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0F, 21, 77, 6A, 73, 76, 74, 2F, 21, 43, 70, 73, 6F, 21, 6A, 6F, 21, 62, 21, 75, 73, 70, 71, 6A, 64, 62, 6D, 21, 74, 78, 62, 6E, 71, 2F, 00, 5C, 00, 20, 00, 22, 00, 8D, 76, 00, 55, 89, E5, 8B, 4D, 08, 8B, 55, 0C, 31, C0, 39, D0, 73, 08, 00, 04, 08, 40, 39, D0, 72, F8, C9, C3, 8D, 76, 00, 55, 89, E5, 8B, 4D, 08, 8B, 55, 0C, 31, C0, 39... 
[+]

Entropy:

5.9777

Packer / compiler:

Video-Lan-Client

Code size:

32.5 KB (33,280 bytes)

Service

Display name:

Power Manager

Service name:

PowerManager

Description:

Manages the power save features of the computer.

Type:

Win32OwnProcess

Remove svchost.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.