home

svchost.exe

Copyright © Windows 2014

Windows

The executable svchost.exe has been detected as malware by 5 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Windows’. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS.
Publisher:
Windows

Product:
Copyright © Windows 2014

Description:
Windows

Version:
5.6.7.8

MD5:
86d5892a6127003759e68091d7b79a22

SHA-1:
e9a4d4a00994a1db31479be599cf5cfdefad0437

SHA-256:
e60867ef1d3bda0409968d2331c8dd6acd00f4191fe45b41dd9b33dadeb69604

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
4/25/2024 9:00:57 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.Gen
7.11.144.234

avast!
Win32:Malware-gen
2014.9-140423

Baidu Antivirus
Trojan.MSIL.Injector
4.0.3.14423

ESET NOD32
MSIL/Injector.CVS (variant)
8.9711

Qihoo 360 Security
Malware.QVM03.Gen
1.0.0.1015

File size:
277.5 KB (284,160 bytes)

Product version:
5.6.7.8

Copyright:
Copyright © Windows 2014

Trademarks:
Copyright ©

Original file name:
system.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\installdir\svchost.exe

File PE Metadata
Compilation timestamp:
4/11/2014 8:38:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:n9EEgnel1+S7ArBdvpNrKPA6Bl5NV3+OKMj/Y/83LkfbzDWVX2CaehvSWcNITo2a:SNcAC/3+vPmLab3e62E28YTPM61Hq/

Entry address:
0x46A7E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.1882

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
275 KB (281,600 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Windows

Command:
C:\windows\installdir\svchost.exe


Remove svchost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.