» svchost.exe
Overview
Analysis
File Details
Behaviors (1)

svchost.exe

Select'Assistance Pro

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Sidebar(x34) Build18’.

File name:

svchost.exe

Publisher:

Microsoft® Windows® Operating System (signed by Select'Assistance Pro)

Product:

Microsoft® Windows® Operating System

Description:

svchost.exe

Version:

6.2.9200.16420

MD5:

2fad448ab685ca2fbde172cce8d5162e

SHA-1:

f781e40d56b743a09addc6235f358df94364c1d0

SHA-256:

720e5cce19e52830adc42f793b33b829edd3fdab6060bebb3302bc314584feba

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 3:17:15 AM UTC (today)

File size:

306.2 KB (313,528 bytes)

Product version:

6.2.9200.16420

Trademarks:

Microsoft Fonction Basic

Original file name:

f.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\programme files(x34)build18\svchost.exe

Digital Signature

Signed by:

Select'Assistance Pro

Authority:

DigiCert Inc

Valid from:

4/3/2014 1:00:00 AM

Valid to:

4/7/2017 1:00:00 PM

Subject:

CN=Select'Assistance Pro, O=Select'Assistance Pro, L=Strasbourg, C=FR

Issuer:

CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

06CE209477F1AC19A2049BDC5846A831

File PE Metadata

Compilation timestamp:

4/8/2014 11:06:37 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:hlBwBm+2I0ehvzlCt/ow7bjJFpGu1sxg7q:hlKBF0WvRuZ75FQksxg7q

Entry address:

0x47BAE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, E1, 24, D4, 6D, 35, 68, 97, 35, 84, E1, 7D, 9B, 0A, F1, 2A, 7E, 9E, 4C, 82, 9F, 4D, 01, E2, CF, F6, 51, C9, 05, AE, 90, AB, F7, E7, 88, B5, 03, D6, E4, 5B, 6F, 3E, 01, 6E, 86, 9E, AA... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

279 KB (285,696 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Sidebar(x34) Build18

Command:

C:\users\{user}\appdata\roaming\programme files(x34)build18\svchost.exe

Scan svchost.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.