» svchost_int.exe
Overview
Analysis
File Details
Downloads (4)

svchost_int.exe

G Data FakeAVCleaner

G DATA Software AG

This is a setup program which is used to install the application. The file has been seen being downloaded from public.gdatasoftware.com and multiple other hosts.

File name:

svchost_int.exe

Publisher:

G DATA Software AG (signed and verified)

Product:

G Data FakeAVCleaner

Version:

1.0.0.1

MD5:

2db5d42c3f9a678481aa81f96b70995a

SHA-1:

769d103b5304e2ffea90f2ffc24c68cc48a5da78

SHA-256:

6dbff6dab0a07392798d3b4d0c707af7249e1a069dfe9977279a2359b3c70e14

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/26/2024 7:12:39 PM UTC (today)

Scan engine

Detection

Engine version

F-Prot

W32/Zbot.PM.gen

v6.4.7.1.166

File size:

92 KB (94,200 bytes)

Product version:

1.0.0.1

Original file name:

FakeAVCleaner.exe

File type:

Executable application (Win32 EXE)

Language:

German (Germany)

Common path:

C:\users\{user}\downloads\svchost_int.exe

Digital Signature

Signed by:

G DATA Software AG

Authority:

GlobalSign nv-sa

Valid from:

10/21/2010 2:28:00 PM

Valid to:

10/21/2013 2:27:55 PM

Subject:

E=sign@gdata.de, CN=G DATA Software AG, O=G DATA Software AG, L=Bochum, S=Nordrhein-Westfalen, C=DE

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

0100000000012BCEF5C311

File PE Metadata

Compilation timestamp:

4/7/2011 9:58:16 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

1536:qVZYhg0ODqJDRxhx53iqr/Azb7HPLkAGeIJjTKJkhwU:NfOWDrzrInkAGeIJqkhV

Entry address:

0x1CC8

Entry point:

E8, E2, 25, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, D8, CE, 40, 00, 89, 0D, D4, CE, 40, 00, 89, 15, D0, CE, 40, 00, 89, 1D, CC, CE, 40, 00, 89, 35, C8, CE, 40, 00, 89, 3D, C4, CE, 40, 00, 66, 8C, 15, F0, CE, 40, 00, 66, 8C, 0D, E4, CE, 40, 00, 66, 8C, 1D, C0, CE, 40, 00, 66, 8C, 05, BC, CE, 40, 00, 66, 8C, 25, B8, CE, 40, 00, 66, 8C, 2D, B4, CE, 40, 00, 9C, 8F, 05, E8, CE, 40, 00, 8B, 45, 00, A3, DC, CE, 40, 00, 8B, 45, 04, A3, E0, CE, 40, 00, 8D, 45, 08, A3, EC, CE, 40... 
[+]

Code size:

30.5 KB (31,232 bytes)

The file svchost_int.exe has been seen being distributed by the following 4 URLs.

https://public.gdatasoftware.com/Products/.../svchost.exe

https://public.gdatasoftware.com/Products/.../svchost_int.exe

http://www.gdata.tw/.../svchost.exe

https://www.gdata-software.com/fileadmin/dam_files/mediasync/.../svchost_int.exe

Scan svchost_int.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.