» d64bf2b6b86f3c9faef29dbc5f7c7200.pe
Overview
Analysis
File Details

d64bf2b6b86f3c9faef29dbc5f7c7200.pe

Generic Host Process for Win32 Services

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The file d64bf2b6b86f3c9faef29dbc5f7c7200.pe, “Generic Host Process for Win32 Services” has been detected as malware by 40 anti-virus scanners.

File name:

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Microsoft® Windows® Operating System

Description:

Generic Host Process for Win32 Services

Version:

5.1.2600.0

MD5:

d64bf2b6b86f3c9faef29dbc5f7c7200

SHA-1:

908a0adbf23fe6ad9b09ea021a3110594aaef591

SHA-256:

6e89cb6c132bfc04c8591dc7f5d28830ec93b6a84d27882b0162851cf2c56d0f

Scanner detections:

40 / 68

Status:

Malware

Analysis date:

4/24/2024 8:50:55 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Trojan.Heur.ES3bXyk@JYfi

658

Agnitum Outpost

Backdoor.Udr

7.1.1

AhnLab V3 Security

Trojan/Win32.Udr

2015.04.09

Avira AntiVirus

BDS/Udr.A

3.6.1.96

avast!

Win32:Trojan-gen

2014.9-150418

AVG

BackDoor.Generic7

2016.0.3136

Baidu Antivirus

Trojan.Win32.Agent

4.0.3.15418

Bitdefender

Gen:Trojan.Heur.ES3bXyk@JYfi

1.0.20.540

Bkav FE

W32.GenericYafrB.Trojan

1.3.0.6379

Clam AntiVirus

Trojan.Udr

0.98/21511

Comodo Security

Backdoor.Win32.Agent.~APN

21697

Dr.Web

BackDoor.Udr.1

9.0.1.0108

Emsisoft Anti-Malware

Gen:Trojan.Heur.ES3bXyk@JYfi

8.15.04.18.08

ESET NOD32

Win32/Agent.UDR

9.11445

Fortinet FortiGate

Riskware/Generic.AC.1329

4/18/2015

F-Prot

W32/BackdoorX.GMX

v6.4.7.1.166

F-Secure

Backdoor:W32/Udr.gen!A

11.2015-18-04_7

G Data

Gen:Trojan.Heur.ES3bXyk@JYfi

15.4.25

IKARUS anti.virus

Backdoor.Win32.Udr

t3scan.1.8.9.0

K7 AntiVirus

Riskware

13.202.15530

Kaspersky

Backdoor.Win32.Udr

14.0.0.2173

Malwarebytes

Trojan.Dropper

v2015.04.18.08

McAfee

Suspect-BN!D64BF2B6B86F

5600.6792

Microsoft Security Essentials

Backdoor:Win32/Small

1.1.11502.0

MicroWorld eScan

Gen:Trojan.Heur.ES3bXyk@JYfi

16.0.0.324

NANO AntiVirus

Trojan.Win32.Udr.csnpza

0.30.10.952

Norman

Udr.A

11.20150418

Panda Antivirus

Dialer.CKP

15.04.18.08

Qihoo 360 Security

Win32/Backdoor.ba3

1.0.0.1015

Quick Heal

Backdoor.Small.MUE.A11

4.15.14.00

Rising Antivirus

PE:Backdoor.Win32.Udr!1173780587

23.00.65.15416

Sophos

Mal/Bckdr-G

4.98

SUPERAntiSpyware

Trojan.Gen-AgentUDR

9928

Total Defense

Win32/BackMan.A

37.0.11539

Trend Micro House Call

BKDR_NEWHEUR.IZ

7.2.108

Trend Micro

BKDR_NEWHEUR.IZ

10.465.18

Vba32 AntiVirus

OScope.Backdoor.Udr

3.12.26.3

VIPRE Antivirus

Backdoor.Win32.Udr

39184

ViRobot

Backdoor.Win32.Udr.692018[h]

2014.3.20.0

Zillya! Antivirus

Trojan.Udr.Win32.1

2.0.0.2132

File size:

486.2 KB (497,866 bytes)

Product version:

5.1.2600.0

Original file name:

svchost.exe

Language:

English (United States)

Common path:

C:\users\{user}\downloads\d64bf2b6b86f3c9faef29dbc5f7c7200.pe

File PE Metadata

Compilation timestamp:

12/14/2003 7:57:12 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.50

CTPH (ssdeep):

6144:MRAhhJxX7bNIAROzTua3Wx3uYxDAg7teJoyHPVZNPYTCOw6UpFi0cC6BOOwV3nPF:UsAAPaieoAi0oyHNEpw62ikjOuUn6qVS

Entry address:

0x32001

Entry point:

60, E8, 72, 05, 00, 00, EB, 33, 87, DB, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 20, 03, 00, 00, 00, 40, 00, 00, E0, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 10, 03, 00, BB, 3C, 39, 44, 00, 03, DD, 2B, 9D, 60, 39, 44, 00, 83, BD, 98, 47, 44, 00, 00, 89, 9D, 98, 47, 44, 00, 0F, 85, 81, 04, 00, 00, 8D, 85, A0, 47, 44, 00, 50, FF, 95, AC, 48, 44, 00, 89, 85, 9C, 47, 44, 00, 8B, F8, 8D, 9D, AD, 47, 44, 00, 53, 50, FF, 95, A8, 48, 44, 00, 89, 85... 
[+]

Entropy:

7.9860

Packer / compiler:

ASPack v2.1

Code size:

63 KB (64,512 bytes)

Remove d64bf2b6b86f3c9faef29dbc5f7c7200.pe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.