home

svchost.exe

The application svchost.exe has been detected as a potentially unwanted program by 24 anti-malware scanners. The program is a setup application that uses the Self-extracting archive installer, however the file is not signed with an authenticode signature from a trusted source. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS.
MD5:
1d64a6189d773af9f2e9753051195dc3

SHA-1:
5150e5b05b82144cd73612d3888061b142b8a646

SHA-256:
ac23f53010a2a0e5f7950d877324f537a36a5c4af43a6d3c186b689ff9423e1a

Scanner detections:
24 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
4/27/2024 3:48:16 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur2.CaW@baaaaaaab
-40

Arcabit
Application.Heur2.E73340
1.0.0.795

avast!
Win64:Malware-gen
2014.9-170316

Baidu Antivirus
Win32.Trojan.WisdomEyes.16070401.9500
4.0.3.17316

Bitdefender
Gen:Application.Heur2.CaW@baaaaaaab
1.0.20.375

Clam AntiVirus
Win.Trojan.Inject-15717
0.99.211

Dr.Web
Program.BitCoinMiner.3
9.0.1.075

Emsisoft Anti-Malware
Gen:Application.Heur2.CaW@baaaaaaab
8.17.03.16.06

ESET NOD32
Win64/BitCoinMiner.U potentially unsafe (variant)
11.14883

Fortinet FortiGate
Adware/BitCoinMiner
3/16/2017

F-Secure
Gen:Application.Heur2.CaW@baaaaaaab
11.2017-16-03_5

G Data
Gen:Application.Heur2.CaW@baaaaaaab
17.3.25

IKARUS anti.virus
Gen.Application.Heur2
0.1.3.4

K7 AntiVirus
Unwanted-Program
13.2422317

Kaspersky
not-a-virus:RiskTool.Win64.BitCoinMiner
14.0.0.-1316

Malwarebytes
PUP.Optional.BitCoinMiner
v2017.03.16.06

McAfee
RDN/Generic PUP.x
5600.6094

MicroWorld eScan
Gen:Application.Heur2.CaW@baaaaaaab
18.0.0.225

NANO AntiVirus
Riskware.Win64.BitCoinMiner.ejsygo
1.0.70.15039

Qihoo 360 Security
QVM41.1.Malware.Gen
1.0.0.1120

Quick Heal
Risktool.Bitcoinminer
3.17.14.00

Rising Antivirus
Malware.Undefined!8.C-gigiVI8UhvM (cloud)
23.00.65.17314

Trend Micro House Call
HKTL_COINMINE.GB
7.2.75

Trend Micro
HKTL_COINMINE.GB
10.465.16

File size:
1.3 MB (1,325,950 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Self-extracting archive

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\svchost.exe

File PE Metadata
Compilation timestamp:
12/1/2014 10:07:30 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x1D5DB

Entry point:
E8, 85, 63, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 82, FC, FF, FF, C7, 06, 20, B2, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 20, B2, 42, 00, E9, 37, FD, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 20, B2, 42, 00, E8, 24, FD, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 4E, CA, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Code size:
161.5 KB (165,376 bytes)

Remove svchost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.