conhost.exe

Salung International Corporation

The executable conhost.exe has been detected as malware by 24 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler named Systemss triggered to execute each time a user logs in.
Publisher:
Salung International Corporation  (signed and verified)

MD5:
53c8d6d69d0da083c01dfab6f8b0c2ef

SHA-1:
3a3ead7cf77a05beeb8063171e84fec67ad3e4bf

SHA-256:
c6c2670d2be279920197025824ad56673362838ff363c5c76ef257f8dd4d8d37

Scanner detections:
24 / 68

Status:
Malware

Analysis date:
12/29/2024 6:29:16 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.17438051
86

AhnLab V3 Security
Malware/Win32.Generic.N2034461422
3.7.4.14

Avira AntiVirus
TR/Dropper.MSIL.rhmn
8.3.3.4

Arcabit
Trojan.Generic.D10A1563
1.0.0.741

AVG
MSIL10
2017.0.2564

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.161110

Bitdefender
Trojan.Generic.17438051
1.0.20.1575

Comodo Security
TrojWare.MSIL.Agent.GLE
25413

Dr.Web
Trojan.DownLoader22.500
9.0.1.0315

Emsisoft Anti-Malware
Trojan.Generic.17438051
8.16.11.10.09

ESET NOD32
MSIL/Agent.YW
10.13778

Fortinet FortiGate
MSIL/Agent.YW!tr
11/10/2016

F-Secure
Trojan.Generic.17438051
11.2016-10-11_5

G Data
Trojan.Generic.17438051
16.11.25

Kaspersky
Trojan-Dropper.Win32.Dapato
14.0.0.-687

Malwarebytes
Backdoor.Bot
v2016.11.10.09

McAfee
Trojan-FIGV!53C8D6D69D0D
5600.6220

Microsoft Security Essentials
Backdoor:Win32/Kirts.A
1.1.12902.0

MicroWorld eScan
Trojan.Generic.17438051
17.0.0.945

nProtect
Trojan.Generic.17438051
16.07.08.01

Panda Antivirus
Trj/GdSda.A
16.11.10.09

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R011C0DG116
10.465.10

VIPRE Antivirus
Trojan.Win32.Generic
50724

File size:
577.5 KB (591,400 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\conhost.exe

Digital Signature
Authority:
Salung International Corporation

Valid from:
6/25/2016 11:45:36 AM

Valid to:
6/26/2026 11:45:36 AM

Subject:
E=sales@salung.com, CN=www.salung.com, OU=Sales Department, O=Salung International Corporation, L=Columbus, S=Ohio, C=US

Issuer:
E=sales@salung.com, CN=www.salung.com, OU=Sales Department, O=Salung International Corporation, L=Columbus, S=Ohio, C=US

Serial number:
00866E0A24F3686932

File PE Metadata
Compilation timestamp:
6/27/2016 6:02:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:7k3eS9BxuERJ5k8pprbX2/bIj2VmM3kcNy73RhkMubgW2i:Dg/ukJ5kIbXccjkmBRhNubt2i

Entry address:
0x7DB6E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.6920

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
496 KB (507,904 bytes)

Scheduled Task
Task name:
Systemss

Path:
\Update\Systemss

Trigger:
Logon (Runs on logon)


Remove conhost.exe - Powered by Reason Core Security