ServiceHostApp.exe

Service Host App

Win Services

The application ServiceHostApp.exe by Win Services has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. Additionally, the file is typically installed by a number of programs including Pokki Start Menu by SweetLabs, Inc. and Edgeworld by SweetLabs, Inc.. While running, it connects to the Internet address cache.google.com on port 443.
Publisher:
Pokki  (signed by Win Services)

Product:
Service Host App

Version:
0.269.7.800

MD5:
30d668a171ea29a98f2c6d0270c75d51

SHA-1:
4bca84439b64a052da6aee66720b539a576edd84

SHA-256:
cc6bb8258d288097210f536e8f5e03487549406fdca971b4d1f970741ee3cc37

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/30/2024 7:55:14 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.SweetLabs.Updater (L)
16.10.7.1

File size:
7.5 MB (7,875,640 bytes)

Product version:
0.269.7.800

Copyright:
Copyright (C) 2010-2014 - SweetLabs, Inc

Original file name:
ServiceHostApp.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\sweetlabs app platform\engine\servicehostapp.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
10/19/2015 7:00:00 PM

Valid to:
10/19/2018 6:59:59 PM

Subject:
CN=Win Services, O=Win Services, STREET="510 Market St #301", L=San Diego, S=California, PostalCode=92101, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00882FAAFF80E36523D43662130839898B

File PE Metadata
Compilation timestamp:
10/30/2015 11:23:26 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:fy7D0LZAZjp52BsJshZ1ANrzZfgETdOtNknx:40LIpVJshZ1SCNknx

Entry address:
0x491856

Entry point:
E8, AB, 99, 01, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, A3, BC, 8C, A4, 00, 5D, C3, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, E0, 16, A4, 00, 33, C5, 89, 45, FC, 53, 8B, 5D, 08, 57, 83, FB, FF, 74, 07, 53, E8, 0D, 9A, 01, 00, 59, 83, A5, E0, FC, FF, FF, 00, 6A, 4C, 8D, 85, E4, FC, FF, FF, 6A, 00, 50, E8, 74, D9, FF, FF, 8D, 85, E0, FC, FF, FF, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8...
 
[+]

Entropy:
6.6905

Code size:
5.2 MB (5,452,288 bytes)

The file ServiceHostApp.exe has been discovered within the following programs.

Amazon  by SweetLabs, Inc.
Amazon is an app for the Pokki desktop platform. The app itself runs as an embedded HTML5 program within the Pokki software outside of the web browser.
www.pokki.com/app/amazon
35% remove it
Edgeworld  by SweetLabs, Inc.
Edgeworld is an app for the Pokki desktop platform. The app itself runs as an embedded HTML5 program within the Pokki software outside of the web browser.
www.pokki.com
38% remove it
Pokki Start Menu  by SweetLabs, Inc.
Publisher's description - “Find and open your programs, files, control panel, and power options with one click of the Pokki start button. Search and access your apps, files, control panel, and power options with Pokki’s Windows 8 Start Menu.”
www.pokki.com/windows-8-start-menu
48% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

TCP (HTTP SSL):
Connects to any-in-2678.1e100.net  (216.239.38.120:443)

TCP (HTTP SSL):
Connects to TIG-Net17-84.trueintergateway.com  (27.123.17.84:443)

TCP (HTTP SSL):
Connects to TIG-Net17-20.trueintergateway.com  (27.123.17.20:443)

TCP (HTTP SSL):
Connects to TIG-Net17-106.trueintergateway.com  (27.123.17.106:443)

TCP (HTTP SSL):
Connects to 186-228-156-56.ded.intelignet.com.br  (186.228.156.56:443)

TCP (HTTP):
Connects to server-54-230-0-21.lhr5.r.cloudfront.net  (54.230.0.21:80)

TCP (HTTP):
Connects to instagram-p3-shv-01-cai1.fbcdn.net  (31.13.88.50:80)

TCP (HTTP SSL):
Connects to cache.google.com  (193.189.184.227:443)

TCP (HTTP SSL):
Connects to 186-228-156-58.ded.intelignet.com.br  (186.228.156.58:443)

TCP (HTTP SSL):
Connects to 186-228-156-53.ded.intelignet.com.br  (186.228.156.53:443)

TCP (HTTP SSL):
Connects to fm-dyn-111-95-240-120.fast.net.id  (111.95.240.120:443)

TCP (HTTP SSL):
Connects to fm-dyn-111-95-240-118.fast.net.id  (111.95.240.118:443)

TCP (HTTP SSL):
Connects to fm-dyn-111-95-240-117.fast.net.id  (111.95.240.117:443)

TCP (HTTP):
Connects to a23-32-205-200.deploy.static.akamaitechnologies.com  (23.32.205.200:80)

TCP (HTTP SSL):
Connects to 41.254.37.49.static.ltt.ly  (41.254.37.49:443)

TCP (HTTP SSL):
Connects to 22.13.119.185-rev.hti.pl  (185.119.13.22:443)

TCP (HTTP SSL):
Connects to 110-200-79-69-static.flowja.com  (69.79.200.110:443)

TCP (HTTP SSL):
Connects to TIG-Net17-110.trueintergateway.com  (27.123.17.110:443)

TCP (HTTP SSL):
Connects to public102553.xdsl.centertel.pl  (46.134.208.153:443)

Remove ServiceHostApp.exe - Powered by Reason Core Security