home

svchost..exe

WindowsFormsApplication5

The executable svchost..exe, “Host Process for Windows Services” has been detected as malware by 5 anti-virus scanners.
Publisher:
Microsoft*  (Invalid match)

Product:
WindowsFormsApplication5

Description:
Host Process for Windows Services

Version:
1.0.0.0

MD5:
29a1dcaf75f37ef080a658be96e0470e

SHA-1:
035d4c204b04f9529cf6a528780ca7f390fa33a5

SHA-256:
53bc3b673e31799b549295f2fb54d6ad0d9eb19eb9daa1172aeb6d91c28dae83

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
4/1/2025 8:16:21 PM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Trojan.Agent-1344665
0.98/23207

ESET NOD32
MSIL/Agent.AY worm
6.3.12010.0

F-Prot
W32/MSIL_Agent.K.gen
4.6.5.141

F-Secure
Trojan.MSIL.Agent.BJN
5.16.24

Kaspersky
Worm.MSIL.Agent
15.0.2.529

File size:
719.2 KB (736,445 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2011

Original file name:
WindowsFormsApplication5.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\svchost..exe

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x5E1E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.2395

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
16 KB (16,384 bytes)

User Start Menu Item
Name:
svchost..exe


Remove svchost..exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.