home

svchost.exe

Ammyy Admin

Ammyy Group

The application svchost.exe by Ammyy Group has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Ammyy Admin”. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS.
Publisher:
Ammyy Group  (signed and verified)

Product:
Ammyy Admin

Version:
2.12

MD5:
9f245c5e45d042fcd640629b0f7a9245

SHA-1:
0a146e52faf71ea1421a8b510041bc0f9a0068b1

SHA-256:
4622cb195b7bb7d25d5ae48a298990df2bfb2a4933b62250b8b9a512638206fa

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/15/2024 12:58:35 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Ammyy (M)
16.8.6.9

File size:
643.7 KB (659,152 bytes)

Product version:
2.12

Copyright:
Copyright (C) 2010

Original file name:
AMMYY_Admin.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\ammyy\svchost.exe

Digital Signature
Signed by:
Ammyy Group

Authority:
The USERTRUST Network

Valid from:
6/5/2009 8:00:00 AM

Valid to:
6/6/2010 7:59:59 AM

Subject:
CN=Ammyy Group, O=Ammyy Group, STREET=Novocheremushkinskaya 53-4, L=Moscow, S=Moscow, PostalCode=117418, C=RU

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
0092EF3F37216C5B81115D14B285DCAD6B

File PE Metadata
Compilation timestamp:
5/16/2010 11:11:34 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:zaA9OKLSwaIN5U8xvFoRQMEoO2rx8ikfRtjIe9rtv8zl6Yiego:pkK+waI8JRQMEJ2rufRtse9rtv8zlzic

Entry address:
0x6B698

Entry point:
55, 8B, EC, 6A, FF, 68, 00, 49, 47, 00, 68, 36, B8, 46, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 7C, 04, 47, 00, 59, 83, 0D, 30, 0E, 49, 00, FF, 83, 0D, 34, 0E, 49, 00, FF, FF, 15, 78, 04, 47, 00, 8B, 0D, 18, 0E, 49, 00, 89, 08, FF, 15, 74, 04, 47, 00, 8B, 0D, 14, 0E, 49, 00, 89, 08, A1, 70, 04, 47, 00, 8B, 00, A3, 2C, 0E, 49, 00, E8, A0, 58, FD, FF, 39, 1D, 70, 02, 49, 00, 75, 0C, 68, 60, B8, 46, 00, FF, 15, 6C, 04...
 
[+]

Entropy:
6.6843

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
444 KB (454,656 bytes)

Service
Display name:
Ammyy Admin

Service name:
AmmyyAdmin

Type:
Win32OwnProcess


Remove svchost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.