home

svchost.exe

lolo

The executable svchost.exe has been detected as malware by 6 anti-virus scanners. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS. The file has been seen being downloaded from 61055875-866111160821565096.preview.editmysite.com.
Product:
lolo

Version:
1.0.0.0

MD5:
20805009501e46376d98d6772a51d52e

SHA-1:
1827b3f4fd513b1569efaa472e51db5f23d1dc4b

SHA-256:
2140af60fbe3b0d4a2be19d14cf02e90cc8d04ce33aa484dc7023f2e960815a5

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
11/27/2024 9:32:36 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.Gen
8.3.2.2

avast!
MSIL:GenMalicious-ABY [Trj]
150913-1

Baidu Antivirus
Trojan.MSIL.EzirizNetReactor
4.0.3.15928

ESET NOD32
MSIL/Packed.EzirizNetReactor.AA trojan
7.0.302.0

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.1356

Rising Antivirus
PE:Malware.RDM.35!5.29[F1]
23.00.65.15926

File size:
145 KB (148,480 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Original file name:
lolo.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\svchost.exe

File PE Metadata
Compilation timestamp:
1/23/2015 5:00:16 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:x84Z4K6wnekVrWtQgTHvzn7A3XdbFK2cJvT3jE/nlo:VD64XCOgLjUdbFKtJPEN

Entry address:
0x2297E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.9486

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
130.5 KB (133,632 bytes)

The file svchost.exe has been seen being distributed by the following URL.

http://61055875-866111160821565096.preview.editmysite.com/uploads/6/1/0/5/.../22222222.exe

Remove svchost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.