home

svchost.exe

Chrome

The executable svchost.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘00cf18fe86f43f78331448bbc649620c’. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS. The file has been seen being downloaded from www.exeupp.com.
Product:
Chrome

Version:
1.0.0.0

MD5:
a6e3134e24cce171fff2f8df47a75580

SHA-1:
2a4d2ce86f8e321da418adf22bb40eb957fac776

SHA-256:
9f480380008d12cea0d264b7e76072227d8c69dfc2692e173b84e3e29b025643

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/27/2024 8:33:48 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Trojan.Rootkit (H)
16.5.30.14

File size:
178.5 KB (182,784 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Original file name:
Chrome.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\svchost.exe

File PE Metadata
Compilation timestamp:
10/4/2015 3:36:51 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:4jct0wqAlO6PJmtCkMSaSJ2QimcuEM/IH9ze5oYoRHxvG787dWSQ3WoKnvlpGoOF:3t0wqAvHdBShimcuEM/IH9ze5oYoRHxc

Entry address:
0x2DE2E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.0867

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
176 KB (180,224 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
00cf18fe86f43f78331448bbc649620c

Command:
"C:\users\{user}\appdata\local\temp\svchost.exe"..


The file svchost.exe has been seen being distributed by the following URL.

http://www.exeupp.com//.../c99994d.exe

Remove svchost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.