svchost.exe

SELCUK GUNDOGDU

The executable svchost.exe has been detected as malware by 1 anti-virus scanner. It runs as a separate (within the context of its own process) windows Service named “svchost”. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS.
Publisher:
SELCUK GUNDOGDU  (signed and verified)

Version:
1.0.0.0

MD5:
7107538001e37faa106260eb86c11939

SHA-1:
4391ea7cbd535c5e1c782b6f6cdb1c12c634828f

SHA-256:
0bf4a87ea128f165ee54fff046aaeed505cce621d7d6e9afa074cb9809068421

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/27/2024 5:38:44 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.12.1.20

File size:
15.7 KB (16,096 bytes)

Product version:
1.0.0.0

Original file name:
SV.exe

File type:
Executable application (Win32 EXE)

Language:
Turkish (Turkey)

Common path:
C:\ProgramData\svchost.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
3/13/2015 2:00:00 AM

Valid to:
3/13/2016 1:59:59 AM

Subject:
CN=SELCUK GUNDOGDU, O=SELCUK GUNDOGDU, STREET=Esentepe mah dergiler sok no 25 deal plaza, L=ISTANBUL, S=SISLI, PostalCode=34394, C=TR

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C33187FE848A65E8484EA492CB2CBB18

File PE Metadata
Compilation timestamp:
3/19/2015 1:21:20 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:pjwVqH7lN1q2GENb1Qkya5H0h0VNpnYPL18c:9we7oS7kEUh0zpup

Entry address:
0x429E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
9 KB (9,216 bytes)

Service
Display name:
svchost

Type:
Win32OwnProcess


Remove svchost.exe - Powered by Reason Core Security