home

svchost.exe

The executable svchost.exe has been detected as malware by 25 anti-virus scanners. This is a setup program which is used to install the application. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS. The file has been seen being downloaded from m.9846f2d7e24272f38e6f66bf0ff8d7cf.com and multiple other hosts.
MD5:
37e2490d6c9391fe81043eeb7cfa637a

SHA-1:
6cdbd359838b7213f2958717b914b1ac4157408c

SHA-256:
18a2f191db62cc45601981180e6263c46657f537e0842cbc350a47efaa775178

Scanner detections:
25 / 68

Status:
Malware

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
11/15/2024 7:26:52 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.12018459
814

Agnitum Outpost
Trojan.CoinMiner
7.1.1

AhnLab V3 Security
Trojan/Win64.BitCoinMiner
2014.11.13

avast!
Win64:Rootkit-gen [Rtk]
2014.9-141112

AVG
Skodna.BitCoinMiner
2015.0.3292

Baidu Antivirus
Trojan.Win64.CoinMiner
4.0.3.141112

Bitdefender
Trojan.Generic.12018459
1.0.20.1580

Bkav FE
HW64.packed
1.3.0.4959

Comodo Security
UnclassifiedMalware
20065

Dr.Web
hacktool program Tool.BtcMine.476
9.0.1.05190

Emsisoft Anti-Malware
Application.BitCoinminer.GH
11.5.0.6191

ESET NOD32
Win64/CoinMiner.J trojan
6.3.12010.0

F-Secure
Trojan.GenericKD.3325592
5.15.96

G Data
Trojan.Generic.12018459
14.11.24

IKARUS anti.virus
Trojan.Win64.CoinMiner
t3scan.1.8.3.0

K7 AntiVirus
Trojan
13.185.13993

Kaspersky
Trojan.Win64.BitMin
15.0.2.529

McAfee
Artemis!37E2490D6C93
5600.6948

Microsoft Security Essentials
Trojan:Win64/SvcMiner.A
1.227.2710.0

MicroWorld eScan
Trojan.Generic.12018459
15.0.0.948

Norman
Application.BitCoinminer.GH
28.05.2016 13:03:37

nProtect
Trojan.Generic.12018459
14.11.12.01

Sophos
Mal/Miner-C
4.98

Trend Micro House Call
TROJ_GEN.R047H05K114
7.2.316

VIPRE Antivirus
Trojan.Win32.Generic
34732

File size:
1.5 MB (1,605,120 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\windows\temp\svchost.exe

File PE Metadata
Compilation timestamp:
10/14/2014 10:13:04 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
24576:BHA4Egl3XxnHjkn7ASzCxvB0lpVNulA8QNUG72mesjWuvTrE7xosTkEozWO2bWn:UW3XxHjiHrDulA8VG7v2SrE9b7wW3q

Entry address:
0x35FDE1

Entry point:
E9, 38, 1E, 05, 00, FE, C0, F9, F5, 66, 81, FA, 69, 0B, F9, 3A, 07, 66, B8, 5A, CF, 48, 8D, 82, 72, A3, BB, DB, 48, 0F, B6, C3, F6, D4, 48, 8D, 7F, 01, C6, C4, 29, 66, 0F, C8, 88, EC, 58, E9, 7A, 91, 05, 00, 27, B7, FF, 0A, 5B, 43, FB, B3, BF, BE, D2, AE, 9B, CE, 67, 14, 1B, A9, DC, 67, 55, E5, A2, B8, 34, 41, E5, 7B, 6F, 04, 81, 1B, 1D, 5B, E2, E7, AA, 24, 1D, 5C, F0, 7A, 01, 9E, 75, F0, AE, 41, 50, E1, 5B, 51, F9, 5A, 02, 2E, C6, 55, 52, 6E, 72, 01, E1, B5, 4F, 1D, 09, 22, A8, FF, FF, FF, FF, F7, 1D, 2C...
 
[+]

Packer / compiler:
Xtreme-Protector v1.05

Code size:
681 KB (697,344 bytes)

The file svchost.exe has been seen being distributed by the following 5 URLs.

http://m.9846f2d7e24272f38e6f66bf0ff8d7cf.com/.../svchost.exe

http://m.skype4885758.com/foo/vdfzgaVhQbPd-jx-jh8jsA/1420816878/.../svchost.exe

http://callfor.info/taskmgr.exe

http://lp5.bongacams24.com/csrss.exe

http://m.icolor19495344.com/foo/e-9MXHdyuP-mlpHkyUfeIQ/1425426912/.../svchost.exe

Remove svchost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.