home

svchost.exe

Хост-процесс для служб Windows

The executable svchost.exe, “Хост-процесс для служб Windows” has been detected as malware by 5 anti-virus scanners. This is a setup program which is used to install the application. It runs as a separate (within the context of its own process) windows Service named “Windows”. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS. The file has been seen being downloaded from callfor.info.
Product:
Microsoft® Windows® Operating System

Description:
Хост-процесс для служб Windows

Version:
6.3.9600.16384

MD5:
edef5d72ecbd546a39d430ad93a0b4dc

SHA-1:
6e0e7c4498164180f9d6315ee7477e720cdad042

SHA-256:
0d100a6d6ab38bb800f4c8479463d064d7e165c18c6a9a888142860a6c39e746

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
11/16/2024 12:58:00 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Hacktool.KQ
470

Bitdefender
Application.Hacktool.KQ
1.0.20.1480

F-Secure
Application.Hacktool.KQ
11.2015-23-10_6

G Data
Application.Hacktool.KQ
15.10.25

MicroWorld eScan
Application.Hacktool.KQ
16.0.0.888

File size:
173 KB (177,152 bytes)

Product version:
6.3.9600.16384

Copyright:
© Microsoft Corporation. All rights reserved.

File type:
Executable application (Win64 EXE)

Common path:
C:\windows\svchost.exe

File PE Metadata
Compilation timestamp:
8/31/2014 7:34:28 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
3072:yNbF3Otaxatj0Q5QCD6DZTRBW4FQ9NAabGErvXmlQJJxoUDbgyu5Ohcl:yWjl5QCuDlXW4+DiErv2yKU9pcl

Entry address:
0x189A0

Entry point:
48, 83, EC, 28, E8, B7, 4F, 00, 00, 48, 83, C4, 28, E9, 56, FE, FF, FF, CC, CC, 48, 8B, C4, 48, 89, 58, 08, 48, 89, 70, 10, 48, 89, 78, 18, 4C, 89, 60, 20, 41, 55, 41, 56, 41, 57, 48, 81, EC, 90, 00, 00, 00, 48, 8D, 4C, 24, 20, FF, 15, 19, 9B, 00, 00, 90, BA, 58, 00, 00, 00, 44, 8D, 62, C8, 49, 8B, CC, E8, 1F, 03, 00, 00, 4C, 8B, D8, 45, 33, FF, 49, 3B, C7, 75, 08, 83, C8, FF, E9, 7B, 02, 00, 00, 48, 89, 05, 55, 32, 01, 00, 41, 8B, CC, 89, 0D, 34, 32, 01, 00, 48, 05, 00, 0B, 00, 00, 4C, 3B, D8, 73, 43, 45...
 
[+]

Code size:
129 KB (132,096 bytes)

Service
Display name:
Windows

Type:
Win32OwnProcess


The file svchost.exe has been seen being distributed by the following URL.

http://callfor.info/svchost.exe

Remove svchost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.