» svchost.exe
Overview
Analysis
File Details
Behaviors (1)

svchost.exe

The Witcher 3

Acunetix Ltd.

The executable svchost.exe has been detected as malware by 21 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS.

File name:

svchost.exe

Publisher:

CD Projekt Red (signed by Acunetix Ltd.)

Product:

The Witcher 3

Version:

3.0.0

MD5:

75caf32c79f3eab2b2ad6f725a90c6f6

SHA-1:

6e7c9144b2a1b54b993ecc96f061ec7a763fdf34

SHA-256:

ffa6a8606793aee555a270bd70cefec63a7f34cbaaacc3f951179f06901e46fc

Scanner detections:

21 / 68

Status:

Malware

Analysis date:

11/16/2024 3:29:58 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.3204156

233

AegisLab AV Signature

Troj.Dropper.W32.Injector.lBZu

2.1.4+

AhnLab V3 Security

Trojan/Win32.Agent

2016.05.06

Avira AntiVirus

TR/Dropper.MSIL.jmjy

8.3.3.4

Arcabit

Trojan.Generic.D30E43C

1.0.0.672

Bitdefender

Trojan.GenericKD.3204156

1.0.20.835

ESET NOD32

MSIL/Injector.PAP (variant)

10.13446

Fortinet FortiGate

MSIL/Injector.PAP!tr

6/15/2016

F-Secure

Trojan.GenericKD.3204156

11.2016-15-06_4

G Data

Trojan.GenericKD.3204156

16.6.25

IKARUS anti.virus

Trojan.MSIL.Injector

t3scan.2.0.9.0

K7 AntiVirus

Trojan

13.224.19524

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.51

Microsoft Security Essentials

Trojan:MSIL/Injector.Y

1.1.12706.0

MicroWorld eScan

Trojan.GenericKD.3204156

17.0.0.501

NANO AntiVirus

Trojan.Win32.Multi.ebyuui

1.0.30.8213

Panda Antivirus

Trj/GdSda.A

16.06.15.09

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1120

Quick Heal

TrojanPWS.ZBot

6.16.14.00

Sophos

Mal/Generic-S

4.98

VIPRE Antivirus

Trojan.Win32.Generic

49172

File size:

588.2 KB (602,344 bytes)

Product version:

3.0.0

Original file name:

scan1.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\ProgramData\windows\svchost.exe

Digital Signature

Signed by:

Acunetix Ltd.

Authority:

Thawte, Inc.

Valid from:

6/25/2014 6:00:00 PM

Valid to:

6/25/2016 5:59:59 PM

Subject:

CN=Acunetix Ltd., OU=Acunetix Development Department, O=Acunetix Ltd., L=Ta' Xbiex, S=Malta, C=MT

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

500BD1BC380359C65E4FB982FD87B14F

File PE Metadata

Compilation timestamp:

5/4/2016 12:45:14 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:o98WqkNrSPAJmow1j14HAgr9c7rSAYtY/pw3N7e02esvkD7LbXFrrZtB:G/9SPEfhPK7rKuhwg00kDJF

Entry address:

0x92F8E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.7670

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

580 KB (593,920 bytes)

Scheduled Task

Task name:

Windows Update

Trigger:

Logon (Runs on logon)

Remove svchost.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.