svchost.exe

The Witcher 3

Acunetix Ltd.

The executable svchost.exe has been detected as malware by 21 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS.
Publisher:
CD Projekt Red  (signed by Acunetix Ltd.)

Product:
The Witcher 3

Version:
3.0.0

MD5:
75caf32c79f3eab2b2ad6f725a90c6f6

SHA-1:
6e7c9144b2a1b54b993ecc96f061ec7a763fdf34

SHA-256:
ffa6a8606793aee555a270bd70cefec63a7f34cbaaacc3f951179f06901e46fc

Scanner detections:
21 / 68

Status:
Malware

Analysis date:
12/26/2024 5:10:28 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.3204156
233

AegisLab AV Signature
Troj.Dropper.W32.Injector.lBZu
2.1.4+

AhnLab V3 Security
Trojan/Win32.Agent
2016.05.06

Avira AntiVirus
TR/Dropper.MSIL.jmjy
8.3.3.4

Arcabit
Trojan.Generic.D30E43C
1.0.0.672

Bitdefender
Trojan.GenericKD.3204156
1.0.20.835

ESET NOD32
MSIL/Injector.PAP (variant)
10.13446

Fortinet FortiGate
MSIL/Injector.PAP!tr
6/15/2016

F-Secure
Trojan.GenericKD.3204156
11.2016-15-06_4

G Data
Trojan.GenericKD.3204156
16.6.25

IKARUS anti.virus
Trojan.MSIL.Injector
t3scan.2.0.9.0

K7 AntiVirus
Trojan
13.224.19524

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.51

Microsoft Security Essentials
Trojan:MSIL/Injector.Y
1.1.12706.0

MicroWorld eScan
Trojan.GenericKD.3204156
17.0.0.501

NANO AntiVirus
Trojan.Win32.Multi.ebyuui
1.0.30.8213

Panda Antivirus
Trj/GdSda.A
16.06.15.09

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1120

Quick Heal
TrojanPWS.ZBot
6.16.14.00

Sophos
Mal/Generic-S
4.98

VIPRE Antivirus
Trojan.Win32.Generic
49172

File size:
588.2 KB (602,344 bytes)

Product version:
3.0.0

Copyright:
Copyright © 2012 CD Projekt Red

Original file name:
scan1.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\windows\svchost.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
6/25/2014 6:00:00 PM

Valid to:
6/25/2016 5:59:59 PM

Subject:
CN=Acunetix Ltd., OU=Acunetix Development Department, O=Acunetix Ltd., L=Ta' Xbiex, S=Malta, C=MT

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
500BD1BC380359C65E4FB982FD87B14F

File PE Metadata
Compilation timestamp:
5/4/2016 12:45:14 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:o98WqkNrSPAJmow1j14HAgr9c7rSAYtY/pw3N7e02esvkD7LbXFrrZtB:G/9SPEfhPK7rKuhwg00kDJF

Entry address:
0x92F8E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.7670

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
580 KB (593,920 bytes)

Scheduled Task
Task name:
Windows Update

Trigger:
Logon (Runs on logon)


Remove svchost.exe - Powered by Reason Core Security