home

svchost.exe

TOLGA KAPLAN

The executable svchost.exe has been detected as malware by 11 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “svchost”. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS.
Publisher:
TOLGA KAPLAN  (signed and verified)

Version:
1.0.0

MD5:
7c6597064004b5e34f5197c3084df451

SHA-1:
884a6f186cdb834cc53bc4c09abdfd0e1999661b

Scanner detections:
11 / 68

Status:
Malware

Analysis date:
11/27/2024 12:00:32 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.FakeMS
2014.07.25

Avira AntiVirus
TR/Dropper.MSIL.68118
7.11.163.230

avast!
Win32:Malware-gen
2014.9-161203

AVG
Generic
2017.0.2540

Comodo Security
UnclassifiedMalware
18961

ESET NOD32
MSIL/TrojanDownloader.Agent.OB (variant)
10.10149

IKARUS anti.virus
Trojan-Downloader
t3scan.1.6.1.0

McAfee
Artemis!7C6597064004
5600.6196

Qihoo 360 Security
Win32/Trojan.Dropper.77b
1.0.0.1015

Trend Micro House Call
Suspicious_GEN.F47V0718
7.2.338

VIPRE Antivirus
Trojan.Win32.Generic
31568

File size:
123.2 KB (126,192 bytes)

Product version:
1.0.0

Original file name:
svchostnew.exe

File type:
Executable application (Win32 EXE)

Language:
Yansiz Dil

Common path:
C:\Documents and Settings\{user}\Application data\svchost.exe

Digital Signature
Signed by:
TOLGA KAPLAN

Authority:
COMODO CA Limited

Valid from:
6/27/2014 3:00:00 AM

Valid to:
6/28/2015 2:59:59 AM

Subject:
CN=TOLGA KAPLAN, O=TOLGA KAPLAN, STREET=mecidiye mah. dereboyu cad. lozan sok., STREET=akgun apart. no:15/3, L=istanbul, S=besiktas, PostalCode=34347, C=TR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0166B65038D61E5435B48204CAE4795A

File PE Metadata
Compilation timestamp:
7/11/2014 12:47:26 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:2B2Wyt95yjeKp7zIRXgHDBRRMiYTRwTELP/p7:bx95MMZksB

Entry address:
0x1EDAE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 78, A4, 6A, D7, 56, B7, C7, E8, DB, 70, 20, 24, EE, CE, BD, C1, AF, 0F, 7C, F5, 2A, C6, 87, 47, 13, 46, 30, A8, 01, 95, 46, FD, D8, 98, 80, 69, AF, F7, 44, 8B, B1, 5B, FF, FF, BE, D7...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
115.5 KB (118,272 bytes)

Service
Display name:
svchost

Type:
Win32OwnProcess


Remove svchost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.