svchost.exe

SELCUK GUNDOGDU

The executable svchost.exe has been detected as malware by 1 anti-virus scanner. It runs as a separate (within the context of its own process) windows Service named “svchost”. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS.
Publisher:
svchost  (signed by SELCUK GUNDOGDU)

Product:
svchost

Version:
1.0.0.0

MD5:
f87abf7f2a515030693b02fe021f9a5a

SHA-1:
a78b6c50bf8d284c1a637775a2a83578d0daaa5c

SHA-256:
f75e2057cfc5a366cfa1ca7673368cd25a6923cec89501bcb9dfda4f604d9b48

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/27/2024 5:38:45 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.12.23.9

File size:
16.2 KB (16,608 bytes)

Product version:
1.0.0.0

Copyright:
2015

Original file name:
svchost.exe

File type:
Executable application (Win32 EXE)

Language:
Turkish (Turkey)

Common path:
C:\ProgramData\svchost.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
3/13/2015 2:00:00 AM

Valid to:
3/13/2016 1:59:59 AM

Subject:
CN=SELCUK GUNDOGDU, O=SELCUK GUNDOGDU, STREET=Esentepe mah dergiler sok no 25 deal plaza, L=ISTANBUL, S=SISLI, PostalCode=34394, C=TR

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C33187FE848A65E8484EA492CB2CBB18

File PE Metadata
Compilation timestamp:
5/10/2015 11:00:22 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

Entry address:
0x44DE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
9.5 KB (9,728 bytes)

Service
Display name:
svchost

Type:
Win32OwnProcess


Remove svchost.exe - Powered by Reason Core Security