svchost.exe

SELCUK GUNDOGDU

The executable svchost.exe has been detected as malware by 1 anti-virus scanner. It runs as a separate (within the context of its own process) windows Service named “svchost”. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS.
Publisher:
svchost  (signed by SELCUK GUNDOGDU)

Product:
svchost

Version:
1.0.0.0

MD5:
58e8f11bf8829a03872f4baf303a8326

SHA-1:
a8bf7b104116171afbc09fda1e52e79e505dd267

SHA-256:
0237b1efac53dc8f9b8a933672f068c25cde12c7078a900d95fcd768e89aa385

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/27/2024 5:26:39 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.10.18.15

File size:
89.2 KB (91,360 bytes)

Product version:
1.0.0.0

Copyright:
2015

Original file name:
svchost.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\svchost.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
3/13/2015 12:00:00 AM

Valid to:
3/12/2016 11:59:59 PM

Subject:
CN=SELCUK GUNDOGDU, O=SELCUK GUNDOGDU, STREET=Esentepe mah dergiler sok no 25 deal plaza, L=ISTANBUL, S=SISLI, PostalCode=34394, C=TR

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C33187FE848A65E8484EA492CB2CBB18

File PE Metadata
Compilation timestamp:
7/29/2015 11:59:47 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:uYzLoPo6UBiyL8cQn6e258NmtvaS75Pac5bhWDQwIpAHvKQ+A2+ba02lNt28X9qe:ZwPX71E5SO9WD3hMiKtX9C6f3I/q+BVc

Entry address:
0x165EE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 78, A4, 6A, D7, 56, B7, C7, E8, DB, 70, 20, 24, EE, CE, BD, C1, AF, 0F, 7C, F5, 2A, C6, 87, 47, 13, 46, 30, A8, 01, 95, 46, FD, D8, 98, 80, 69, AF, F7, 44, 8B, B1, 5B, FF, FF, BE, D7, 5C, 89, 22, 11, 90, 6B, 93, 71, 98, FD, 8E, 43, 79, A6, 21, 08, B4, 49, 62, 25, 1E, F6, 40, B3, 40, C0, 51, 5A, 5E, 26, AA, C7, B6, E9, 5D, 10, 2F, D6, 53, 14, 44, 02, 81, E6, A1, D8, C8, FB, D3, E7, E6, CD, E1, 21, D6, 07, 37, C3, 87, 0D, D5, F4, ED, 14...
 
[+]

Entropy:
5.8918

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
81.5 KB (83,456 bytes)

Service
Display name:
svchost

Type:
Win32OwnProcess


Remove svchost.exe - Powered by Reason Core Security