svchost.exe

The executable svchost.exe has been detected as malware by 5 anti-virus scanners. This is a setup program which is used to install the application. It runs as a separate (within the context of its own process) windows Service named “WindowsDefender”. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS. The file has been seen being downloaded from callfor.info.
MD5:
9315b6504384b9fd4bf4d41ea4d90a58

SHA-1:
b2595055233cc1b1c2810bf3644f117968dc3993

SHA-256:
52e1847e28fd96d0cc5ef0e6cc5df16d28efc0afc13f6becaf10844e7a6922e9

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
12/28/2024 1:17:10 PM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
UnclassifiedMalware
23261

ESET NOD32
Win64/NSSM
9.12277

IKARUS anti.virus
Trojan.Win64.Nssm
t3scan.1.9.5.0

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.1361

McAfee
Artemis!9315B6504384
5600.6629

File size:
323.5 KB (331,264 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\windows\sys\svchost.exe

File PE Metadata
Compilation timestamp:
8/31/2014 5:34:28 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
6144:yFjl5QCuDlXW4+DiErv2yKU9pclmrD3fNB:Ql5QCKdW4+DiNSfNB

Entry address:
0x189A0

Entry point:
48, 83, EC, 28, E8, B7, 4F, 00, 00, 48, 83, C4, 28, E9, 56, FE, FF, FF, CC, CC, 48, 8B, C4, 48, 89, 58, 08, 48, 89, 70, 10, 48, 89, 78, 18, 4C, 89, 60, 20, 41, 55, 41, 56, 41, 57, 48, 81, EC, 90, 00, 00, 00, 48, 8D, 4C, 24, 20, FF, 15, 19, 9B, 00, 00, 90, BA, 58, 00, 00, 00, 44, 8D, 62, C8, 49, 8B, CC, E8, 1F, 03, 00, 00, 4C, 8B, D8, 45, 33, FF, 49, 3B, C7, 75, 08, 83, C8, FF, E9, 7B, 02, 00, 00, 48, 89, 05, 55, 32, 01, 00, 41, 8B, CC, 89, 0D, 34, 32, 01, 00, 48, 05, 00, 0B, 00, 00, 4C, 3B, D8, 73, 43, 45...
 
[+]

Code size:
129 KB (132,096 bytes)

Service
Display name:
WindowsDefender

Type:
Win32OwnProcess


The file svchost.exe has been seen being distributed by the following URL.

Remove svchost.exe - Powered by Reason Core Security