home

svchost.exe

TOLGA KAPLAN

The application svchost.exe by TOLGA KAPLAN has been detected as a potentially unwanted program by 29 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “svchost”. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS.
Publisher:
TOLGA KAPLAN  (signed and verified)

Version:
1.0.0

MD5:
d9daf0f49b09bc7a53cc576695840808

SHA-1:
b83c0303a630c82312b243d8def97ddaf4813ebd

SHA-256:
5ec7a9104db5e9bfb78047be5d479ae4cb7d0605a7b2d68d107bd63a2681a0c4

Scanner detections:
29 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 11:22:01 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Heur.Jatif.32
404

AhnLab V3 Security
Trojan/Win32.FakeMS
2015.05.20

Avira AntiVirus
TR/Dropper.MSIL.65738
8.3.1.6

avast!
Win32:Malware-gen
2014.9-151227

AVG
Generic
2016.0.2882

Baidu Antivirus
Trojan.MSIL.Bamgadin
4.0.3.151227

Bitdefender
Gen:Heur.Jatif.32
1.0.20.1805

Comodo Security
UnclassifiedMalware
22179

Emsisoft Anti-Malware
Gen:Heur.Jatif.32
8.15.12.27.09

ESET NOD32
MSIL/Bamgadin
9.11652

Fortinet FortiGate
MSIL/Bamgadin.C!tr
12/27/2015

F-Secure
Gen:Heur.Jatif.32
11.2015-27-12_1

G Data
Gen:Heur.Jatif.32
15.12.25

IKARUS anti.virus
Trojan.MSIL.Bamgadin
t3scan.1.8.9.0

K7 AntiVirus
Unwanted-Program
13.204.15963

Kaspersky
Trojan.MSIL.Agent
14.0.0.906

McAfee
Artemis!D9DAF0F49B09
5600.6538

Microsoft Security Essentials
TrojanClicker:MSIL/Balamid.B
1.1.11701.0

MicroWorld eScan
Gen:Heur.Jatif.32
16.0.0.1083

NANO AntiVirus
Trojan.Win32.Siggen1.dcjynv
0.30.24.1357

Norman
Suspicious_Gen4.GYFQC
11.20151227

Panda Antivirus
Trj/Chgt.D
15.12.27.09

Qihoo 360 Security
Win32/Trojan.Dropper.406
1.0.0.1015

Quick Heal
Trojan.MSI.r4
12.15.14.00

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_SPNR.38J614
7.2.361

Trend Micro
TROJ_SPNR.38J614
10.465.27

VIPRE Antivirus
Trojan.Win32.Generic
40386

ViRobot
Trojan.Win32.S.Agent.89328[h]
2014.3.20.0

File size:
87.2 KB (89,328 bytes)

Product version:
1.0.0

Original file name:
svchostnew.exe

File type:
Executable application (Win32 EXE)

Language:
Turkish (Turkey)

Common path:
C:\ProgramData\svchost.exe

Digital Signature
Signed by:
TOLGA KAPLAN

Authority:
COMODO CA Limited

Valid from:
6/27/2014 3:00:00 AM

Valid to:
6/28/2015 2:59:59 AM

Subject:
CN=TOLGA KAPLAN, O=TOLGA KAPLAN, STREET=mecidiye mah. dereboyu cad. lozan sok., STREET=akgun apart. no:15/3, L=istanbul, S=besiktas, PostalCode=34347, C=TR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0166B65038D61E5435B48204CAE4795A

File PE Metadata
Compilation timestamp:
7/11/2014 12:47:26 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:rxcX6MD5qgaNQgUkT1gG9jTryzwBzPbuA6A7WOyorAUlZIOpm:rKX6MD5bamgUkxN5nfzTuA6WyYAUleO0

Entry address:
0x15BFE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
79.5 KB (81,408 bytes)

Service
Display name:
svchost

Type:
Win32OwnProcess


Remove svchost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.