home

svchost.exe

Хост-процесс для служб Windows

The application svchost.exe, “Хост-процесс для служб Windows” has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup program which is used to install the application. It runs as a separate (within the context of its own process) windows Service named “Windows”. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS. The file has been seen being downloaded from callfor.info.
Product:
Microsoft® Windows® Operating System

Description:
Хост-процесс для служб Windows

Version:
6.3.9600.16384

MD5:
b397efc0ce2a8def5903e0868ab97851

SHA-1:
bc22d039cc3b3dd771a679a83ba8f356bc70d497

SHA-256:
2c1c3bf12ded69147a18c81d0bc6e3d1c48880b2a08eb5190ae836b715086104

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 12:56:40 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.30.172

ESET NOD32
Win64/NSSM.A potentially unsafe application
6.3.12010.0

F-Secure
Riskware.Application.GenericKD.4439310
5.16.24

Kaspersky
not-a-virus:RiskTool.Win64.Agent
15.0.2.529

Reason Heuristics
Threat.Downloader.KY
16.2.29.19

File size:
173 KB (177,152 bytes)

Product version:
6.3.9600.16384

Copyright:
© Microsoft Corporation. All rights reserved.

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\windows\svchost.exe

File PE Metadata
Compilation timestamp:
8/31/2014 4:34:28 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
3072:yQbF3Otaxatj0Q5QCD6DZTRBW4FQ9NAabGErvXmlQJJxoUDbgyu5Ohcl:y3jl5QCuDlXW4+DiErv2yKU9pcl

Entry address:
0x189A0

Entry point:
48, 83, EC, 28, E8, B7, 4F, 00, 00, 48, 83, C4, 28, E9, 56, FE, FF, FF, CC, CC, 48, 8B, C4, 48, 89, 58, 08, 48, 89, 70, 10, 48, 89, 78, 18, 4C, 89, 60, 20, 41, 55, 41, 56, 41, 57, 48, 81, EC, 90, 00, 00, 00, 48, 8D, 4C, 24, 20, FF, 15, 19, 9B, 00, 00, 90, BA, 58, 00, 00, 00, 44, 8D, 62, C8, 49, 8B, CC, E8, 1F, 03, 00, 00, 4C, 8B, D8, 45, 33, FF, 49, 3B, C7, 75, 08, 83, C8, FF, E9, 7B, 02, 00, 00, 48, 89, 05, 55, 32, 01, 00, 41, 8B, CC, 89, 0D, 34, 32, 01, 00, 48, 05, 00, 0B, 00, 00, 4C, 3B, D8, 73, 43, 45...
 
[+]

Code size:
129 KB (132,096 bytes)

Service
Display name:
Windows

Type:
Win32OwnProcess


The file svchost.exe has been seen being distributed by the following URL.

http://callfor.info/svchost.exe

Remove svchost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.