» svchost.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)

svchost.exe

Software

The executable svchost.exe has been detected as malware by 24 anti-virus scanners. This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘12e38f8110dbadc4f070f2f4e43dceea’. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS. The file has been seen being downloaded from fs10n5.sendspace.com.

File name:

svchost.exe

Publisher:

Software

Product:

Software

Version:

1.0.0.0

MD5:

55fc4212fb50ef4d4728bcc734e15054

SHA-1:

ceb145a304a2c9344257284c52f0dd79ac69681e

SHA-256:

3b680bdf9393e03b1e928e9bf54fc6ce6fe4bded2bedfb0444b7f74ff5134bfb

Scanner detections:

24 / 68

Status:

Malware

Analysis date:

12/26/2024 12:21:49 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.144222

231

Avira AntiVirus

TR/Dropper.Gen

8.3.3.4

Arcabit

Trojan.Zusy.D2335E

1.0.0.741

avast!

Win32:Malware-gen

2014.9-160618

AVG

MSIL10

2017.0.2709

Baidu Antivirus

Win32.Trojan.WisdomEyes.151026.9950

4.0.3.16618

Bitdefender

Gen:Variant.Zusy.144222

1.0.20.850

Dr.Web

Trojan.Starter.2890

9.0.1.0170

Emsisoft Anti-Malware

Gen:Variant.Zusy.144222

8.16.06.18.06

ESET NOD32

MSIL/Injector.IFO (variant)

10.13666

Fortinet FortiGate

MSIL/Injector.NII!tr

6/18/2016

F-Secure

Packed:W32/DonutCrypt.A

11.2016-18-06_7

G Data

Gen:Variant.Zusy.144222

16.6.25

IKARUS anti.virus

Trojan.MSIL.Injector

t3scan.2.1.6.0

K7 AntiVirus

Trojan

13.2219968

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.39

Malwarebytes

Trojan.Reconyc

v2016.06.18.06

McAfee

GenericRXAA-GV!55FC4212FB50

5600.6365

MicroWorld eScan

Gen:Variant.Zusy.144222

17.0.0.510

NANO AntiVirus

Trojan.Win32.Starter.edguno

1.0.38.8881

Panda Antivirus

Trj/CI.A

16.06.18.06

Qihoo 360 Security

HEUR/QVM03.0.0000.Malware.Gen

1.0.0.1120

Sophos

Troj/MSIL-FMQ

4.98

Vba32 AntiVirus

TScope.Trojan.MSIL

3.12.26.4

File size:

314.7 KB (322,234 bytes)

Product version:

1.0.0.0

Original file name:

Software.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\svchost.exe

File PE Metadata

Compilation timestamp:

6/3/2016 2:13:43 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:nw0dcDZiaJffQr/UmN/BsNL4EY/5D3dXRDLm5Y0aVyrGAi+0SBSr:VGDZia9GP9Ya5DNBDLHVyrGAi+0iSr

Entry address:

0xD5BE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, C7, BA, 51, 57, 00, 00, 00, 00, 02, 00, 00, 00, 1C, 01, 00, 00, 1C, E0, 00, 00, 1C, BA, 00, 00, 52, 53, 44, 53, 2D, 01, DA, 69, 85, 0D, 2F, 43, A8, 28, F7, 0C, E7, EF, EB, 71, 01, 00, 00, 00, 43, 3A, 5C, 55, 73, 65, 72, 73, 5C, 63... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

45.5 KB (46,592 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

12e38f8110dbadc4f070f2f4e43dceea

Command:

"C:\users\{user}\appdata\roaming\svchost.exe"..

The file svchost.exe has been seen being distributed by the following URL.

https://fs10n5.sendspace.com/dl/38770be709d804d21cfe037bcd1267c3/5763182067584461/.../Gerador de cash 2.0.exe

Remove svchost.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.