» svchost.exe
Overview
Analysis
File Details
Downloads (1)

svchost.exe

The executable svchost.exe has been detected as malware by 16 anti-virus scanners. Although this file uses the name svchost.exe, this is NOT the Windows SvcHost (Service Host) distributed with the OS. The file has been seen being downloaded from m.9846f2d7e24272f38e6f66bf0ff8d7cf.com.

File name:

svchost.exe

MD5:

5d4340145a17bd486b299aaf2290f3cc

SHA-1:

f2f59d31fe21ce3b3bd70ca54a0388ebdb004ffc

SHA-256:

8983ef70d69982f414cb03cbb2a055160a8b94e0fcb600e596d669c9b3302892

Scanner detections:

16 / 68

Status:

Malware

Analysis date:

11/15/2024 8:36:30 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Dropper/Win32.Malware

2015.01.10

Avira AntiVirus

TR/Agent.334526

7.11.200.118

avast!

Win32:Malware-gen

2014.9-150109

Baidu Antivirus

Trojan.Win32.Reconyc

4.0.3.1519

Comodo Security

UnclassifiedMalware

20659

Fortinet FortiGate

W32/Reconyc.DLNP!tr

1/9/2015

IKARUS anti.virus

Trojan.Win32.Reconyc

t3scan.1.8.6.0

K7 AntiVirus

Riskware

13.190.14599

Kaspersky

Trojan.Win32.Reconyc

14.0.0.2665

McAfee

RDN/Generic.bfr!ia

5600.6890

NANO AntiVirus

Trojan.Win32.Reconyc.dlyqyr

0.30.0.64448

Norman

CoinMiner.AN

11.20150109

Qihoo 360 Security

HEUR/QVM20.1.Malware.Gen

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

15.4.8.22

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

Suspicious_GEN.F47V0105

7.2.9

File size:

326.7 KB (334,526 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\l6obz36y\svchost.exe

File PE Metadata

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

2.24

CTPH (ssdeep):

1536:5FNSas3CO7/WX++OWlxCMENJZiKLf/LhyX+rNVyJ9+Qnv1PRnt2vL/8+5xInCFLl:MN1hnuSvL/KCFw8r/GEvl2a

Entry address:

0x1570

Entry point:

83, EC, 1C, C7, 04, 24, 01, 00, 00, 00, FF, 15, 9C, 31, 44, 00, E8, FB, FB, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, 83, EC, 1C, C7, 04, 24, 02, 00, 00, 00, FF, 15, 9C, 31, 44, 00, E8, DB, FB, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, A1, C8, 31, 44, 00, FF, E0, 89, F6, 8D, BC, 27, 00, 00, 00, 00, A1, BC, 31, 44, 00, FF, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, 00, 44, 00, E8, 3E, 21, 00, 00, BA, 00, 00, 00, 00, 83, EC, 04, 85, C0, 74, 15, C7, 44... 
[+]

Entropy:

3.3302

Code size:

10.5 KB (10,752 bytes)

The file svchost.exe has been seen being distributed by the following URL.

http://m.9846f2d7e24272f38e6f66bf0ff8d7cf.com/.../svchost.exe

Remove svchost.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.