home

svchost10.exe

The executable svchost10.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘WirelessConfig’.
MD5:
ef547abf5c9258940ff8207bfd897eac

SHA-1:
e41ddb74495bbc24e0680ae9f61c6a19c10235f2

SHA-256:
c2b2391faaa06aaaa64d65cf4c2d73e7d11748c8088fab321a975922dedc0cef

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/24/2024 10:07:42 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Ransomeware (M)
17.3.13.16

File size:
254.5 KB (260,608 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\svchost10.exe

File PE Metadata
Compilation timestamp:
1/15/2002 9:34:39 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x3A93

Entry point:
60, 14, 95, F6, C7, AC, 15, 4B, 83, 00, 2B, 57, 52, FF, CA, F2, 81, ED, DF, 94, 27, 32, B8, 5F, BD, 3B, D6, 81, EB, 7A, 5E, B4, 58, 0C, D9, 81, F2, C5, 1E, B4, A2, FF, C1, BB, 90, 29, 6E, 59, 8B, D7, 76, 04, 80, C9, 0B, 4D, E8, A3, 00, 00, 00, 8B, D1, 87, ED, 69, D6, 1F, 93, 1E, 79, 81, F9, 35, C9, 00, 00, 70, 06, 80, CE, E8, F2, FF, C9, EB, 02, 85, FE, 0F, AF, D7, 8D, 15, 80, 0F, 2A, 74, 8D, 0D, 6A, 00, 02, 00, 72, 05, 0F, AF, DE, 0C, 41, 81, C1, DE, 02, 00, 00, 81, FB, 91, F2, 00, 00, 73, 03, 40, F2, 4D...
 
[+]

Entropy:
6.9975

Code size:
14 KB (14,336 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WirelessConfig

Command:
C:\users\{user}\appdata\roaming\svchost10.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to text-lb.esams.wikimedia.org  (91.198.174.192:443)

TCP (HTTP):
Connects to unknown.prolexic.com  (72.52.4.120:80)

TCP (HTTP):
Connects to slunce.srv.wz.cz  (185.64.219.6:80)

TCP (HTTP):
Connects to mail.accu17.denver.wehostwebsites.com  (173.248.137.197:80)

TCP (HTTP):
Connects to ec2-34-206-157-64.compute-1.amazonaws.com  (34.206.157.64:80)

Remove svchost10.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.