× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 140f6931863df4cc6eefded4b99f234d71447aba972ff77ca1d258c23dd4fae4
File name: svchost.exe
Detection ratio: 1 / 42
Analysis date: 2012-04-01 02:38:54 UTC ( 5 years, 9 months ago )
Antivirus Result Update
Sophos AV Mal/Behav-035 20120331
AhnLab-V3 20120331
AntiVir 20120330
Antiy-AVL 20120331
Avast 20120331
AVG 20120331
BitDefender 20120401
ByteHero 20120328
CAT-QuickHeal 20120331
ClamAV 20120331
Commtouch 20120331
Comodo 20120331
DrWeb 20120401
Emsisoft 20120401
eSafe 20120328
eTrust-Vet 20120331
F-Prot 20120331
F-Secure 20120331
Fortinet 20120331
GData 20120401
Ikarus 20120331
Jiangmin 20120331
K7AntiVirus 20120331
Kaspersky 20120401
McAfee 20120401
McAfee-GW-Edition 20120331
Microsoft 20120331
NOD32 20120401
Norman 20120331
nProtect 20120331
Panda 20120331
PCTools 20120326
Rising 20120331
SUPERAntiSpyware 20120329
Symantec 20120401
TheHacker 20120331
TrendMicro 20120331
TrendMicro-HouseCall 20120401
VBA32 20120330
VIPRE 20120331
ViRobot 20120331
VirusBuster 20120331
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2012

Publisher capablemonkey
Original name svchost.exe
Internal name svchost.exe
File version 1.0.0.0
Description capablemonkey_s keylogger
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-04-01 02:35:58
Entry Point 0x000ADA9E
Number of sections 4
PE sections
PE imports
_CorExeMain
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
5632

ImageVersion
0.0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

OriginalFilename
svchost.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
2012:04:01 04:35:58+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
svchost.exe

ProductVersion
1.0.0.0

FileDescription
capablemonkey's keylogger

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2012

MachineType
Intel 386 or later, and compatibles

CompanyName
capablemonkey

CodeSize
703488

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0xada9e

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 268dda50514133aef5dd190dd5bf54ff
SHA1 98c0cc1476971cc3397d30db707cb6c6a617f7f4
SHA256 140f6931863df4cc6eefded4b99f234d71447aba972ff77ca1d258c23dd4fae4
ssdeep
12288:m/9mV5bwUdF8sFkMktj/VXNwg/3QqfS7qu:89mV26F8dMk5Yfqfwqu

File size 693.5 KB ( 710144 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (67.4%)
Windows Screen Saver (12.0%)
Win32 Executable Generic (7.8%)
Win32 Dynamic Link Library (generic) (6.9%)
Win16/32 Executable Delphi generic (1.9%)
VirusTotal metadata
First submission 2012-04-01 02:38:54 UTC ( 5 years, 9 months ago )
Last submission 2012-04-01 02:38:54 UTC ( 5 years, 9 months ago )
File names svchost.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!