× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 97b3fa4580fac08bc27d61b936e92d4ff1f513e38d17bfc4ec936e3ee09a72dd
File name: svchost.exe
Detection ratio: 62 / 65
Analysis date: 2017-08-23 08:54:11 UTC ( 2 months ago )
Antivirus Result Update
Ad-Aware Generic.Malware.SFdld.B4D728A2 20170823
AegisLab Backdoor.W32.Agent.tnko 20170823
AhnLab-V3 Trojan/Win32.Scar.R29269 20170823
ALYac Generic.Malware.SFdld.B4D728A2 20170823
Antiy-AVL Trojan[Backdoor]/Win32.Agent 20170823
Arcabit Generic.Malware.SFdld.B4D728A2 20170823
Avast MSIL:GenMalicious-DWJ [Trj] 20170823
AVG MSIL:GenMalicious-DWJ [Trj] 20170823
Avira (no cloud) TR/Hijacker.Gen 20170823
AVware Trojan.Win32.Ceatrg.a (v) 20170823
Baidu Win32.Trojan.Delf.af 20170823
BitDefender Generic.Malware.SFdld.B4D728A2 20170823
Bkav W32.AgentCjxg.Trojan 20170823
CAT-QuickHeal Trojan.Ceatrg.20828 20170823
ClamAV Win.Trojan.Agent-456880 20170822
CMC Backdoor.Win32.Agent!O 20170823
Comodo TrojWare.Win32.TrojanDownloader.Delf.gen 20170823
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20170823
Cyren W32/Delfloader.B.gen!Eldorado 20170823
DrWeb DDoS.MP.5 20170823
Emsisoft Generic.Malware.SFdld.B4D728A2 (B) 20170823
Endgame malicious (high confidence) 20170821
ESET-NOD32 Win32/Delf.OGV 20170823
F-Prot W32/Delfloader.B.gen!Eldorado 20170823
F-Secure Generic.Malware.SFdld.B4D728A2 20170823
Fortinet W32/Injector.fam!tr 20170823
GData Generic.Malware.SFdld.B4D728A2 20170823
Ikarus Trojan-PWS.Win32.QQPass 20170823
Sophos ML heuristic 20170822
Jiangmin Trojan/Generic.adgxy 20170823
K7AntiVirus Trojan ( 7000000f1 ) 20170823
K7GW Trojan ( 7000000f1 ) 20170821
Kaspersky Backdoor.Win32.Agent.cjxg 20170823
Kingsoft Win32.Hack.Agent.(kcloud) 20170823
Malwarebytes Trojan.Delf 20170823
MAX malware (ai score=89) 20170823
McAfee RDN/Generic BackDoor 20170823
McAfee-GW-Edition BehavesLike.Win32.Backdoor.nh 20170823
Microsoft Trojan:Win32/Ceatrg.A 20170823
eScan Generic.Malware.SFdld.B4D728A2 20170823
NANO-Antivirus Trojan.Win32.Dwn.sryri 20170823
nProtect Trojan/W32.Injector.36864.G 20170823
Palo Alto Networks (Known Signatures) generic.ml 20170823
Panda Generic Malware 20170822
Qihoo-360 Malware.Radar05.Gen 20170823
Rising Trojan.Win32.Injector.fr (cloud:bdtJ7buulAF) 20170823
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/DelpDldr-A 20170823
SUPERAntiSpyware Trojan.Agent/Gen-Ceatrg 20170823
Symantec SMG.Heur!gen 20170823
Tencent Backdoor.Win32.Agent.dae 20170823
TheHacker Backdoor/Agent.cjxg 20170821
TrendMicro-HouseCall BKDR_INJECT.SMW 20170823
VBA32 Backdoor.Agent 20170822
VIPRE Trojan.Win32.Ceatrg.a (v) 20170823
ViRobot Backdoor.Win32.A.Agent.36864.S 20170823
Webroot W32.Rogue.Gen 20170823
WhiteArmor Malware.HighConfidence 20170817
Yandex Trojan.Pmdosser.Gen.MI 20170823
Zillya Adware.BrowseFox.Win32.435672 20170822
ZoneAlarm by Check Point Backdoor.Win32.Agent.cjxg 20170823
Alibaba 20170823
Symantec Mobile Insight 20170823
TotalDefense 20170823
TrendMicro 20170823
Trustlook 20170823
Zoner 20170823
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000082E8
Number of sections 8
PE sections
PE imports
RegCloseKey
GetUserNameA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
GetLastError
GetStdHandle
EnterCriticalSection
WriteProcessMemory
VirtualAllocEx
FreeLibrary
QueryPerformanceCounter
CopyFileA
ExitProcess
GetThreadLocale
GetVersionExA
GetModuleFileNameA
RtlUnwind
DeleteCriticalSection
GetStartupInfoA
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
UnhandledExceptionFilter
GetCommandLineA
GetThreadContext
CreateMutexA
RaiseException
CreateThread
GetModuleHandleA
WriteFile
CloseHandle
GetComputerNameA
GetCurrentThreadId
SetThreadContext
LocalFree
IsWow64Process
ResumeThread
CreateProcessA
InitializeCriticalSection
LoadResource
lstrcpyA
VirtualFree
TlsGetValue
Sleep
TlsSetValue
GetTickCount
GetVersion
FindResourceA
VirtualAlloc
LeaveCriticalSection
SysReAllocStringLen
SysFreeString
ShellExecuteA
SHGetFolderPathA
URLDownloadToFileA
MessageBoxA
GetSystemMetrics
GetKeyboardType
CharNextA
htons
socket
closesocket
inet_addr
send
WSACleanup
WSAStartup
gethostbyname
connect
sendto
inet_ntoa
ioctlsocket
recv
WSAGetLastError
Number of PE resources by type
RT_RCDATA 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
29696

LinkerVersion
2.25

EntryPoint
0x82e8

InitializedDataSize
6144

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Execution parents
Compressed bundles
File identification
MD5 b5597304495be0c425e512abd6f39f8c
SHA1 88e9ce763907aa1dd75047f2e628f7ee305a34ce
SHA256 97b3fa4580fac08bc27d61b936e92d4ff1f513e38d17bfc4ec936e3ee09a72dd
ssdeep
768:bycqOQ0bwMK2M3fQde8Pfymg0M9EQfRo0ys/Kzn:OcqOQbB3fQc8Pfymg0yxpByxzn

authentihash 22193251b6de7044fdd435fa4b4f80ac48b39f34f89f9faf2ed15fdac9e5dd06
imphash d3b1f6f5044aec1a6ee634b5a731d258
File size 36.0 KB ( 36864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-05-23 16:53:56 UTC ( 5 months ago )
Last submission 2017-06-17 11:18:12 UTC ( 4 months, 1 week ago )
File names svchost.exe
svchost.exe
svchost.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Created processes
Shell commands
Opened mutexes
Runtime DLLs
DNS requests
UDP communications