× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c627a75371170bc7dc0953ce576286166d0a3d973fc1922717dfd478f1b86d4a
File name: svchost.exe
Detection ratio: 44 / 54
Analysis date: 2014-07-16 06:10:19 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware GenPack:Trojan.Packed.17720 20140716
Yandex Trojan.Packed!rloYC4rJOv8 20140715
AntiVir TR/Patched.Ren.Gen 20140716
Avast Win32:Sality 20140716
AVG Packed.VPacker 20140716
Baidu-International Trojan.Win32.Redosdru.aUfh 20140715
BitDefender GenPack:Trojan.Packed.17720 20140716
Bkav W32.Clodc98.Trojan.6004 20140715
CAT-QuickHeal Trojan.Genome.r6 20140716
CMC Trojan.Win32.Genome!O 20140714
Commtouch W32/Heuristic-210!Eldorado 20140716
Comodo UnclassifiedMalware 20140716
DrWeb Trojan.Click1.29811 20140716
Emsisoft GenPack:Trojan.Packed.17720 (B) 20140716
ESET-NOD32 probably a variant of Win32/Redosdru.BM 20140716
F-Prot W32/Heuristic-210!Eldorado 20140716
F-Secure GenPack:Trojan.Packed.17720 20140716
Fortinet W32/RPKrypt.AP!tr 20140716
GData GenPack:Trojan.Packed.17720 20140716
Ikarus Packed.Win32.PolyCrypt.b 20140716
Jiangmin Trojan/Genome.kaa 20140716
K7AntiVirus Trojan ( 000fabbc1 ) 20140715
K7GW Trojan ( 000fabbc1 ) 20140715
Kaspersky Trojan.Win32.Genome.ozpr 20140716
Kingsoft Win32.Troj.Generic.(kcloud) 20140716
McAfee Artemis!20A6310B50D3 20140716
McAfee-GW-Edition Artemis!20A6310B50D3 20140715
Microsoft VirTool:Win32/Obfuscator.BL 20140716
eScan GenPack:Trojan.Packed.17720 20140716
NANO-Antivirus Trojan.Win32.Delf.evioh 20140716
Norman Troj_Generic.LVY 20140716
nProtect Trojan/W32.Agent.65536.BBM 20140715
Panda Malicious Packer 20140715
Qihoo-360 Win32/Trojan.9c5 20140716
Rising PE:Trojan.Win32.Generic.128BC89C!311150748 20140715
Sophos AV Mal/Emogen-Y 20140716
Symantec WS.Reputation.1 20140716
Tencent Win32.Trojan.Genome.Hpry 20140716
TheHacker Trojan/Genome.ozpr 20140714
TrendMicro Cryp_Mangled 20140716
TrendMicro-HouseCall Cryp_Mangled 20140716
VIPRE Packed.Win32.Klone.ap (v) 20140716
ViRobot Trojan.Win32.Genome.65536.D 20140716
Zillya Trojan.Genome.Win32.108440 20140715
AegisLab 20140716
AhnLab-V3 20140715
Antiy-AVL 20140716
ByteHero 20140716
ClamAV 20140716
Malwarebytes 20140716
SUPERAntiSpyware 20140716
TotalDefense 20140716
VBA32 20140715
Zoner 20140714
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Packers identified
Command FishPE, Klone.AP
F-PROT Klone.AP, FishPE
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-05-14 09:07:17
Entry Point 0x000413BB
Number of sections 6
PE sections
PE imports
GetModuleHandleA
HeapCreate
VirtualFree
HeapAlloc
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2006:05:14 10:07:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
180224

LinkerVersion
6.0

FileAccessDate
2014:08:11 22:48:00+01:00

EntryPoint
0x413bb

InitializedDataSize
81920

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:08:11 22:48:00+01:00

UninitializedDataSize
0

File identification
MD5 20a6310b50d31b3da823ed00276e8a50
SHA1 c2f43faee349807d9b9d58ad4ae311d58d09edab
SHA256 c627a75371170bc7dc0953ce576286166d0a3d973fc1922717dfd478f1b86d4a
ssdeep
768:xGoAYDYj2Ze1W3+tRVHAB5K06zakh6qWQ80Que5+Pm90PmB3kH7Pf1IQRnazHJh:xjepeK06ukhA3Yn+SMKrf1IZHyYeriB

imphash dd72667a35386475e5b130048ea6e505
File size 64.0 KB ( 65536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2010-12-23 14:48:35 UTC ( 6 years, 9 months ago )
Last submission 2014-08-11 21:53:21 UTC ( 3 years, 1 month ago )
File names aa
rVynZgZQ.wbs
20a6310b50d31b3da823ed00276e8a50
s.ex_
svchost.exe
wkhlv.dot
file-6450600_exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!