× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: 5b6147f7d2208f1b0502a2c4477c867493805dfdc9d5ea3ce4fd90959899f3e7
Nombre: scvhost.exe
Detecciones: 5 / 54
Fecha de análisis: 2016-07-29 19:46:51 UTC ( hace 2 años, 9 meses ) Ver el más reciente
Antivirus Resultado Actualización
AhnLab-V3 Win-Trojan/Cerber.Gen 20160729
Baidu Win32.Trojan.Kryptik.alb 20160729
Kaspersky not-a-virus:HEUR:Downloader.Win32.LMN.gen 20160729
Qihoo-360 QVM20.1.Malware.Gen 20160729
Symantec Suspicious.Cloud.5 20160729
Ad-Aware 20160729
AegisLab 20160729
Alibaba 20160729
ALYac 20160729
Antiy-AVL 20160729
Arcabit 20160729
Avast 20160729
AVG 20160729
Avira (no cloud) 20160729
AVware 20160729
BitDefender 20160729
Bkav 20160727
CAT-QuickHeal 20160729
ClamAV 20160729
CMC 20160728
Comodo 20160729
Cyren 20160729
DrWeb 20160729
Emsisoft 20160729
ESET-NOD32 20160729
F-Prot 20160729
F-Secure 20160729
Fortinet 20160729
GData 20160729
Ikarus 20160729
Jiangmin 20160729
K7AntiVirus 20160729
K7GW 20160729
Kingsoft 20160729
Malwarebytes 20160729
McAfee 20160729
McAfee-GW-Edition 20160729
Microsoft 20160729
eScan 20160729
NANO-Antivirus 20160729
nProtect 20160729
Panda 20160729
Sophos AV 20160729
SUPERAntiSpyware 20160729
Tencent 20160729
TheHacker 20160729
TrendMicro 20160729
TrendMicro-HouseCall 20160729
VBA32 20160729
VIPRE 20160729
ViRobot 20160729
Yandex 20160729
Zillya 20160729
Zoner 20160729
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-30 20:28:28
Entry Point 0x00004210
Number of sections 4
PE sections
Overlays
MD5 2ef39d03ef2e168692b1c67692910c98
File type data
Offset 272384
Size 118
Entropy 6.52
PE imports
CloseServiceHandle
RegCloseKey
StartServiceW
OpenProcessToken
GetUserNameW
QueryServiceStatus
OpenSCManagerW
RegOpenKeyExW
OpenServiceW
AdjustTokenPrivileges
QueryServiceLockStatusW
LookupPrivilegeValueW
LockServiceDatabase
ChangeServiceConfigW
UnlockServiceDatabase
RegQueryValueExW
RegOpenKeyW
GetEnhMetaFileA
SetMetaRgn
PathToRegion
SaveDC
GetROP2
GetTextCharset
GetEnhMetaFileW
SetLayoutWidth
GdiConvertEnhMetaFile
UpdateColors
GetObjectType
GetLayout
StrokePath
GetMapMode
EnumFontFamiliesW
GetPixelFormat
GetSystemPaletteUse
GetCharWidthA
GetFontLanguageInfo
RealizePalette
GetStockObject
GetPolyFillMode
UnrealizeObject
GetDCPenColor
GetGraphicsMode
STROBJ_bEnumPositionsOnly
GetTextAlign
SwapBuffers
GdiAddGlsBounds
GetTextColor
GetStretchBltMode
HT_Get8BPPFormatPalette
WidenPath
PolyPolygon
AbortDoc
GetTextCharacterExtra
ReplaceFileA
GetStdHandle
GetCurrentThread
WaitForSingleObject
FindFirstFileW
HeapDestroy
SignalObjectAndWait
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
ExitProcess
GetLocaleInfoW
GetFileTime
WideCharToMultiByte
lstrcmpiA
SetTimerQueueTimer
InterlockedExchange
WriteFile
FreeLibrary
QueryDosDeviceA
FormatMessageW
ResumeThread
InitializeCriticalSection
OutputDebugStringW
GlobalHandle
FindClose
TlsGetValue
lstrcpynW
GetUserDefaultUILanguage
DeviceIoControl
InterlockedDecrement
WriteProcessMemory
GetModuleFileNameW
HeapAlloc
SetConsoleScreenBufferSize
QueryPerformanceFrequency
FatalAppExitW
InterlockedExchangeAdd
Heap32First
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FlushInstructionCache
GetPrivateProfileStringW
GlobalAddAtomW
CreateThread
GetSystemDirectoryW
GetExitCodeThread
CreateMutexW
MulDiv
ExitThread
TerminateProcess
SearchPathW
VirtualQuery
VirtualQueryEx
LocalFree
GetVersion
LeaveCriticalSection
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GlobalSize
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
OpenProcess
GetDateFormatW
ReadProcessMemory
GlobalLock
EnumUILanguagesA
GetComputerNameW
CompareStringW
GlobalReAlloc
lstrcmpA
InterlockedIncrement
ResetEvent
CreateWaitableTimerA
Thread32Next
GetProcAddress
CreateEventW
CreateFileW
TlsSetValue
GetCurrentThreadId
OpenJobObjectA
GetLastError
GetSystemInfo
GlobalFree
LCMapStringA
GetThreadLocale
GlobalUnlock
GlobalAlloc
CreateNamedPipeA
lstrlenW
WinExec
CreateProcessW
GetEnvironmentStrings
CreateIoCompletionPort
GetCommandLineW
GetCPInfo
InterlockedCompareExchange
WritePrivateProfileStringW
SuspendThread
RaiseException
GetModuleHandleA
GetDiskFreeSpaceW
EnumCalendarInfoA
CloseHandle
GetACP
GetModuleHandleW
FindResourceExW
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
RtlMoveMemory
Sleep
IsBadReadPtr
VirtualAlloc
DnsHostnameToComputerNameA
SHPathPrepareForWriteA
SHGetFileInfo
ShellExecuteW
SHGetDiskFreeSpaceExA
ShellExecuteExW
SHGetFileInfoW
SHGetDesktopFolder
DragQueryFileA
SHGetSpecialFolderPathW
ShellExecuteA
Shell_NotifyIconA
StrChrIA
StrRStrIA
StrStrW
SetFocus
RedrawWindow
GetCaretBlinkTime
GetForegroundWindow
SetWindowRgn
UpdateWindow
UnregisterHotKey
EqualRect
SetClassLongW
SetCaretPos
FindWindowW
GetCapture
KillTimer
DestroyCaret
GetClipboardOwner
CreatePopupMenu
ShowWindow
GetCaretPos
SetWindowPos
GetWindowThreadProcessId
GetSystemMetrics
SetWindowLongW
MessageBoxW
PeekMessageW
GetWindowRect
InflateRect
UnhookWindowsHookEx
ReleaseCapture
IntersectRect
GetClipboardData
CharUpperBuffW
PostMessageW
GetSysColor
GetClipboardSequenceNumber
RegisterClipboardFormatW
GetDC
CharToOemW
GetCursorPos
ReleaseDC
UpdateLayeredWindow
GetIconInfo
ShowCaret
SendMessageW
GetClassLongW
EndMenu
AnyPopup
LoadStringW
CreateMenu
SystemParametersInfoW
BringWindowToTop
IsIconic
SetRect
CallNextHookEx
CloseClipboard
SetTimer
LoadIconA
CountClipboardFormats
GetActiveWindow
FillRect
RegisterHotKey
AttachThreadInput
CreateCaret
SetWindowsHookExW
LoadCursorW
MsgWaitForMultipleObjects
GetWindowLongW
SetForegroundWindow
DrawTextW
CharNextW
GetKeyboardType
ExitWindowsEx
WindowFromDC
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
GERMAN SWISS 6
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
Tool used internally by Total Commander, do not start directly!

InitializedDataSize
17408

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Unknown (1)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, 32-bit

LinkerVersion
9.0

EntryPoint
0x4210

MIMEType
application/octet-stream

TimeStamp
2016:07:30 13:28:28-07:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Ghisler Softwa re GmbH

CodeSize
254464

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 1894d7fa8d62e84a81ecdacc0969ffe7
SHA1 84b937045769139a54670d05b593f25e70bd3e53
SHA256 5b6147f7d2208f1b0502a2c4477c867493805dfdc9d5ea3ce4fd90959899f3e7
ssdeep
3072:ew0bJhbFNqNv7GlV7JUVOnnu/KsYp6VN1g5WWR96ZqYODD8/OxAnwWgI+MGl:2GNan3lsN1gsy6qvI/iRMa

authentihash 6b288fa2c96410e1969559d5a59539d70d13877a9e770f71ffda059a41eff7cb
imphash e91e5e027fc5f0c4b6e42d28c4e510f7
Tamaño del fichero 266.1 KB ( 272502 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay suspicious-udp via-tor

VirusTotal metadata
First submission 2016-07-29 19:46:51 UTC ( hace 2 años, 9 meses )
Last submission 2019-01-28 03:00:42 UTC ( hace 3 meses, 3 semanas )
Nombres 5b6147f7d2208f1b0502a2c4477c867493805dfdc9d5ea3ce4fd90959899f3e7.bin
5b6147f7d2208f1b0502a2c4477c867493805dfdc9d5ea3ce4fd90959899f3e7
scvhost.exe
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
HTTP requests
DNS requests
TCP connections
UDP communications