× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f53fa47763b9afdf9ef03c935c413e9c2969091142cd42584f33b0bef27362ca
File name: svchost.exe
Detection ratio: 37 / 64
Analysis date: 2017-09-10 19:51:29 UTC ( 4 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.22091858 20170910
AegisLab Troj.Generic!c 20170910
ALYac Trojan.Generic.22091858 20170910
Antiy-AVL Trojan/Generic.ASVCS3S.1E5 20170910
Arcabit Trojan.Generic.D1511852 20170910
Avast Win64:Malware-gen 20170910
AVG Win64:Malware-gen 20170910
Avira (no cloud) TR/CoinMiner.mcdzt 20170910
AVware Trojan.Win32.Generic!BT 20170906
BitDefender Trojan.Generic.22091858 20170910
CAT-QuickHeal Trojan.IGENERIC 20170909
Comodo UnclassifiedMalware 20170910
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20170804
Cyren W64/Trojan.TSMV-3168 20170910
DrWeb Trojan.Siggen7.25019 20170910
Emsisoft Trojan.Generic.22091858 (B) 20170910
ESET-NOD32 Win64/CoinMiner.DF 20170910
F-Secure Trojan.Generic.22091858 20170910
Fortinet W64/CoinMiner.DF!tr 20170910
GData Trojan.Generic.22091858 20170910
Ikarus Trojan.Win64.CoinMiner 20170910
Sophos ML heuristic 20170822
K7AntiVirus Trojan ( 0051269a1 ) 20170910
K7GW Trojan ( 0051269a1 ) 20170910
MAX malware (ai score=100) 20170910
McAfee-GW-Edition BehavesLike.Win64.PUPXAC.rc 20170910
eScan Trojan.Generic.22091858 20170910
NANO-Antivirus Trojan.Win64.CoinMiner.erpisp 20170910
Panda Trj/Agent.SM 20170910
Rising Trojan.CoinMiner!8.30A (cloud:rcmxZZ5edcQ) 20170910
SentinelOne (Static ML) static engine - malicious 20170806
Symantec Trojan.Gen 20170910
TrendMicro TROJ_GEN.R0F8C0OGM17 20170910
TrendMicro-HouseCall TROJ_GEN.R0F8C0OGM17 20170910
VIPRE Trojan.Win32.Generic!BT 20170910
Webroot W32.Trojan.Gen 20170910
Zillya Trojan.CoinMiner.Win64.258 20170909
AhnLab-V3 20170910
Alibaba 20170910
Baidu 20170908
Bkav 20170909
ClamAV 20170910
CMC 20170902
Cylance 20170910
Endgame 20170821
F-Prot 20170910
Jiangmin 20170909
Kaspersky 20170910
Kingsoft 20170910
Malwarebytes 20170910
McAfee 20170910
Microsoft 20170910
nProtect 20170910
Palo Alto Networks (Known Signatures) 20170910
Qihoo-360 20170910
Sophos AV 20170910
SUPERAntiSpyware 20170910
Symantec Mobile Insight 20170908
Tencent 20170910
TheHacker 20170907
Trustlook 20170910
VBA32 20170907
ViRobot 20170910
WhiteArmor 20170829
Yandex 20170908
ZoneAlarm by Check Point 20170910
Zoner 20170910
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
ReversingLabs Taggant packer details
Validity
Valid taggant block

Full file hash
Valid

PKI chain
Valid

Packer Enigma Protector (5.70.0)
User
Validity Valid
Serial Number 250870DC7DBCCE6ABC050844593E1E51
SPV
Validity Valid
Serial Number 25AD5AE68C38AD1021086F4FFC8BA470
PE header basic information
Target machine x64
Compilation timestamp 2017-06-28 14:12:44
Entry Point 0x006D51DC
Number of sections 9
PE sections
PE imports
ImageList_ReplaceIcon
GetOpenFileNameW
IcmpCreateFile
WNetUseConnectionW
GetProcessMemoryInfo
DestroyEnvironmentBlock
IsThemeActive
InternetQueryDataAvailable
timeGetTime
WSACleanup
RegCloseKey
CreateFontA
GetProcAddress
GetModuleHandleA
ExitProcess
LoadLibraryA
CoTaskMemAlloc
SysFreeString
ShellExecuteA
MessageBoxA
GetFileVersionInfoA
Number of PE resources by type
RT_ICON 11
RT_STRING 7
RT_GROUP_ICON 4
RT_MANIFEST 1
RT_MENU 1
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 25
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
English (British)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
571904

EntryPoint
0x6d51dc

MIMEType
application/octet-stream

TimeStamp
2017:06:28 15:12:44+01:00

FileType
Win64 EXE

PEType
PE32+

SubsystemVersion
5.2

OSVersion
5.2

FileOS
Win32

Subsystem
Windows GUI

MachineType
AMD AMD64

CodeSize
689664

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 28398c6e82468c4858d17060dc21b8d7
SHA1 e52c6e8c50601898e5b3cd1f6271a5d19b985ccf
SHA256 f53fa47763b9afdf9ef03c935c413e9c2969091142cd42584f33b0bef27362ca
ssdeep
98304:Y40m5t9dUuIBpTXPvc15p8g6qg+uHvMMyI119mLReR4V7R:JznIcf/tMn7ILT

authentihash c14a33a34ad2c2b206fa3590fb0bf3bb0dfdf9f63192aa23ce549ea5dd25a53c
imphash 4b3e3fa5f68b8d673be9265fe0da61e3
File size 4.1 MB ( 4319744 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI)

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Tags
64bits peexe

VirusTotal metadata
First submission 2017-07-04 16:08:14 UTC ( 6 months, 2 weeks ago )
Last submission 2017-09-10 19:51:29 UTC ( 4 months, 1 week ago )
File names svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!