Should I block it?
90% of PCs block this file from running.
Possible reason:
Multiple malware detections
Additional versions
(Note, the developer publishes each variation of this file with the same version, but the hashes are unique.)
 PE file structure
|
Show functions |
Import table
msvcrt.dll
DllMain
svchost.exe
| MD5: | d38aeeda5d1638e25715a2b67d44ba7d |
| SHA1: | 5d3e7db9c99f8e2672d44c66739483eebef94c5a |
| SHA256: | 50a4463e5ddbdfad509c8dd5dbca0858486b8c9af6ae2b89d463b937a582cf53 |
Warning 5 antivirus scanners has detected malware.
Overview
svchost.exe is malware that executes as a process with the local user's privileges. It is installed with a couple of know programs including Windows Internet Explorer 8 published by Microsoft Corporation and Bitcoin published by Bitcoin project.
Details
| File name: | svchost.exe |
| Typical file path: | C:\ProgramData\adob\svchost.exe |
| Size: | 6.33 MB (6,639,870 bytes) |
| Digital DNA |
| PE subsystem: | Windows GUI |
| File packed: | Yes |
| Code language: | Microsoft Visual C++ |
| .NET CLR: | No |
More details
Programs
The following programs will install this file
“Bitcoin uses peer-to-peer technology to operate with no central authority; managing transactions and the issuing of bitcoins is carried out collectively by the network. Through many of its unique properties, Bitcoin allows exciting uses that could not be covered by any previous payment systems. As a new user, you only need to choose a wallet that you will install on your computer or on your mobile phone. Once you have your wallet instal...”
Windows IE8 (Internet Explorer 8) is a web browser from Microsoft. IE8 contains many new features, including WebSlices and Accelerators (Accelerators are a form of selection-based search which allow a user to invoke an online service from any other page using only the mouse). The address bar features domain highlighting for added security so that the top-level domain is shown in black whereas the other parts of the URL are grayed out. I...
Network connections
[TCP] gb12.superseedbox.co.uk (94.23.216.171:8887)
Malware detections
Based on 40+ industry antivirus scanners, 5 of them detected the following malware.
| Antivirus engine | Engine version | Detection |
| Emsisoft Anti-Malware |
3.0.0.583 |
Trojan.Win32.CoinMiner (A) |
| ESET NOD32 |
7.8564 |
Win32/BitCoinMiner.V |
| Malwarebytes |
1.75.0.1 |
Trojan.BitCoinMiner |
| Symantec |
20131.1.0.101 |
WS.Reputation.1 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V0612 |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00170369% | |
| Kernel CPU: | 0.00131578% | |
| User CPU: | 0.00038791% | |
| Kernel CPU time: | 857,537,497 ms/min | |
| Context switches: | 119/sec | |
| Memory |
| Private memory: | 78.35 MB | |
| Private (maximum): | 54.85 MB | |
| Private (minimum): | 29.74 MB | |
| Non-paged memory: | 78.35 MB | |
| Virtual memory: | 178.02 MB | |
| Virtual memory (peak): | 181.77 MB | |
| Working set: | 30.19 MB | |
| Working set (peak): | 54.96 MB | |
| Resource allocations |
| Threads: | 7 | |
| Handles: | 2748 | |
| GUI GDI count: | 4 | |
| GUI GDI peak: | 6 | |
| GUI USER count: | 3 | |
| GUI USER peak: | 3 | |
Process properties
| Integrety level: | Medium |
| Platform: | 64-bit |
| Command line: | "C:\users\user\appdata\roaming\activex\svchost.exe" |
| Owner: | User |
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Ultimate |
100.00% |
|
Distribution by country
Argentina installs about 50.00% of svchost.exe.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| ASUS |
66.67% |
|
| GIGABYTE |
33.33% |
|
