How to remove svchost.exe
- File Details
- Overview
- Analysis
svchost.exe
The module svchost.exe has been detected as Trojan.CoinMiner
File Details
MD5: |
eedb9d86ae8abc65fa7ac7c6323d4e8f |
Size: |
1 MB |
First Published: |
2017-05-21 03:01:57 (7 years ago) |
Latest Published: |
2024-09-07 23:01:51 (a week ago) |
Status: |
Trojan.CoinMiner (on last analysis) |
|
Analysis Date: |
2024-09-07 23:01:51 (a week ago) |
%appdata%\nscpucnminer |
%appdata%\nsminer |
%appdata%\images |
%sysdrive%\windows.old\users\user\appdata\local\temp |
%sysdrive%\windows.old\users\user\appdata\local\microsoft\windows\inetcache\ie\6f9jyrv5 |
%windir%\temp |
%localappdata%\temp |
%profile%\дминистратор\application data\nscpucnminer |
%sysdrive%\system volume information\_restore{ffc538ad-d1e5-4fce-aac6-3cf2f795ddd4}\rp4 |
%system%\config\systemprofile\appdata\roaming\nscpucnminer |
NsCpuCNMiner64.exe |
svchost.exe |
svchost[1].exe |
NsCpuCNMiner64.exe.quarantined |
A0010030.exe |
svchost[2].exe |
NSCPUCNMINER64.del |
$RBRFTIZ.exe |
$RCCXVJA.exe |
$RYQQE7D.exe |
$RW1MF4I.exe |
trz1F7.tmp |
trz476.tmp |
trzAD80.tmp |
trzA6CA.tmp |
trz9F2C.tmp |
trz7805.tmp |
trz10B5.tmp |
trz93B7.tmp |
trz285.tmp |
trzAB7D.tmp |
trz87F7.tmp |
trz1891.tmp |
trz5D5E.tmp |
trzA778.tmp |
trz9914.tmp |
trz1559.tmp |
trz126B.tmp |
trz6C8.tmp |
trzAE1C.tmp |
$RLV564L.exe |
|
40.4% |
|
|
21.5% |
|
|
7.4% |
|
|
2.7% |
|
|
2.7% |
|
|
2.5% |
|
|
2.1% |
|
|
1.3% |
|
|
1.1% |
|
|
1.1% |
|
|
1.0% |
|
|
1.0% |
|
|
1.0% |
|
|
1.0% |
|
|
0.8% |
|
|
0.7% |
|
|
0.7% |
|
|
0.7% |
|
|
0.7% |
|
|
0.6% |
|
|
0.6% |
|
|
0.5% |
|
|
0.5% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
Windows 7 |
61.0% |
|
Windows 10 |
14.5% |
|
Windows 8.1 |
7.0% |
|
Windows 8 |
5.0% |
|
Windows XP |
4.5% |
|
Windows Server 2003 |
2.7% |
|
Windows Server 2012 R2 |
2.6% |
|
Windows Server 2008 R2 |
1.7% |
|
Windows Vista |
0.7% |
|
Windows Server 2012 |
0.2% |
|
Windows MultiPoint Server 2011 |
0.1% |
|
Windows Embedded 8.1 |
0.1% |
|
Analysis
Subsystem: |
Windows CUI |
PE Type: |
pe |
OS Bitness: |
64 |
Image Base: |
0x0000000140000000 |
Entry Address: |
0x0032228a |
Name |
Size of data |
MD5 |
.text |
0 |
00000000000000000000000000000000 |
.rdata |
0 |
00000000000000000000000000000000 |
.data |
0 |
00000000000000000000000000000000 |
.pdata |
0 |
00000000000000000000000000000000 |
.tls |
512 |
bf619eac0cdf3f68d496ea9344137e8b |
.vmp0 |
0 |
00000000000000000000000000000000 |
.vmp1 |
1560064 |
e4b26de66646852de5d3c97a699968e4 |
.reloc |
512 |
7e569fdc635b45697a6d09da75d98538 |
.rsrc |
1024 |
3dcf3c3353f25ca2b635ee2443c17970 |