Windows XP Home edition.sp3+
SVCHOST.EXE MD5:27c6d03bcdb8cfeb96b716f3d8be3e18 SHA1:49083ae3725a0488e0a8fbbe1335c745f70c4667 crc32: 6ef02438 SHA-256:2910ebc692d833d949bfd56059e8106d324a276d5f165f874f3fb1b6c613cdd5 SHA-512:1ea76bd898f96603f3aec695eb7bedcef8b4e1b27253ecb98035ac5ea42745c0da6b5523f8848cb0e6acb58710d8f2973368763e7b3895fa28d999552c9030d3 FULL PATH:C:\WINDOWS\system32\svchost.exe MODIFIED:4/14/2008 5:42:38 AM CREATED:8/23/2001 12:00:00 PM FILE VERSION:5.1.2600.5512 (xpsp.080413-2111).
I recently caught this file doing some odd things and in researching through online armor it was referred to the "isthisfilesafe.com" site and analyzed..
The site analysis of the md5 and shai1 hashes has indicated that the file is "RDPHOST.EXE" but it also lists "SVCHOST.EXE" as the file name. Are these two names synonymous or does this indicate that perhaps the svchost.exe file has been compromised,replaced or infected? (It is not digitally signed)
You can go to www.isthisfilesafe.com*, insert the above md5 or SHA1 for the file search and you will see what I mean.
Your help,thoughts,or ideas are
*www.isthisfilesafe.com is an emsisoft site.