Jump to content

svchost.exe=rdphost.exe ?


aracopelli
 Share

Recommended Posts

Windows XP Home edition.sp3+

 

SVCHOST.EXE
MD5:27c6d03bcdb8cfeb96b716f3d8be3e18

SHA1:49083ae3725a0488e0a8fbbe1335c745f70c4667

crc32: 6ef02438
SHA-256:2910ebc692d833d949bfd56059e8106d324a276d5f165f874f3fb1b6c613cdd5
SHA-512:1ea76bd898f96603f3aec695eb7bedcef8b4e1b27253ecb98035ac5ea42745c0da6b5523f8848cb0e6acb58710d8f2973368763e7b3895fa28d999552c9030d3
FULL PATH:C:\WINDOWS\system32\svchost.exe
MODIFIED:4/14/2008 5:42:38 AM
CREATED:8/23/2001 12:00:00 PM
FILE VERSION:5.1.2600.5512 (xpsp.080413-2111).

 

I recently caught this file doing some odd things and in researching through online armor it was referred to the "isthisfilesafe.com" site and analyzed..

The site analysis of the md5 and shai1 hashes has indicated that the file is "RDPHOST.EXE" but it also lists "SVCHOST.EXE" as the file name. Are these two names synonymous or does this indicate that perhaps the svchost.exe file has been compromised,replaced or infected? (It is not digitally signed)

You can go to www.isthisfilesafe.com*, insert the above md5  or SHA1 for the file search and you will see what I mean.

 

Your help,thoughts,or ideas are

appreciated..

*www.isthisfilesafe.com is an emsisoft site.

Link to comment
Share on other sites

The file mentioned here is most likely seen for the first time with file name rdphost.exe and was added to the isthisfilesafe database with that file name.

When you check the file on virustotal (and click 'Additional information') you'll see more file names for the same file.

The file is actually signed, you may check the signature with Sigcheck.










 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...