Author: hald1r
Subject: Mysterious svchost
Posted: 05 April 2013 at 2:48pm
It's definitely svchost.exe.
The path is C:\Windows\System32.\svchost.exe. This looks fine, but I have a reason to believe that the malicious executable code is injected within his allocated memory region. When I check this svchost with VMMap, I can find two 288K pieces of executable code that is not a DLL.
I'll check it further.
Thanks.
Subject: Mysterious svchost
Posted: 05 April 2013 at 2:48pm
It's definitely svchost.exe.
The path is C:\Windows\System32.\svchost.exe. This looks fine, but I have a reason to believe that the malicious executable code is injected within his allocated memory region. When I check this svchost with VMMap, I can find two 288K pieces of executable code that is not a DLL.
I'll check it further.
Thanks.