signature-base icon indicating copy to clipboard operation
signature-base copied to clipboard

Published 20 hours ago verified publisher icon Neo23x0

False positive Suspicious_Size_svchost_exe

Open jathias-i2s opened this issue 6 years ago • 1 comments

[WARNING] FILE: C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_10.0.17134.556_none_975be06a5b67a894\svchost.exe SCORE: 60 TYPE: EXE SIZE: 85472 FIRST_BYTES: 4d5a90000300000004000000ffff0000b8000000 / MZ MD5: 0861726716c9610ce5f6bcf3f4858da1 SHA1: c02ec813b2e6cba92e1c72376850737df204d4c5 SHA256: 29f04d5f4b8d798038cb9647178a8b9c68e16dc50da850937f6e993fc7967b75 CREATED: Sun Jan 20 16:29:31 2019 MODIFIED: Sun Jan 20 16:29:31 2019

REASON_1: Yara Rule MATCH: Suspicious_Size_svchost_exe SUBSCORE: 60 DESCRIPTION: Detects uncommon file size of svchost.exe REF: -

jathias-i2s avatar Feb 19 '19 09:02 jathias-i2s

fixed https://github.com/Neo23x0/signature-base/commit/0448d97e8f6f4ccd73c5654d6ff9b03cf181442f ?

wesinator avatar Jun 03 '19 13:06 wesinator