How malicious files pose as legit files?

I know that sometimes malicious files assume the same file name as a legit file. But would that malicious file be in the same location as the legit file?

example
a malicious file goes by
svchost.exe
would it also hide itself in
C:/Windows/system32

so there would be 2(legit and malicious) in the same location?
Or would the malicious one hide elsewhere?