» pchealthboost.vshost.exe
Overview
Analysis
File Details

pchealthboost.vshost.exe

Microsoft Visual Studio 2010

Boost Software Inc

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application pchealthboost.vshost.exe by Boost Software Inc has been detected as a potentially unwanted program by 3 anti-malware scanners.

File name:

Publisher:

Microsoft Corporation (signed by Boost Software Inc)

Product:

Microsoft (R) Visual Studio (R) 2010

Description:

vshost-clr2.exe

Version:

10.0.30319.1

MD5:

2bbfaa8c6141a3fb8f97986b0b05c74f

SHA-1:

82b9b8e49fde75f62b2495db9acbb7e1f21e9849

SHA-256:

31443ec7913e6cb14268bd425589a28a90b0e27461b4a1e957aa3e21624167ba

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 1:19:25 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

riskware program Program.Unwanted.733

9.0.1.016

G Data

Win32.Application.PCHealthBoost

16.1.25

Reason Heuristics

Win32.Generic

16.1.16.0

File size:

11.9 KB (12,144 bytes)

Product version:

10.0.30319.1

Original file name:

vshost-clr2.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\pc healthboost\pchealthboost.vshost.exe

Digital Signature

Signed by:

Boost Software Inc

Authority:

VeriSign, Inc.

Valid from:

3/21/2012 7:00:00 PM

Valid to:

3/22/2013 6:59:59 PM

Subject:

CN=Boost Software Inc, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Boost Software Inc, L=Boston, S=Massachusetts, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7F6864EF9E0BF8DE63BCE3FFF21CA176

File PE Metadata

Compilation timestamp:

3/18/2010 6:02:35 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

192:VHU+SwxBUW9sWunYe+PjPMrJqjdaK+v238r9ZCspE+TM4r3Xbq63/:yu2W9sWunYPLhj8meM0Xbqs

Entry address:

0x2A6E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.1887

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

3 KB (3,072 bytes)

Remove pchealthboost.vshost.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.