» ScriptHost.dll
Overview
Analysis
File Details
Programs (1)

ScriptHost.dll

Add-ons Framework

We Code Good Inc.

This is part of a Performersoft product, a 'PC optimzation' application that provides minimal benifits and may have been bundled by a third party installer. The module ScriptHost.dll by We Code Good has been detected as adware by 5 anti-malware scanners. This file is typically installed with the program Smiley Bar for Facebook by Status Winks which is a potentially unwanted software program. It bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins.

File name:

ScriptHost.dll

Publisher:

Status Winks (signed by We Code Good Inc.)

Product:

Add-ons Framework

Description:

ScriptHost

Version:

0.9.5.6

MD5:

7828d90cbbb5ee36e60ce7d40603ae6d

SHA-1:

064a0d61492c221b6bfd06583f630f44ce972a8e

SHA-256:

1d83e0e35a1760c4f30211a3ceabe3980770c9671bf8f2065c7982a4f23cdc9f

Scanner detections:

5 / 68

Status:

Adware

Explanation:

Part of the Besttoolbars Add-on framework for Internet Explorer, Chrome and Firefox.

Analysis date:

4/23/2024 2:52:50 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Drop.Softomat.AN

7.11.147.26

ESET NOD32

Win32/Toolbar.Besttoolbars (variant)

9.9190

Reason Heuristics

Plugin.Besttoolbars.Performersoft

15.3.27.3

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

9779

VIPRE Antivirus

InstallBrain

21738

File size:

373.3 KB (382,264 bytes)

Product version:

1.0.1.0

Original file name:

ScriptHost.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\smiley bar for facebook\scripthost.dll

Digital Signature

Signed by:

We Code Good Inc.

Authority:

GoDaddy.com, Inc.

Valid from:

11/1/2012 4:20:37 PM

Valid to:

11/1/2015 4:20:37 PM

Subject:

CN=We Code Good Inc., O=We Code Good Inc., L=Beaverton, S=OR, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

4EEF3A85620395

File PE Metadata

Compilation timestamp:

5/24/2013 5:42:42 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:PwoBTY/RRMnJIrk8DRYH20Di3O2u/KT3Qxl8Ao4UrQ9/UcvAEZixHJTD2+e:oETWRRWJck+OHJDAO2u/KT3Qxl8AzAQb

Entry address:

0x34054

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 8E, 6B, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 6A, 08, 68, 10, 27, 05, 10, E8, 8D, 00, 00, 00, E8, 1B, 15, 00, 00, 8B, 40, 78, 85, C0, 74, 16, 83, 65, FC, 00, FF, D0, EB, 07, 33, C0, 40, C3, 8B, 65, E8, C7, 45, FC, FE, FF, FF, FF, E8, 51, 5E, 00, 00, E8, A6, 00, 00, 00, C3, E8, EE, 14, 00, 00, 8B, 40, 7C, 85, C0, 74, 02, FF, D0, E9, B4, FF, FF, FF, 6A, 08, 68, 30, 27, 05, 10, E8, 41, 00, 00, 00, FF, 35, 94, 77, 05... 
[+]

Entropy:

6.3065

Code size:

275.5 KB (282,112 bytes)

The file ScriptHost.dll has been discovered within the following program.

Smiley Bar for Facebook by Status Winks

Smiley Bar for Facebook installs the "Monetization Platform", which is designed to show context based advertisements in your web browsers.

www.statuswinks.com

79% remove it

Remove ScriptHost.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.