» ScriptHost.dll
Overview
Analysis
File Details
Behaviors (1)

ScriptHost.dll

Add-ons Framework

Alawar

The module ScriptHost.dll has been detected as adware by 15 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Game BOX’.

File name:

ScriptHost.dll

Publisher:

Alawar

Product:

Add-ons Framework

Description:

ScriptHost

Version:

1.0.11.18

MD5:

04b05b22000641e0d4d3f2df19d5eae7

SHA-1:

9033bdf8f6e2ac0a71ab98a62619b7090684af61

Scanner detections:

15 / 68

Status:

Adware

Explanation:

Part of the Besttoolbars Add-on framework for Internet Explorer, Chrome and Firefox.

Analysis date:

4/23/2024 8:59:58 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Toolbar.Agent

7.1.1

Baidu Antivirus

Adware.Win32.Besttoolbars

4.0.3.1584

Dr.Web

Adware.BGuard.90

9.0.1.0216

ESET NOD32

Win32/Toolbar.Besttoolbars (variant)

9.10396

IKARUS anti.virus

PUA.Toolbar.Besttoolbars

t3scan.1.7.8.0

K7 AntiVirus

Trojan

13.207.16714

Kaspersky

not-a-virus:WebToolbar.Win32.Agent

14.0.0.1633

Malwarebytes

PUP.Optional.BestToolBars.A

v2015.08.04.09

McAfee

Artemis!04B05B220006

5600.6684

NANO AntiVirus

Trojan.Win32.Toolbar.deiqbl

0.28.2.61942

Panda Antivirus

Generic Suspicious

15.08.04.09

Reason Heuristics

PUP.Besttoolbars.Alawar (M)

15.8.4.9

Sophos

Generic PUA JA

4.98

VIPRE Antivirus

Besttoolbars

27656

Zillya! Antivirus

Adware.Agent.Win32.42894

2.0.0.2319

File size:

428.5 KB (438,784 bytes)

Product version:

1.4.0.0

Original file name:

ScriptHost.dll

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\game box\scripthost.dll

Registration

CLSIDs:

{4751C3C7-3353-4F2E-AD9B-4A058C037D85}, {E33FF41E-53CB-4D93-885A-FFEFA04CD804}

ProgIDs:

Game BOX.Tool.1, Game BOX.ScriptHostObject.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

11/21/2013 11:07:05 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:83R5FHmasUbOKReNp8Gna1zH4GHs7cxZBEynwgFhuDhhFgLBY2T7r:8BXHm6bdRerrSH4GHs7cxXHnwg6Dhy

Entry address:

0x3E64A

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 86, 6B, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 6A, 0C, 68, 58, FE, 05, 10, E8, A7, 1C, 00, 00, 6A, 0E, E8, 75, 6D, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 1C, 5F, 06, 10, BA, 18, 5F, 06, 10, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, 5C, DE, FF, FF, 59, FF, 76, 04, E8, 53, DE, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00... 
[+]

Code size:

319 KB (326,656 bytes)

Internet Explorer BHO

CLSID:

{E33FF41E-53CB-4D93-885A-FFEFA04CD804}

CLSID name:

Game BOX

Remove ScriptHost.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.