vxhost.exe

windows media

The application vxhost.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. While running, it connects to the Internet address float.2091.bm-impbus.prod.lax1.adnexus.net on port 80 using the HTTP protocol.
Product:
windows media

Version:
1, 0, 0, 2

MD5:
d51de96d925f2f7c2809f880fbd63bee

SHA-1:
479b7983968db8beb813600f0a779aa9d2baf5cb

Scanner detections:
16 / 68

Status:
Potentially unwanted

Analysis date:
8/19/2018 6:25:56 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Tool.SquareNet.56
7.11.169.168

avast!
Win32:Dropper-gen [Drp]
2014.9-150717

Baidu Antivirus
Adware.Win32.SquareNet
4.0.3.14828

Dr.Web
Adware.Downware.8433
9.0.1.0198

Emsisoft Anti-Malware
Application.Bundler.CG
8.15.07.17.06

ESET NOD32
Win32/SquareNet (variant)
8.10329

F-Secure
Riskware.Application.Bundler.CG
11.2015-17-07_6

IKARUS anti.virus
PUA.Win32.SquareNet
t3scan.1.7.5.0

Kaspersky
not-a-virus:RiskTool.Win32.SquareNet
14.0.0.1724

McAfee
Artemis!D51DE96D925F
5600.7024

McAfee Web Gateway
Heuristic.BehavesLike.Win32.Suspicious.H
7.7024

Microsoft Security Essentials
SoftwareBundler:Win32/SquareNet
1.10904

Norman
Application.Bundler.CG
11.20150717

Panda Antivirus
Trj/Genetic.gen
14.08.28.02

Reason Heuristics
Threat.Win.Reputation.IMP
15.7.17.2

Sophos
PUA 'Square Network Installer' (of type Adware)
5.13

File size:
347 KB (355,328 bytes)

Product version:
1, 0, 0, 2

Copyright:
Copyright 2003

Original file name:
media.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Application data\networkhosttask\vxhost.exe

File PE Metadata
Compilation timestamp:
8/28/2014 3:47:27 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:1Oll+fTjSJ1Zhf3imAtT2M8030GNx4c/SgAs6kD6LmEtGf8e/bGgGqCg:cH+fqJ1ZkmUqMbr4c/Szs6kD6RtGf8eX

Entry address:
0x2F2A1

Entry point:
E8, CF, B2, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 53, 56, FF, 75, 10, 8D, 4D, F0, E8, 9F, D3, FF, FF, 8B, 5D, 08, 33, F6, 3B, DE, 75, 2F, E8, 90, 22, 00, 00, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, EB, D7, FF, FF, 83, C4, 14, 80, 7D, FC, 00, 74, 07, 8B, 45, F8, 83, 60, 70, FD, B8, FF, FF, FF, 7F, E9, C0, 00, 00, 00, 57, 8B, 7D, 0C, 3B, FE, 75, 2F, E8, 59, 22, 00, 00, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, B4, D7, FF, FF, 83, C4, 14, 80, 7D, FC, 00, 74, 07, 8B, 45, F8...
 
[+]

Code size:
274 KB (280,576 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-84-148-104.compute-1.amazonaws.com  (54.84.148.104:80)

TCP (HTTP):
Connects to vip-112.lax.adconion.com  (207.171.14.112:80)

TCP (HTTP):
Connects to float.1383.bm-impbus.prod.nym2.adnexus.net  (68.67.152.79:80)

TCP (HTTP):
Connects to ec2-107-20-174-234.compute-1.amazonaws.com  (107.20.174.234:80)

TCP (HTTP):
Connects to 208.43.234.241-static.reverse.softlayer.com  (208.43.234.241:80)

TCP (HTTP SSL):
Connects to vip2-public.stripe.com  (50.18.187.106:443)

TCP (HTTP):
Connects to v-5-509-d3705-09.webazilla.com  (88.85.90.9:80)

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to s-prd-ads01-adcom_nwa_blue.evip.aol.com  (149.174.67.65:80)

TCP (HTTP):
Connects to sl-ads-default-adcom-mtc.evip.aol.com  (64.12.68.35:80)

TCP (HTTP SSL):
Connects to server-54-230-71-2.sea50.r.cloudfront.net  (54.230.71.2:443)

TCP (HTTP SSL):
Connects to server-54-230-70-125.sea50.r.cloudfront.net  (54.230.70.125:443)

TCP (HTTP SSL):
Connects to server-54-230-69-86.sea50.r.cloudfront.net  (54.230.69.86:443)

TCP (HTTP SSL):
Connects to server-54-230-69-65.sea50.r.cloudfront.net  (54.230.69.65:443)

TCP (HTTP):
Connects to server-54-230-143-77.sfo5.r.cloudfront.net  (54.230.143.77:80)

TCP (HTTP):
Connects to server-54-230-142-249.sfo5.r.cloudfront.net  (54.230.142.249:80)

TCP (HTTP):
Connects to server-54-230-142-201.sfo5.r.cloudfront.net  (54.230.142.201:80)

TCP (HTTP):
Connects to server-54-230-142-125.sfo5.r.cloudfront.net  (54.230.142.125:80)

TCP (HTTP):
Connects to server-54-192-123-59.dfw50.r.cloudfront.net  (54.192.123.59:80)

TCP (HTTP):
Connects to server-54-192-122-98.dfw50.r.cloudfront.net  (54.192.122.98:80)

Remove vxhost.exe - Powered by Reason Core Security