» vxhost.exe
Overview
Analysis
File Details
Network (257)

vxhost.exe

windows media

The application vxhost.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. While running, it connects to the Internet address float.2091.bm-impbus.prod.lax1.adnexus.net on port 80 using the HTTP protocol.

File name:

vxhost.exe

Product:

windows media

Version:

1, 0, 0, 2

MD5:

d51de96d925f2f7c2809f880fbd63bee

SHA-1:

479b7983968db8beb813600f0a779aa9d2baf5cb

Scanner detections:

15 / 68

Status:

Potentially unwanted

Analysis date:

5/14/2024 4:05:12 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/Tool.SquareNet.56

7.11.169.168

avast!

Win32:Dropper-gen [Drp]

2014.9-150717

Baidu Antivirus

Adware.Win32.SquareNet

4.0.3.14828

Dr.Web

Adware.Downware.8433

9.0.1.0198

Emsisoft Anti-Malware

Application.Bundler.CG

8.15.07.17.06

ESET NOD32

Win32/SquareNet (variant)

8.10329

F-Secure

Riskware.Application.Bundler.CG

11.2015-17-07_6

IKARUS anti.virus

PUA.Win32.SquareNet

t3scan.1.7.5.0

Kaspersky

not-a-virus:RiskTool.Win32.SquareNet

14.0.0.1724

McAfee

Artemis!D51DE96D925F

5600.7024

Microsoft Security Essentials

SoftwareBundler:Win32/SquareNet

1.10904

Norman

Application.Bundler.CG

11.20150717

Panda Antivirus

Trj/Genetic.gen

14.08.28.02

Reason Heuristics

Threat.Win.Reputation.IMP

15.7.17.2

Sophos

PUA 'Square Network Installer' (of type Adware)

5.13

File size:

347 KB (355,328 bytes)

Product version:

1, 0, 0, 2

Original file name:

media.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Application data\networkhosttask\vxhost.exe

File PE Metadata

Compilation timestamp:

8/28/2014 3:47:27 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:1Oll+fTjSJ1Zhf3imAtT2M8030GNx4c/SgAs6kD6LmEtGf8e/bGgGqCg:cH+fqJ1ZkmUqMbr4c/Szs6kD6RtGf8eX

Entry address:

0x2F2A1

Entry point:

E8, CF, B2, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 53, 56, FF, 75, 10, 8D, 4D, F0, E8, 9F, D3, FF, FF, 8B, 5D, 08, 33, F6, 3B, DE, 75, 2F, E8, 90, 22, 00, 00, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, EB, D7, FF, FF, 83, C4, 14, 80, 7D, FC, 00, 74, 07, 8B, 45, F8, 83, 60, 70, FD, B8, FF, FF, FF, 7F, E9, C0, 00, 00, 00, 57, 8B, 7D, 0C, 3B, FE, 75, 2F, E8, 59, 22, 00, 00, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, B4, D7, FF, FF, 83, C4, 14, 80, 7D, FC, 00, 74, 07, 8B, 45, F8... 
[+]

Code size:

274 KB (280,576 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-54-84-148-104.compute-1.amazonaws.com (54.84.148.104:80)

TCP (HTTP):

Connects to vip-112.lax.adconion.com (207.171.14.112:80)

TCP (HTTP):

Connects to float.1383.bm-impbus.prod.nym2.adnexus.net (68.67.152.79:80)

TCP (HTTP):

Connects to ec2-107-20-174-234.compute-1.amazonaws.com (107.20.174.234:80)

TCP (HTTP):

Connects to 208.43.234.241-static.reverse.softlayer.com (208.43.234.241:80)

TCP (HTTP SSL):

Connects to vip2-public.stripe.com (50.18.187.106:443)

TCP (HTTP):

Connects to v-5-509-d3705-09.webazilla.com (88.85.90.9:80)

TCP (HTTP):

Connects to tlb.hwcdn.net (69.16.175.10:80)

TCP (HTTP):

Connects to s-prd-ads01-adcom_nwa_blue.evip.aol.com (149.174.67.65:80)

TCP (HTTP):

Connects to sl-ads-default-adcom-mtc.evip.aol.com (64.12.68.35:80)

TCP (HTTP SSL):

Connects to server-54-230-71-2.sea50.r.cloudfront.net (54.230.71.2:443)

TCP (HTTP SSL):

Connects to server-54-230-70-125.sea50.r.cloudfront.net (54.230.70.125:443)

TCP (HTTP SSL):

Connects to server-54-230-69-86.sea50.r.cloudfront.net (54.230.69.86:443)

TCP (HTTP SSL):

Connects to server-54-230-69-65.sea50.r.cloudfront.net (54.230.69.65:443)

TCP (HTTP):

Connects to server-54-230-143-77.sfo5.r.cloudfront.net (54.230.143.77:80)

TCP (HTTP):

Connects to server-54-230-142-249.sfo5.r.cloudfront.net (54.230.142.249:80)

TCP (HTTP):

Connects to server-54-230-142-201.sfo5.r.cloudfront.net (54.230.142.201:80)

TCP (HTTP):

Connects to server-54-230-142-125.sfo5.r.cloudfront.net (54.230.142.125:80)

TCP (HTTP):

Connects to server-54-192-123-59.dfw50.r.cloudfront.net (54.192.123.59:80)

TCP (HTTP):

Connects to server-54-192-122-98.dfw50.r.cloudfront.net (54.192.122.98:80)

Remove vxhost.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.