» vxhost.exe
Overview
Analysis
File Details
Network (97)

vxhost.exe

vm file module

The application vxhost.exe has been detected as a potentially unwanted program by 6 anti-malware scanners.

File name:

vxhost.exe

Product:

vm file module

Version:

1, 0, 0, 1

MD5:

77e2f0f9ddaff40b2bbace6652492a4f

SHA-1:

d3c9eaaa04ed3015e4a39639935fc7b3f4914d3e

SHA-256:

3cbae2a81d0326236fe0e5be0da908a33dc7b40b4c027de1cc24549557060a9d

Scanner detections:

6 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 3:48:55 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.SquareNet

4.0.3.14823

Dr.Web

Adware.Mutabaha.66

9.0.1.0235

ESET NOD32

Win32/SquareNet (variant)

8.10302

IKARUS anti.virus

PUA.Win32.SquareNet

t3scan.1.7.5.0

Malwarebytes

PUP.Optional.SquareNet

v2014.08.23.04

Sophos

Square Network Installer

4.98

File size:

346 KB (354,304 bytes)

Product version:

1, 0, 0, 1

Original file name:

vmfile.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\networkhosttask\vxhost.exe

File PE Metadata

Compilation timestamp:

8/23/2014 3:49:08 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:5QuL19R002LtTY4an8+SoR4OIGbuxSEnPLbWmmI5iLPk6CU5G/Rv:KuL1w02L1an8+BpbuxSEnPum/5irk6CP

Entry address:

0x2EF01

Entry point:

E8, D0, B2, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 53, 56, FF, 75, 10, 8D, 4D, F0, E8, A3, D3, FF, FF, 8B, 5D, 08, 33, F6, 3B, DE, 75, 2F, E8, 90, 22, 00, 00, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, EB, D7, FF, FF, 83, C4, 14, 80, 7D, FC, 00, 74, 07, 8B, 45, F8, 83, 60, 70, FD, B8, FF, FF, FF, 7F, E9, C0, 00, 00, 00, 57, 8B, 7D, 0C, 3B, FE, 75, 2F, E8, 59, 22, 00, 00, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, B4, D7, FF, FF, 83, C4, 14, 80, 7D, FC, 00, 74, 07, 8B, 45, F8... 
[+]

Entropy:

6.4704

Code size:

273 KB (279,552 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to we-in-f141.1e100.net (173.194.66.141:80)

TCP (HTTP SSL):

Connects to vip1.g.cachefly.net (205.234.175.175:443)

TCP (HTTP SSL):

Connects to server-54-230-11-46.lhr3.r.cloudfront.net (54.230.11.46:443)

TCP (HTTP):

Connects to server-54-230-10-3.lhr3.r.cloudfront.net (54.230.10.3:80)

TCP (HTTP):

Connects to presentation-atl1.turn.com (50.116.194.21:80)

TCP (HTTP SSL):

Connects to platform-api.newrelic.com (50.31.164.166:443)

TCP (HTTP):

Connects to par08s10-in-f28.1e100.net (74.125.230.252:80)

TCP (HTTP):

Connects to par08s10-in-f27.1e100.net (74.125.230.251:80)

TCP (HTTP):

Connects to par08s10-in-f26.1e100.net (74.125.230.250:80)

TCP (HTTP SSL):

Connects to ord08s13-in-f27.1e100.net (173.194.46.123:443)

TCP (HTTP):

Connects to ord08s13-in-f25.1e100.net (173.194.46.121:80)

TCP (HTTP SSL):

Connects to ord08s11-in-f28.1e100.net (173.194.46.92:443)

TCP (HTTP SSL):

Connects to ord08s11-in-f27.1e100.net (173.194.46.91:443)

TCP (HTTP SSL):

Connects to oasn04a.247realmedia.com (208.71.122.194:443)

TCP (HTTP):

Connects to mpr2.ngd.vip.ch1.yahoo.com (217.163.21.35:80)

TCP (HTTP):

Connects to mpr1.ngd.vip.bf1.yahoo.com (98.139.225.42:80)

TCP (HTTP):

Connects to li75-26.members.linode.com (74.207.233.26:80)

TCP (HTTP):

Connects to li682-172.members.linode.com (23.239.9.172:80)

TCP (HTTP SSL):

Connects to lhr14s23-in-f27.1e100.net (74.125.230.91:443)

TCP (HTTP):

Connects to lhr14s23-in-f26.1e100.net (74.125.230.90:80)

Remove vxhost.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.