home

warningpopup.vshost.exe

Microsoft Visual Studio 2012

JH Software Private Limited

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application warningpopup.vshost.exe by JH Software Private Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Microsoft Corporation  (signed by JH Software Private Limited)

Product:
Microsoft® Visual Studio® 2012

Description:
vshost-clr2.exe

Version:
11.0.50727.1

MD5:
23540aea57559233ef3afd713ff61f1b

SHA-1:
9e24dea14928aae56d825bb9a6e8a2f6b0a575a9

SHA-256:
f845b96f58441eebef9e6418ff04959de2849bae506e270f24ee45029371eb04

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/19/2024 9:37:27 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.JHSoftwarePrivate (M)
15.12.20.7

File size:
12.3 KB (12,576 bytes)

Product version:
11.0.50727.1

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
vshost-clr2.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\portable booster [microsoft]\warningpopup.vshost.exe

Digital Signature
Signed by:
JH Software Private Limited

Authority:
Thawte, Inc.

Valid from:
7/27/2014 8:00:00 PM

Valid to:
7/19/2015 7:59:59 PM

Subject:
CN=JH Software Private Limited, OU=IT, O=JH Software Private Limited, L=New Delhi, S=Delhi, C=IN

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
1EB0D774DCDE92063F522689F4040A38

File PE Metadata
Compilation timestamp:
7/26/2012 7:35:34 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
192:Z4SjdxBUhlWHbaW1mne0Fcou7+wse+PjPeQ+Qfnnciu63:ZbejW7aWQn/fuSPLznncU

Entry address:
0x2BDE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 10, 00, 00, 00, 18, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 30, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 48, 00, 00, 00, 58, 40, 00, 00, C8, 03, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, C8, 03, 34, 00, 00, 00...
 
[+]

Entropy:
6.3699

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
3 KB (3,072 bytes)

Remove warningpopup.vshost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.