jhsoft_pc_boosterauto.vshost.exe

Microsoft Visual Studio 2012

JH Software Private Limited

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application jhsoft_pc_boosterauto.vshost.exe, “vshost32-clr2.exe” by JH Software Private Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Microsoft Corporation  (signed by JH Software Private Limited)

Product:
Microsoft® Visual Studio® 2012

Description:
vshost32-clr2.exe

Version:
11.0.50727.1

MD5:
58c3c5b72bc6cc1f35c07a67009ae2bf

SHA-1:
3ca03c9f48b8d74061b81a84affe1da8cf41efc2

SHA-256:
7b544b2b44ae71818bf786f2f9a176d56a9a061ae80c3b1a773414547e8cdae9

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/22/2024 11:44:04 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.JHSoftwarePrivate (M)
16.1.9.6

File size:
12.3 KB (12,576 bytes)

Product version:
11.0.50727.1

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
vshost32-clr2.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\windows portable booster\video2mp3\jhsoft_pc_boosterauto.vshost.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
7/27/2014 9:00:00 PM

Valid to:
7/19/2015 8:59:59 PM

Subject:
CN=JH Software Private Limited, OU=IT, O=JH Software Private Limited, L=New Delhi, S=Delhi, C=IN

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
1EB0D774DCDE92063F522689F4040A38

File PE Metadata
Compilation timestamp:
7/26/2012 8:35:34 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
192:Lq7ixBDfWoA7W1fne0Fcou7+wse+PjPeQ+QfPfG:Io1fWd7WBn/fuSPLzW

Entry address:
0x2BDE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 10, 00, 00, 00, 18, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 30, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 48, 00, 00, 00, 58, 40, 00, 00, D8, 03, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, D8, 03, 34, 00, 00, 00...
 
[+]

Entropy:
6.3756

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
3 KB (3,072 bytes)

Remove jhsoft_pc_boosterauto.vshost.exe - Powered by Reason Core Security