oneclickroot.vshost.exe

Microsoft Visual Studio 2013

Simple Leads LLC

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application oneclickroot.vshost.exe by Simple Leads has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Microsoft Corporation  (signed by Simple Leads LLC)

Product:
Microsoft® Visual Studio® 2013

Description:
vshost32.exe

Version:
12.0.21005.1

MD5:
cda4dfa30d4d7a802745d9826e750b92

SHA-1:
e616e88a342f0fd19e1c4824ff8e950d01fb4a19

SHA-256:
aa6afdb3d357785592afc19355a31ac500a15b5680e0f9719fa763dd2f9493ac

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 4:10:50 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.9.9.22

File size:
14.3 KB (14,680 bytes)

Product version:
12.0.21005.1

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
vshost32.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\one click root\one click root\oneclickroot.vshost.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
12/29/2014 10:00:00 PM

Valid to:
2/19/2016 10:00:00 AM

Subject:
CN=Simple Leads LLC, O=Simple Leads LLC, L=New Rochelle, S=New York, C=US

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0C438EAA28B2E092DF60468F68134025

File PE Metadata
Compilation timestamp:
10/5/2013 3:05:05 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
192:j1hOcNxBcGPYmZWmBW3ci/nYe+PjP6jO1HRGsNB5yZZ3xN5BdFo7J7K:d3LPZZWmBWMMnYPL6jO1HRf3yZZvjk7K

Entry address:
0x305E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
4.5 KB (4,608 bytes)

Remove oneclickroot.vshost.exe - Powered by Reason Core Security