vxhost.exe

The application vxhost.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. While running, it connects to the Internet address li45-152.members.linode.com on port 80 using the HTTP protocol.
Version:
1, 0, 0, 4

MD5:
bb9a0743a97d9e165e99fa9bf7d0c64a

SHA-1:
1eb22698c95202f79158f163026bdf7b33474aa3

SHA-256:
c073ece602df5fc3a0744459c0afce341c1bbeeb52178f7f2024704d43f24bb8

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 4:17:26 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.154396
836

avast!
Win32:Dropper-gen [Drp]
141003-0

Baidu Antivirus
Adware.Win32.SquareNet
4.0.3.141022

Bitdefender
Gen:Variant.Graftor.154396
1.0.20.1475

Emsisoft Anti-Malware
Gen:Variant.Graftor.154396
14.10.22

ESET NOD32
Win32/SquareNet.D potentially unwanted application
7.0.302.0

F-Secure
Gen:Variant.Graftor.154396
11.2014-22-10_4

G Data
Gen:Variant.Graftor.154396
14.10.24

IKARUS anti.virus
PUA.SquareNet
t3scan.1.7.8.0

MicroWorld eScan
Gen:Variant.Graftor.154396
15.0.0.885

File size:
351 KB (359,424 bytes)

Product version:
1, 0, 0, 4

Copyright:
Copyright 2003

Original file name:
manager.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\networkhosttask\vxhost.exe

File PE Metadata
Compilation timestamp:
10/22/2014 10:14:12 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:nIiOIBohF8oNW5WUHMyU6okT1fa8FIJurkZI+I2eLy5KixMcZ:IijBy+oNJUHMddkZFIcrkZI+IvO5Kixd

Entry address:
0x30729

Entry point:
E8, 98, B2, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 53, 56, FF, 75, 10, 8D, 4D, F0, E8, 36, CC, FF, FF, 8B, 5D, 08, 33, F6, 3B, DE, 75, 2F, E8, 02, 24, 00, 00, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, 73, D0, FF, FF, 83, C4, 14, 80, 7D, FC, 00, 74, 07, 8B, 45, F8, 83, 60, 70, FD, B8, FF, FF, FF, 7F, E9, C0, 00, 00, 00, 57, 8B, 7D, 0C, 3B, FE, 75, 2F, E8, CB, 23, 00, 00, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, 3C, D0, FF, FF, 83, C4, 14, 80, 7D, FC, 00, 74, 07, 8B, 45, F8...
 
[+]

Entropy:
6.4736

Code size:
277.5 KB (284,160 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to yk-in-f141.1e100.net  (74.125.196.141:80)

TCP (HTTP):
Connects to yh-in-f95.1e100.net  (74.125.137.95:80)

TCP (HTTP):
Connects to tps.sj2.fastclick.net  (64.156.167.98:80)

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.42:80)

TCP (HTTP):
Connects to static.40.163.76.144.clients.your-server.de  (144.76.163.40:80)

TCP (HTTP):
Connects to server-54-230-81-219.mia50.r.cloudfront.net  (54.230.81.219:80)

TCP (HTTP):
Connects to server-54-230-163-2.jax1.r.cloudfront.net  (54.230.163.2:80)

TCP (HTTP):
Connects to server-54-230-162-236.jax1.r.cloudfront.net  (54.230.162.236:80)

TCP (HTTP):
Connects to server-54-230-161-18.jax1.r.cloudfront.net  (54.230.161.18:80)

TCP (HTTP):
Connects to server-54-230-160-193.jax1.r.cloudfront.net  (54.230.160.193:80)

TCP (HTTP):
Connects to s3-3-w.amazonaws.com  (54.231.132.90:80)

TCP (HTTP):
Connects to reserved-98.euroclick.com  (193.149.47.98:80)

TCP (HTTP):
Connects to pr-east.pbp.vip.bf1.yahoo.com  (98.139.225.168:80)

TCP (HTTP):
Connects to ox-173-241-242-12.xv.dc.openx.org  (173.241.242.12:80)

TCP (HTTP):
Connects to network.realmedia.com  (208.71.122.192:80)

TCP (HTTP):
Connects to m-prd-pxl-adcom-mtc.evip.aol.com  (64.12.106.9:80)

TCP (HTTP):
Connects to m-prd-ads04-adcom-mtc-c.evip.aol.com  (149.174.28.195:80)

TCP (HTTP):
Connects to mpr2.ngd.vip.bf1.yahoo.com  (98.139.225.43:80)

TCP (HTTP):
Connects to mpr1.ngd.vip.bf1.yahoo.com  (98.139.225.42:80)

TCP (HTTP):
Connects to mia07s24-in-f26.1e100.net  (74.125.229.154:80)

Remove vxhost.exe - Powered by Reason Core Security