vxhost.exe

windows player

The application vxhost.exe has been detected as a potentially unwanted program by 14 anti-malware scanners.
Product:
windows player

Version:
1, 0, 0, 3

MD5:
bce74e77eb848b8a4b829440b00817bd

SHA-1:
646fb17af87e6faff1815efee412c26d8e44f93a

SHA-256:
6fce5745281c46094eb5fb68ea6aeeeb68a07dffd527882da676a81f1f056473

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 4:33:29 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.154396
840

AhnLab V3 Security
PUP/Win32.Generic
2014.10.17

Avira AntiVirus
TR/Graftor.154396
7.11.179.8

avast!
Win32:Dropper-gen [Drp]
2014.9-141017

Baidu Antivirus
Adware.Win32.SquareNet
4.0.3.141017

Bitdefender
Gen:Variant.Graftor.154396
1.0.20.1450

Emsisoft Anti-Malware
Gen:Variant.Graftor.154396
8.14.10.17.12

ESET NOD32
Win32/SquareNet (variant)
8.10575

Fortinet FortiGate
Riskware/SquareNet
10/17/2014

F-Secure
Gen:Variant.Graftor.154396
11.2014-17-10_6

G Data
Gen:Variant.Graftor.154396
14.10.24

IKARUS anti.virus
PUA.SquareNet
t3scan.1.7.8.0

McAfee
Artemis!BCE74E77EB84
5600.6974

MicroWorld eScan
Gen:Variant.Graftor.154396
15.0.0.870

File size:
348.5 KB (356,864 bytes)

Product version:
1, 0, 0, 3

Copyright:
Copyright 2003

Original file name:
player.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\kadefendersvctask\vxhost.exe

File PE Metadata
Compilation timestamp:
10/16/2014 3:08:29 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:c6lKv/6ixRHuNLM9DZ6/FpWBF8p0wUhnWytUC+H+VEqLwkYq15fMzKHS+:JlKX6iHuN+Z6dpgdwUhnWyh+H+VEqMqP

Entry address:
0x2FB59

Entry point:
E8, 3C, B0, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 53, 56, FF, 75, 10, 8D, 4D, F0, E8, 6F, D0, FF, FF, 8B, 5D, 08, 33, F6, 3B, DE, 75, 2F, E8, 2E, 27, 00, 00, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, B3, D4, FF, FF, 83, C4, 14, 80, 7D, FC, 00, 74, 07, 8B, 45, F8, 83, 60, 70, FD, B8, FF, FF, FF, 7F, E9, C0, 00, 00, 00, 57, 8B, 7D, 0C, 3B, FE, 75, 2F, E8, F7, 26, 00, 00, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, 7C, D4, FF, FF, 83, C4, 14, 80, 7D, FC, 00, 74, 07, 8B, 45, F8...
 
[+]

Entropy:
6.4735

Code size:
275 KB (281,600 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to float.1431.bm-impbus.prod.lax1.adnexus.net  (68.67.128.34:80)

TCP (HTTP):
Connects to float.1157.bm-impbus.prod.nym2.adnexus.net  (68.67.152.118:80)

TCP (HTTP):
Connects to ec2-107-23-61-213.compute-1.amazonaws.com  (107.23.61.213:80)

TCP (HTTP SSL):
Connects to ad-dc6.mediaplex.com  (8.18.45.80:443)

TCP (HTTP SSL):
Connects to yyz08s13-in-f3.1e100.net  (74.125.226.99:443)

TCP (HTTP):
Connects to yyz08s13-in-f27.1e100.net  (74.125.226.123:80)

TCP (HTTP):
Connects to yyz08s13-in-f26.1e100.net  (74.125.226.122:80)

TCP (HTTP):
Connects to yyz08s13-in-f25.1e100.net  (74.125.226.121:80)

TCP (HTTP):
Connects to yyz08s10-in-f13.1e100.net  (173.194.43.109:80)

TCP (HTTP):
Connects to yh-in-f155.1e100.net  (74.125.137.155:80)

TCP (HTTP SSL):
Connects to yh-in-f148.1e100.net  (74.125.137.148:443)

TCP (HTTP SSL):
Connects to vip1.g.cachefly.net  (205.234.175.175:443)

TCP (HTTP SSL):
Connects to t.mookie1.com  (208.71.121.1:443)

TCP (HTTP):
Connects to s-prd-ads01-adcom_nwa_blue.evip.aol.com  (149.174.67.65:80)

TCP (HTTP):
Connects to server-54-239-172-225.atl50.r.cloudfront.net  (54.239.172.225:80)

TCP (HTTP SSL):
Connects to server-216-137-63-17.lhr3.r.cloudfront.net  (216.137.63.17:443)

TCP (HTTP):
Connects to server.risingmedia.com  (129.121.178.224:80)

TCP (HTTP):
Connects to secure1.securefasthosting.com  (5.135.67.70:80)

TCP (HTTP):
Connects to s4.atlasadserver.com  (167.114.1.188:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.16.196:80)

Remove vxhost.exe - Powered by Reason Core Security