home

windesk winsearch.vshost.exe

Microsoft Visual Studio 2012

PC Software

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application windesk winsearch.vshost.exe by PC Software has been detected as a potentially unwanted program by 3 anti-malware scanners. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.
Publisher:
Microsoft Corporation  (signed by PC Software)

Product:
Microsoft® Visual Studio® 2012

Description:
vshost32.exe

Version:
11.0.50727.1

MD5:
faeef5c4a44b9d1982fc301aa356714d

SHA-1:
8eb3559c591d7e445b4f0dc7038f40c6b9aa4ed7

SHA-256:
fcfc69cd415c15d7b62c092e1165d65f1f7990a4dfead835501d7cdae2b33440

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
11/6/2024 5:35:44 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.PCSoftware (M)
16.1.15.0

Trend Micro House Call
Suspicious_GEN.F47V0116
7.2.153

VIPRE Antivirus
InstallMonetizer
37580

File size:
13.6 KB (13,920 bytes)

Product version:
11.0.50727.1

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
vshost32.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\windeskwinsearch\windesk winsearch.vshost.exe

Digital Signature
Signed by:
PC Software

Authority:
COMODO CA Limited

Valid from:
9/9/2014 7:00:00 PM

Valid to:
9/10/2015 6:59:59 PM

Subject:
CN=PC Software, O=PC Software, STREET=5655 Silver Creek Valley Road, L=San Jose, S=CA, PostalCode=95138, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FFFC8D338C67107439C065EF8036902F

File PE Metadata
Compilation timestamp:
7/26/2012 6:35:33 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
192:RehycfxBcjEPYmdW1+BW1qyMrj6ssEZg2aAbbhXH87uGauospvxS7ioL:wpgEPZdWIBWHMCs5u0riS7iK

Entry address:
0x305E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3465

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
4.5 KB (4,608 bytes)

Remove windesk winsearch.vshost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.