Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

5.8.9600.16384 4.48%
5.8.9600.16384 0.06%
5.8.9431.0 0.23%
5.8.9431.0 0.01%
5.8.9200.16384 2.57%
5.8.9200.16384 14.22%
5.8.8400.0 0.06%
5.8.8400.0 0.06%
5.8.8250.0 0.01%
5.8.8102.0 0.06%
5.8.7600.16385 25.27%
5.8.7600.16385 38.21%
5.8.7600.16385 0.01%
5.8.7600.16385 0.01%
5.8.7600.16385 5.31%
5.8.7600.16385 0.16%
5.8.7264.0 0.01%
5.7.0.18066 0.11%
5.7.0.18066 0.06%
5.7.0.18066 0.01%
5.7.0.18066 0.16%
5.7.0.18066 0.01%
5.7.0.18066 0.01%
5.7.0.18066 0.01%
5.7.0.18066 0.06%
View more

Relationships


PE structurePE file structure

Show functions
Import table
advapi32.dll
RegCreateKeyA, RegCloseKey, RegSetValueA, RegOpenKeyA, RegQueryValueA, RegDeleteKeyA, RegSetValueExW, RegQueryValueExW, RegCreateKeyExW, RegCreateKeyExA, RegOpenKeyExW, ImpersonateLoggedOnUser, RegisterEventSourceW, GetUserNameW, LookupAccountNameW, ReportEventW, DeregisterEventSource, IsTextUnicode, RegQueryValueExA, RegEnumKeyExA, RegOpenKeyExA, RegSetValueExA
kernel32.dll
GetCommandLineA, lstrlenW, GetCommandLineW, HeapAlloc, HeapFree, GetProcessHeap, GetProcAddress, SearchPathW, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, GetLocaleInfoW, GetVersionExW, CreateFileMappingW, LoadLibraryExW, SetLastError, LoadResource, FindResourceExW, CreateFileW, GetFileSize, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, GetPrivateProfileIntW, GetPrivateProfileIntA, GetPrivateProfileStringW, GetPrivateProfileStringA, GetFullPathNameW, GetFullPathNameA, GetLocaleInfoA, LoadLibraryExA, LoadLibraryW, HeapReAlloc, GetStdHandle, GetConsoleMode, GetSystemDirectoryA, GetTempPathA, GetTempFileNameA, CreateFileA, WriteFile, FlushFileBuffers, GetUserDefaultLCID, GetCPInfo, GetFileAttributesW, FindFirstFileW, GetFileAttributesA, FindFirstFileA, FindClose, GetACP, CreateEventA, CreateThread, CloseHandle, SetEvent, FormatMessageW, LocalAlloc, LocalFree, FormatMessageA, GetVersionExA, GetModuleFileNameW, LoadLibraryA, FreeLibrary, lstrlenA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, RtlUnwind, OutputDebugStringA, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetCurrentThreadId, InterlockedIncrement, InterlockedCompareExchange, InterlockedExchange, InterlockedDecrement, ExitProcess, GetModuleHandleA, GetStartupInfoA, GetLastError, WideCharToMultiByte, MultiByteToWideChar, GetModuleFileNameA
msvcrt.dll
DllMain
ole32.dll
CLSIDFromString, CLSIDFromProgID, MkParseDisplayName, CoGetClassObject, CoInitializeSecurity, CreateFileMoniker, CreateBindCtx, CoMarshalInterThreadInterfaceInStream, CoGetInterfaceAndReleaseStream, CoUninitialize, CoInitialize, CoCreateInstance, CoRevokeClassObject, CoRegisterClassObject, StringFromCLSID, CoGetMalloc, CoRegisterMessageFilter
user32.dll
GetMessageA, DispatchMessageA, GetActiveWindow, MessageBoxW, PostThreadMessageA, GetParent, TranslateMessage, PeekMessageA, MsgWaitForMultipleObjects, SendMessageA, PostMessageA, LoadStringW, LoadStringA, CharNextA, GetClassInfoA, RegisterClassA, CreateWindowExA, GetWindowLongA, SetWindowLongA, SetTimer, DefWindowProcA, PostQuitMessage, KillTimer, EnumThreadWindows, IsWindowVisible, GetClassNameA
version.dll
GetFileVersionInfoSizeW, GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeA

wscript.exe

Microsoft Windows Script Host by Microsoft

Remove wscript.exe
Version:   5.6.0.8820
MD5:   7c83dc774629435dbee1d45ed58101af
SHA1:   4442bd1a65ef33989e5d759d3ec1e7f3ce3ac7f6
SHA256:   a67f4afc7bc4f61dd87bb03a7de040bf6e2b793ce07492da6d200c4a8b436bb1
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is wscript.exe?

The Microsoft Windows Script Host (WSH) is an automation technology for Microsoft Windows that provides scripting abilities comparable to batch files, but with a wider range of supported features. It was originally called Windows Scripting Host, but was renamed for the second release.

About wscript.exe (from Microsoft)

Microsoft® Windows® Script Host (WSH) is a language-independent scripting host for Windows Script compatible scripting engines. It brings simple, powerful, and flexible scripting to the Windows 32-bit

Overview

wscript.exe executes as a process with the local user's privileges. It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user).

DetailsDetails

File name:wscript.exe
Publisher:Microsoft Corporation
Product name:Microsoft ® Windows Script Host
Description:Microsoft ® Windows Based Script Host
Typical file path:C:\Windows\System32\wscript.exe
Original name:wscript.exe.mui
File version:5.6.0.8820
Size:112 KB (114,688 bytes)
Build date:8/4/2004 2:01 PM
Digital DNA
PE subsystem:Windows GUI
Entropy:5.988827
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Shell open commands
  • vbefile
  • VBSFile
  • jsefile
  • JSFile
Scheduled tasks
  • The job '4804' runs on registration in the path '\4804'
  • The task 'SBW_UpdateTask_Time_3932323637373635372d7837235a576c4a3241345041' runs daily in the path '\SBW_UpdateTask_Time_3932323637373635372d7837235a576c4a3241345041'
  • The job 'SBW_UpdateTask_Time_313035393136322d5a236c2a4a45574150574132' runs daily in the path '\SBW_UpdateTask_Time_313035393136322d5a236c2a4a45574150574132'
  • The task '80e45e89-e004-444c-a9bb-a8361c5d9ecc' runs on registration in the path '\Event Viewer Tasks\80e45e89-e004-444c-a9bb-a8361c5d9ecc'
  • The job '4834' runs on registration in the path '\4834'
  • The job 'SBW_UpdateTask_Time_323532333439303136352d6c235a2a5b4532412d573432' runs daily in the path '\SBW_UpdateTask_Time_323532333439303136352d6c235a2a5b4532412d573432'
  • The task 'SBW_UpdateTask_Logon_323532333439303136352d6c235a2a5b4532412d573432' runs on logon in the path '\SBW_UpdateTask_Logon_323532333439303136352d6c235a2a5b4532412d573432'
  • The task 'SBW_UpdateTask_Time_333736373630353831392d784a234157344a2a416c505a' runs daily in the path '\SBW_UpdateTask_Time_333736373630353831392d784a234157344a2a416c505a'
  • The job 'SBW_UpdateTask_Logon_333736373630353831392d784a234157344a2a416c505a' runs on logon in the path '\SBW_UpdateTask_Logon_333736373630353831392d784a234157344a2a416c505a'
  • The job '4895' runs on registration in the path '\4895'
  • The task '4469' runs on registration in the path '\4469'
  • The task '4806' runs on registration in the path '\4806'
  • The job '4729' runs on registration in the path '\4729'
  • The task '4792' runs on registration in the path '\4792'
  • The task '4696' runs on registration in the path '\4696'
  • The task '4797' runs on registration in the path '\4797'
  • The task 'SBW_UpdateTask_Time_3737383533343234332d455b2a34504141454a5a576c' runs daily in the path '\SBW_UpdateTask_Time_3737383533343234332d455b2a34504141454a5a576c'
  • The job 'SBW_UpdateTask_Logon_3737383533343234332d455b2a34504141454a5a576c' runs on logon in the path '\SBW_UpdateTask_Logon_3737383533343234332d455b2a34504141454a5a576c'
  • The job '4394' runs on registration in the path '\4394'
  • The task '4510' runs on registration in the path '\4510'
  • The task '4638' runs on registration in the path '\4638'
  • The job '4628' runs on registration in the path '\4628'
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'IntelTBRunOnce' → wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'TempSnippingTool' → wscript.exe //B "C:\users\user\appdata\Local\Temp\TempSnippingTool.vbs"
  • 'SpeedUpSystem' → wscript "C:\users\user\appdata\Roaming\Adobe\Flash Player\SpeedCache\afile.vbs" "C:\users\user\appdata\Roaming\Adobe\Flash Player\SpeedCache\aso.bat"
  • 'ActiveXService' → wscript "C:\users\user\appdata\Roaming\ActiveX\invis.vbs" "C:\users\user\appdata\Roaming\ActiveX\svchost.exe"
  • 'Protector' → wscript.exe "C:\users\user\appdata\Roaming\SDIV 2.0\Prot\prot.vbs" check
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
  • Login entry path '\SBW_UpdateTask_Logon_323532333439303136352d6c235a2a5b4532412d573432'
  • Login entry path '\SBW_UpdateTask_Logon_333736373630353831392d784a234157344a2a416c505a'
  • Login entry path '\SBW_UpdateTask_Logon_3737383533343234332d455b2a34504141454a5a576c'
  • Login entry path '\USER_ESRV_SVC'
Startup files (all users) run once
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce'
  • 'Start Savin-repairJob' → wscript.exe "C:\users\user\appdata\Local\Start Savin\repair.js" "Start Savin-repairJob"

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 36.00%
Windows 8.1 Pro 13.50%
Windows 7 Ultimate 12.00%
Windows 8.1 10.50%
Windows 7 Professional 6.00%
Windows 8.1 Single Language 6.00%
Windows 8 5.50%
Windows 8 Single Language 3.00%
Windows 8.1 Pro with Media Center 2.00%
Windows 8 Enterprise N 2.00%
Windows Seven Black Edition 2.00%
Windows 8.1 N 1.50%

Distribution by countryDistribution by country

United States installs about 54.00% of Microsoft ® Windows Script Host.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Hewlett-Packard 22.04%
ASUS 19.59%
Dell 17.96%
Toshiba 13.06%
Acer 11.02%
Lenovo 6.53%
Alienware 3.27%
Samsung 3.27%
Intel 3.27%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE