wscript.exe
Microsoft Windows Script Host by Microsoft
Version: | 5.7.0.16599 |
MD5: | 880726cacac2696236e87b122fa3cd09 |
SHA1: | 00c6661a3fc4fc981ae323e440c5b43d4208cd2a |
SHA256: | f13c8ef65cd23c11d742cb1ff6d174eea2ada38fcb325a8f2a8fac3f77e2fe73 |
This is a Windows system installed file with Windows File Protection (WFP) enabled.
What is wscript.exe?
The Microsoft Windows Script Host (WSH) is an automation technology for Microsoft Windows that provides scripting abilities comparable to batch files, but with a wider range of supported features. It was originally called Windows Scripting Host, but was renamed for the second release.
About wscript.exe (from Microsoft)
“Microsoft® Windows® Script Host (WSH) is a language-independent scripting host for Windows Script compatible scripting engines. It brings simple, powerful, and flexible scripting to the Windows 32-bit”
Overview
wscript.exe executes as a process with the local user's privileges. It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user).
Details
File name: | wscript.exe |
Publisher: | Microsoft Corporation |
Product name: | Microsoft ® Windows Script Host |
Description: | Microsoft ® Windows Based Script Host |
Typical file path: | C:\Windows\System32\wscript.exe |
Original name: | wscript.exe.mui |
File version: | 5.7.0.16599 |
Size: | 152 KB (155,648 bytes) |
Digital DNA |
PE subsystem: | Windows GUI |
Entropy: | 5.988827 |
File packed: | No |
Code language: | Microsoft Visual C++ |
.NET CLR: | No |
More details
Behaviors
Shell open commands
- vbefile
- VBSFile
- jsefile
- JSFile
Scheduled tasks
- The job '4804' runs on registration in the path '\4804'
- The task 'SBW_UpdateTask_Time_3932323637373635372d7837235a576c4a3241345041' runs daily in the path '\SBW_UpdateTask_Time_3932323637373635372d7837235a576c4a3241345041'
- The job 'SBW_UpdateTask_Time_313035393136322d5a236c2a4a45574150574132' runs daily in the path '\SBW_UpdateTask_Time_313035393136322d5a236c2a4a45574150574132'
- The task '80e45e89-e004-444c-a9bb-a8361c5d9ecc' runs on registration in the path '\Event Viewer Tasks\80e45e89-e004-444c-a9bb-a8361c5d9ecc'
- The job '4834' runs on registration in the path '\4834'
- The job 'SBW_UpdateTask_Time_323532333439303136352d6c235a2a5b4532412d573432' runs daily in the path '\SBW_UpdateTask_Time_323532333439303136352d6c235a2a5b4532412d573432'
- The task 'SBW_UpdateTask_Logon_323532333439303136352d6c235a2a5b4532412d573432' runs on logon in the path '\SBW_UpdateTask_Logon_323532333439303136352d6c235a2a5b4532412d573432'
- The task 'SBW_UpdateTask_Time_333736373630353831392d784a234157344a2a416c505a' runs daily in the path '\SBW_UpdateTask_Time_333736373630353831392d784a234157344a2a416c505a'
- The job 'SBW_UpdateTask_Logon_333736373630353831392d784a234157344a2a416c505a' runs on logon in the path '\SBW_UpdateTask_Logon_333736373630353831392d784a234157344a2a416c505a'
- The job '4895' runs on registration in the path '\4895'
- The task '4469' runs on registration in the path '\4469'
- The task '4806' runs on registration in the path '\4806'
- The job '4729' runs on registration in the path '\4729'
- The task '4792' runs on registration in the path '\4792'
- The task '4696' runs on registration in the path '\4696'
- The task '4797' runs on registration in the path '\4797'
- The task 'SBW_UpdateTask_Time_3737383533343234332d455b2a34504141454a5a576c' runs daily in the path '\SBW_UpdateTask_Time_3737383533343234332d455b2a34504141454a5a576c'
- The job 'SBW_UpdateTask_Logon_3737383533343234332d455b2a34504141454a5a576c' runs on logon in the path '\SBW_UpdateTask_Logon_3737383533343234332d455b2a34504141454a5a576c'
- The job '4394' runs on registration in the path '\4394'
- The task '4510' runs on registration in the path '\4510'
- The task '4638' runs on registration in the path '\4638'
- The job '4628' runs on registration in the path '\4628'
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'IntelTBRunOnce' → wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'TempSnippingTool' → wscript.exe //B "C:\users\user\appdata\Local\Temp\TempSnippingTool.vbs"
- 'SpeedUpSystem' → wscript "C:\users\user\appdata\Roaming\Adobe\Flash Player\SpeedCache\afile.vbs" "C:\users\user\appdata\Roaming\Adobe\Flash Player\SpeedCache\aso.bat"
- 'ActiveXService' → wscript "C:\users\user\appdata\Roaming\ActiveX\invis.vbs" "C:\users\user\appdata\Roaming\ActiveX\svchost.exe"
- 'Protector' → wscript.exe "C:\users\user\appdata\Roaming\SDIV 2.0\Prot\prot.vbs" check
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
- Login entry path '\SBW_UpdateTask_Logon_323532333439303136352d6c235a2a5b4532412d573432'
- Login entry path '\SBW_UpdateTask_Logon_333736373630353831392d784a234157344a2a416c505a'
- Login entry path '\SBW_UpdateTask_Logon_3737383533343234332d455b2a34504141454a5a576c'
- Login entry path '\USER_ESRV_SVC'
Startup files (all users) run once
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce'
- 'Start Savin-repairJob' → wscript.exe "C:\users\user\appdata\Local\Start Savin\repair.js" "Start Savin-repairJob"
Distribution by Windows OS
OS version | distribution |
Windows 7 Home Premium |
36.00% |
|
Windows 8.1 Pro |
13.50% |
|
Windows 7 Ultimate |
12.00% |
|
Windows 8.1 |
10.50% |
|
Windows 7 Professional |
6.00% |
|
Windows 8.1 Single Language |
6.00% |
|
Windows 8 |
5.50% |
|
Windows 8 Single Language |
3.00% |
|
Windows 8.1 Pro with Media Center |
2.00% |
|
Windows 8 Enterprise N |
2.00% |
|
Windows Seven Black Edition |
2.00% |
|
Windows 8.1 N |
1.50% |
|
Distribution by country
United States installs about 54.00% of Microsoft ® Windows Script Host.
Distribution by PC manufacturer
PC Manufacturer | distribution |
Hewlett-Packard |
22.04% |
|
ASUS |
19.59% |
|
Dell |
17.96% |
|
Toshiba |
13.06% |
|
Acer |
11.02% |
|
Lenovo |
6.53% |
|
Alienware |
3.27% |
|
Samsung |
3.27% |
|
Intel |
3.27% |
|