Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

5.8.9600.16384 4.48%
5.8.9600.16384 0.06%
5.8.9431.0 0.23%
5.8.9431.0 0.01%
5.8.9200.16384 2.57%
5.8.9200.16384 14.22%
5.8.8400.0 0.06%
5.8.8400.0 0.06%
5.8.8250.0 0.01%
5.8.8102.0 0.06%
5.8.7600.16385 25.27%
5.8.7600.16385 38.21%
5.8.7600.16385 0.01%
5.8.7600.16385 0.01%
5.8.7600.16385 5.31%
5.8.7600.16385 0.16%
5.8.7264.0 0.01%
5.7.0.18066 0.11%
5.7.0.18066 0.06%
5.7.0.18066 0.01%
5.7.0.18066 0.16%
5.7.0.18066 0.01%
5.7.0.18066 0.01%
5.7.0.18066 0.01%
5.7.0.18066 0.06%
View more

Relationships


PE structurePE file structure

Show functions
Import table
advapi32.dll
RegCreateKeyA, RegCloseKey, RegSetValueA, RegOpenKeyA, RegQueryValueA, RegDeleteKeyA, RegSetValueExW, RegQueryValueExW, RegCreateKeyExW, RegCreateKeyExA, RegOpenKeyExW, ImpersonateLoggedOnUser, RegisterEventSourceW, GetUserNameW, LookupAccountNameW, ReportEventW, DeregisterEventSource, IsTextUnicode, RegQueryValueExA, RegEnumKeyExA, RegOpenKeyExA, RegSetValueExA
kernel32.dll
GetCommandLineA, lstrlenW, GetCommandLineW, HeapAlloc, HeapFree, GetProcessHeap, GetProcAddress, SearchPathW, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, GetLocaleInfoW, GetVersionExW, CreateFileMappingW, LoadLibraryExW, SetLastError, LoadResource, FindResourceExW, CreateFileW, GetFileSize, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, GetPrivateProfileIntW, GetPrivateProfileIntA, GetPrivateProfileStringW, GetPrivateProfileStringA, GetFullPathNameW, GetFullPathNameA, GetLocaleInfoA, LoadLibraryExA, LoadLibraryW, HeapReAlloc, GetStdHandle, GetConsoleMode, GetSystemDirectoryA, GetTempPathA, GetTempFileNameA, CreateFileA, WriteFile, FlushFileBuffers, GetUserDefaultLCID, GetCPInfo, GetFileAttributesW, FindFirstFileW, GetFileAttributesA, FindFirstFileA, FindClose, GetACP, CreateEventA, CreateThread, CloseHandle, SetEvent, FormatMessageW, LocalAlloc, LocalFree, FormatMessageA, GetVersionExA, GetModuleFileNameW, LoadLibraryA, FreeLibrary, lstrlenA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, RtlUnwind, OutputDebugStringA, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetCurrentThreadId, InterlockedIncrement, InterlockedCompareExchange, InterlockedExchange, InterlockedDecrement, ExitProcess, GetModuleHandleA, GetStartupInfoA, GetLastError, WideCharToMultiByte, MultiByteToWideChar, GetModuleFileNameA
msvcrt.dll
DllMain
ole32.dll
CLSIDFromString, CLSIDFromProgID, MkParseDisplayName, CoGetClassObject, CoInitializeSecurity, CreateFileMoniker, CreateBindCtx, CoMarshalInterThreadInterfaceInStream, CoGetInterfaceAndReleaseStream, CoUninitialize, CoInitialize, CoCreateInstance, CoRevokeClassObject, CoRegisterClassObject, StringFromCLSID, CoGetMalloc, CoRegisterMessageFilter
user32.dll
GetMessageA, DispatchMessageA, GetActiveWindow, MessageBoxW, PostThreadMessageA, GetParent, TranslateMessage, PeekMessageA, MsgWaitForMultipleObjects, SendMessageA, PostMessageA, LoadStringW, LoadStringA, CharNextA, GetClassInfoA, RegisterClassA, CreateWindowExA, GetWindowLongA, SetWindowLongA, SetTimer, DefWindowProcA, PostQuitMessage, KillTimer, EnumThreadWindows, IsWindowVisible, GetClassNameA
version.dll
GetFileVersionInfoSizeW, GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeA

wscript.exe

Microsoft Windows Script Host by Microsoft

Remove wscript.exe
Version:   5.6.0.8820
MD5:   ab6b9e5131f93aa9b50f6ba3cc6ecf71
SHA1:   c3bf273c193847b7e84725bdb5afd98feb754945
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is wscript.exe?

The Microsoft Windows Script Host (WSH) is an automation technology for Microsoft Windows that provides scripting abilities comparable to batch files, but with a wider range of supported features. It was originally called Windows Scripting Host, but was renamed for the second release.

About wscript.exe (from Microsoft)

Microsoft® Windows® Script Host (WSH) is a language-independent scripting host for Windows Script compatible scripting engines. It brings simple, powerful, and flexible scripting to the Windows 32-bit

Overview

wscript.exe executes as a process with the local user's privileges. It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user).

DetailsDetails

File name:wscript.exe
Publisher:Microsoft Corporation
Product name:Microsoft ® Windows Script Host
Description:Microsoft ® Windows Based Script Host
Typical file path:C:\Windows\System32\wscript.exe
Original name:wscript.exe.mui
File version:5.6.0.8820
Size:160 KB (163,840 bytes)
Build date:8/4/2004 9:01 AM
Digital DNA
PE subsystem:Windows GUI
Entropy:5.988827
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Shell open commands
  • vbefile
  • VBSFile
  • jsefile
  • JSFile
Scheduled tasks
  • The job '4804' runs on registration in the path '\4804'
  • The task 'SBW_UpdateTask_Time_3932323637373635372d7837235a576c4a3241345041' runs daily in the path '\SBW_UpdateTask_Time_3932323637373635372d7837235a576c4a3241345041'
  • The job 'SBW_UpdateTask_Time_313035393136322d5a236c2a4a45574150574132' runs daily in the path '\SBW_UpdateTask_Time_313035393136322d5a236c2a4a45574150574132'
  • The task '80e45e89-e004-444c-a9bb-a8361c5d9ecc' runs on registration in the path '\Event Viewer Tasks\80e45e89-e004-444c-a9bb-a8361c5d9ecc'
  • The job '4834' runs on registration in the path '\4834'
  • The job 'SBW_UpdateTask_Time_323532333439303136352d6c235a2a5b4532412d573432' runs daily in the path '\SBW_UpdateTask_Time_323532333439303136352d6c235a2a5b4532412d573432'
  • The task 'SBW_UpdateTask_Logon_323532333439303136352d6c235a2a5b4532412d573432' runs on logon in the path '\SBW_UpdateTask_Logon_323532333439303136352d6c235a2a5b4532412d573432'
  • The task 'SBW_UpdateTask_Time_333736373630353831392d784a234157344a2a416c505a' runs daily in the path '\SBW_UpdateTask_Time_333736373630353831392d784a234157344a2a416c505a'
  • The job 'SBW_UpdateTask_Logon_333736373630353831392d784a234157344a2a416c505a' runs on logon in the path '\SBW_UpdateTask_Logon_333736373630353831392d784a234157344a2a416c505a'
  • The job '4895' runs on registration in the path '\4895'
  • The task '4469' runs on registration in the path '\4469'
  • The task '4806' runs on registration in the path '\4806'
  • The job '4729' runs on registration in the path '\4729'
  • The task '4792' runs on registration in the path '\4792'
  • The task '4696' runs on registration in the path '\4696'
  • The task '4797' runs on registration in the path '\4797'
  • The task 'SBW_UpdateTask_Time_3737383533343234332d455b2a34504141454a5a576c' runs daily in the path '\SBW_UpdateTask_Time_3737383533343234332d455b2a34504141454a5a576c'
  • The job 'SBW_UpdateTask_Logon_3737383533343234332d455b2a34504141454a5a576c' runs on logon in the path '\SBW_UpdateTask_Logon_3737383533343234332d455b2a34504141454a5a576c'
  • The job '4394' runs on registration in the path '\4394'
  • The task '4510' runs on registration in the path '\4510'
  • The task '4638' runs on registration in the path '\4638'
  • The job '4628' runs on registration in the path '\4628'
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'IntelTBRunOnce' → wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'TempSnippingTool' → wscript.exe //B "C:\users\user\appdata\Local\Temp\TempSnippingTool.vbs"
  • 'SpeedUpSystem' → wscript "C:\users\user\appdata\Roaming\Adobe\Flash Player\SpeedCache\afile.vbs" "C:\users\user\appdata\Roaming\Adobe\Flash Player\SpeedCache\aso.bat"
  • 'ActiveXService' → wscript "C:\users\user\appdata\Roaming\ActiveX\invis.vbs" "C:\users\user\appdata\Roaming\ActiveX\svchost.exe"
  • 'Protector' → wscript.exe "C:\users\user\appdata\Roaming\SDIV 2.0\Prot\prot.vbs" check
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
  • Login entry path '\SBW_UpdateTask_Logon_323532333439303136352d6c235a2a5b4532412d573432'
  • Login entry path '\SBW_UpdateTask_Logon_333736373630353831392d784a234157344a2a416c505a'
  • Login entry path '\SBW_UpdateTask_Logon_3737383533343234332d455b2a34504141454a5a576c'
  • Login entry path '\USER_ESRV_SVC'
Startup files (all users) run once
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce'
  • 'Start Savin-repairJob' → wscript.exe "C:\users\user\appdata\Local\Start Savin\repair.js" "Start Savin-repairJob"

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 36.00%
Windows 8.1 Pro 13.50%
Windows 7 Ultimate 12.00%
Windows 8.1 10.50%
Windows 7 Professional 6.00%
Windows 8.1 Single Language 6.00%
Windows 8 5.50%
Windows 8 Single Language 3.00%
Windows 8.1 Pro with Media Center 2.00%
Windows 8 Enterprise N 2.00%
Windows Seven Black Edition 2.00%
Windows 8.1 N 1.50%

Distribution by countryDistribution by country

United States installs about 54.00% of Microsoft ® Windows Script Host.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Hewlett-Packard 22.04%
ASUS 19.59%
Dell 17.96%
Toshiba 13.06%
Acer 11.02%
Lenovo 6.53%
Alienware 3.27%
Samsung 3.27%
Intel 3.27%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE