wscript.exe
Microsoft Windows Script Host by Microsoft
Version: | 5.8.7600.16385 |
MD5: | d1ab72db2bedd2f255d35da3da0d4b16 |
SHA1: | 860265276b29b42b8c4b077e5c651def9c81b6e9 |
SHA256: | 047f3c5a7ab0ea05f35b2ca8037bf62dd4228786d07707064dbd0d46569305d0 |
This is a Windows system installed file with Windows File Protection (WFP) enabled.
What is wscript.exe?
The Microsoft Windows Script Host (WSH) is an automation technology for Microsoft Windows that provides scripting abilities comparable to batch files, but with a wider range of supported features. It was originally called Windows Scripting Host, but was renamed for the second release.
About wscript.exe (from Microsoft)
“Microsoft® Windows® Script Host (WSH) is a language-independent scripting host for Windows Script compatible scripting engines. It brings simple, powerful, and flexible scripting to the Windows 32-bit”
Overview
wscript.exe executes as a process with the local user's privileges usually within the context of Windows Explorer. It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user).
Details
File name: | wscript.exe |
Publisher: | Microsoft Corporation |
Product name: | Microsoft ® Windows Script Host |
Description: | Microsoft ® Windows Based Script Host |
Typical file path: | C:\Windows\System32\wscript.exe |
Original name: | wscript.exe.mui |
File version: | 5.8.7600.16385 |
Size: | 138.5 KB (141,824 bytes) |
Digital DNA |
PE subsystem: | Windows GUI |
Entropy: | 5.988827 |
File packed: | No |
Code language: | Microsoft Visual C++ |
.NET CLR: | No |
More details
Behaviors
Shell open commands
- vbefile
- VBSFile
- jsefile
- JSFile
Scheduled tasks
- The job '4804' runs on registration in the path '\4804'
- The task 'SBW_UpdateTask_Time_3932323637373635372d7837235a576c4a3241345041' runs daily in the path '\SBW_UpdateTask_Time_3932323637373635372d7837235a576c4a3241345041'
- The job 'SBW_UpdateTask_Time_313035393136322d5a236c2a4a45574150574132' runs daily in the path '\SBW_UpdateTask_Time_313035393136322d5a236c2a4a45574150574132'
- The task '80e45e89-e004-444c-a9bb-a8361c5d9ecc' runs on registration in the path '\Event Viewer Tasks\80e45e89-e004-444c-a9bb-a8361c5d9ecc'
- The job '4834' runs on registration in the path '\4834'
- The job 'SBW_UpdateTask_Time_323532333439303136352d6c235a2a5b4532412d573432' runs daily in the path '\SBW_UpdateTask_Time_323532333439303136352d6c235a2a5b4532412d573432'
- The task 'SBW_UpdateTask_Logon_323532333439303136352d6c235a2a5b4532412d573432' runs on logon in the path '\SBW_UpdateTask_Logon_323532333439303136352d6c235a2a5b4532412d573432'
- The task 'SBW_UpdateTask_Time_333736373630353831392d784a234157344a2a416c505a' runs daily in the path '\SBW_UpdateTask_Time_333736373630353831392d784a234157344a2a416c505a'
- The job 'SBW_UpdateTask_Logon_333736373630353831392d784a234157344a2a416c505a' runs on logon in the path '\SBW_UpdateTask_Logon_333736373630353831392d784a234157344a2a416c505a'
- The job '4895' runs on registration in the path '\4895'
- The task '4469' runs on registration in the path '\4469'
- The task '4806' runs on registration in the path '\4806'
- The job '4729' runs on registration in the path '\4729'
- The task '4792' runs on registration in the path '\4792'
- The task '4696' runs on registration in the path '\4696'
- The task '4797' runs on registration in the path '\4797'
- The task 'SBW_UpdateTask_Time_3737383533343234332d455b2a34504141454a5a576c' runs daily in the path '\SBW_UpdateTask_Time_3737383533343234332d455b2a34504141454a5a576c'
- The job 'SBW_UpdateTask_Logon_3737383533343234332d455b2a34504141454a5a576c' runs on logon in the path '\SBW_UpdateTask_Logon_3737383533343234332d455b2a34504141454a5a576c'
- The job '4394' runs on registration in the path '\4394'
- The task '4510' runs on registration in the path '\4510'
- The task '4638' runs on registration in the path '\4638'
- The job '4628' runs on registration in the path '\4628'
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'IntelTBRunOnce' → wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'TempSnippingTool' → wscript.exe //B "C:\users\user\appdata\Local\Temp\TempSnippingTool.vbs"
- 'SpeedUpSystem' → wscript "C:\users\user\appdata\Roaming\Adobe\Flash Player\SpeedCache\afile.vbs" "C:\users\user\appdata\Roaming\Adobe\Flash Player\SpeedCache\aso.bat"
- 'ActiveXService' → wscript "C:\users\user\appdata\Roaming\ActiveX\invis.vbs" "C:\users\user\appdata\Roaming\ActiveX\svchost.exe"
- 'Protector' → wscript.exe "C:\users\user\appdata\Roaming\SDIV 2.0\Prot\prot.vbs" check
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
- Login entry path '\SBW_UpdateTask_Logon_323532333439303136352d6c235a2a5b4532412d573432'
- Login entry path '\SBW_UpdateTask_Logon_333736373630353831392d784a234157344a2a416c505a'
- Login entry path '\SBW_UpdateTask_Logon_3737383533343234332d455b2a34504141454a5a576c'
- Login entry path '\USER_ESRV_SVC'
Startup files (all users) run once
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce'
- 'Start Savin-repairJob' → wscript.exe "C:\users\user\appdata\Local\Start Savin\repair.js" "Start Savin-repairJob"
Network connections
[TCP] 112-230-121-188.amsterdam.bgtn.net (188.121.230.112:1243)
[UDP] listens on port 59549
[UDP] listens on port 62202
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
CPU |
Total CPU: | 0.00118128% | |
Kernel CPU: | 0.00082452% | |
User CPU: | 0.00035676% | |
Kernel CPU time: | 1,031,017,473 ms/min | |
CPU cycles: | 6,749,765/sec | |
Context switches: | 9/sec | |
Memory |
Private memory: | 10.47 MB | |
Private (maximum): | 16.96 MB | |
Private (minimum): | 8.68 MB | |
Non-paged memory: | 10.47 MB | |
Virtual memory: | 110.58 MB | |
Virtual memory (peak): | 113.75 MB | |
Working set: | 12.27 MB | |
Working set (peak): | 17.01 MB | |
Page faults: | 3,689,480/min | |
I/O |
I/O read transfer: | 25.62 KB/sec | |
I/O read operations: | 253/sec | |
I/O write transfer: | 20.18 KB/sec | |
I/O write operations: | 1/sec | |
I/O other transfer: | 27.13 KB/sec | |
I/O other operations: | 1,417/sec | |
Resource allocations |
Threads: | 11 | |
Handles: | 416 | |
GUI GDI count: | 11 | |
GUI GDI peak: | 13 | |
GUI USER count: | 8 | |
GUI USER peak: | 9 | |
Process properties
Integrety level: | Medium |
Platform: | 32-bit |
Command lines: |
- "C:\Windows\System32\wscript.exe" //b "C:\users\user\appdata\local\temp\tempsnippingtool.vbs"
- "C:\windows\svchost .exe" /C:vbscript.encode "C:\Program Files\common files\system\windows update\wxz.dat
|
Owner: | User |
Parent process: | explorer.exe (Windows Explorer by Microsoft Corporation) |
Threads
Averages
wscript.exe (main module) |
Total CPU: | 0.07735010% | |
Kernel CPU: | 0.04160124% | |
User CPU: | 0.03574886% | |
CPU cycles: | 1,912,575/sec | |
Context switches: | 3/sec | |
Memory: | 152 KB | |
ntdll.dll |
Total CPU: | 0.00313736% | |
Kernel CPU: | 0.00159512% | |
User CPU: | 0.00154224% | |
CPU cycles: | 290,442/sec | |
Context switches: | 1/sec | |
Memory: | 1.23 MB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
OS version | distribution |
Windows 7 Home Premium |
36.00% |
|
Windows 8.1 Pro |
13.50% |
|
Windows 7 Ultimate |
12.00% |
|
Windows 8.1 |
10.50% |
|
Windows 7 Professional |
6.00% |
|
Windows 8.1 Single Language |
6.00% |
|
Windows 8 |
5.50% |
|
Windows 8 Single Language |
3.00% |
|
Windows 8.1 Pro with Media Center |
2.00% |
|
Windows 8 Enterprise N |
2.00% |
|
Windows Seven Black Edition |
2.00% |
|
Windows 8.1 N |
1.50% |
|
Distribution by country
United States installs about 54.00% of Microsoft ® Windows Script Host.
Distribution by PC manufacturer
PC Manufacturer | distribution |
Hewlett-Packard |
22.04% |
|
ASUS |
19.59% |
|
Dell |
17.96% |
|
Toshiba |
13.06% |
|
Acer |
11.02% |
|
Lenovo |
6.53% |
|
Alienware |
3.27% |
|
Samsung |
3.27% |
|
Intel |
3.27% |
|