Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

5.8.9600.16384 4.48%
5.8.9600.16384 0.06%
5.8.9431.0 0.23%
5.8.9431.0 0.01%
5.8.9200.16384 2.57%
5.8.9200.16384 14.22%
5.8.8400.0 0.06%
5.8.8400.0 0.06%
5.8.8250.0 0.01%
5.8.8102.0 0.06%
5.8.7600.16385 25.27%
5.8.7600.16385 38.21%
5.8.7600.16385 0.01%
5.8.7600.16385 0.01%
5.8.7600.16385 5.31%
5.8.7600.16385 0.16%
5.8.7264.0 0.01%
5.7.0.18066 0.11%
5.7.0.18066 0.06%
5.7.0.18066 0.01%
5.7.0.18066 0.16%
5.7.0.18066 0.01%
5.7.0.18066 0.01%
5.7.0.18066 0.01%
5.7.0.18066 0.06%
View more

Relationships

PE structurePE file structure
Show functions
Import table
advapi32.dll
RegCreateKeyA, RegCloseKey, RegSetValueA, RegOpenKeyA, RegQueryValueA, RegDeleteKeyA, RegSetValueExW, RegQueryValueExW, RegCreateKeyExW, RegCreateKeyExA, RegOpenKeyExW, ImpersonateLoggedOnUser, RegisterEventSourceW, GetUserNameW, LookupAccountNameW, ReportEventW, DeregisterEventSource, IsTextUnicode, RegQueryValueExA, RegEnumKeyExA, RegOpenKeyExA, RegSetValueExA
kernel32.dll
GetCommandLineA, lstrlenW, GetCommandLineW, HeapAlloc, HeapFree, GetProcessHeap, GetProcAddress, SearchPathW, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, GetLocaleInfoW, GetVersionExW, CreateFileMappingW, LoadLibraryExW, SetLastError, LoadResource, FindResourceExW, CreateFileW, GetFileSize, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, GetPrivateProfileIntW, GetPrivateProfileIntA, GetPrivateProfileStringW, GetPrivateProfileStringA, GetFullPathNameW, GetFullPathNameA, GetLocaleInfoA, LoadLibraryExA, LoadLibraryW, HeapReAlloc, GetStdHandle, GetConsoleMode, GetSystemDirectoryA, GetTempPathA, GetTempFileNameA, CreateFileA, WriteFile, FlushFileBuffers, GetUserDefaultLCID, GetCPInfo, GetFileAttributesW, FindFirstFileW, GetFileAttributesA, FindFirstFileA, FindClose, GetACP, CreateEventA, CreateThread, CloseHandle, SetEvent, FormatMessageW, LocalAlloc, LocalFree, FormatMessageA, GetVersionExA, GetModuleFileNameW, LoadLibraryA, FreeLibrary, lstrlenA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, RtlUnwind, OutputDebugStringA, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetCurrentThreadId, InterlockedIncrement, InterlockedCompareExchange, InterlockedExchange, InterlockedDecrement, ExitProcess, GetModuleHandleA, GetStartupInfoA, GetLastError, WideCharToMultiByte, MultiByteToWideChar, GetModuleFileNameA
msvcrt.dll
DllMain
ole32.dll
CLSIDFromString, CLSIDFromProgID, MkParseDisplayName, CoGetClassObject, CoInitializeSecurity, CreateFileMoniker, CreateBindCtx, CoMarshalInterThreadInterfaceInStream, CoGetInterfaceAndReleaseStream, CoUninitialize, CoInitialize, CoCreateInstance, CoRevokeClassObject, CoRegisterClassObject, StringFromCLSID, CoGetMalloc, CoRegisterMessageFilter
user32.dll
GetMessageA, DispatchMessageA, GetActiveWindow, MessageBoxW, PostThreadMessageA, GetParent, TranslateMessage, PeekMessageA, MsgWaitForMultipleObjects, SendMessageA, PostMessageA, LoadStringW, LoadStringA, CharNextA, GetClassInfoA, RegisterClassA, CreateWindowExA, GetWindowLongA, SetWindowLongA, SetTimer, DefWindowProcA, PostQuitMessage, KillTimer, EnumThreadWindows, IsWindowVisible, GetClassNameA
version.dll
GetFileVersionInfoSizeW, GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeA

wscript.exe

Microsoft Windows Script Host by Microsoft

Remove wscript.exe
Version:   5.7.0.16599
MD5:   0cdb713bada380f4a340b9c4a5540a8f
SHA1:   5f903205eaed492a3333235c3bba5e2986cf3591
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is wscript.exe?

The Microsoft Windows Script Host (WSH) is an automation technology for Microsoft Windows that provides scripting abilities comparable to batch files, but with a wider range of supported features. It was originally called Windows Scripting Host, but was renamed for the second release.

About wscript.exe (from Microsoft)

Microsoft® Windows® Script Host (WSH) is a language-independent scripting host for Windows Script compatible scripting engines. It brings simple, powerful, and flexible scripting to the Windows 32-bit

Overview

wscript.exe executes as a process with the local user's privileges. It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user).

DetailsDetails

File name:wscript.exe
Publisher:Microsoft Corporation
Product name:Microsoft ® Windows Script Host
Description:Microsoft ® Windows Based Script Host
Typical file path:C:\Windows\System32\wscript.exe
Original name:wscript.exe.mui
File version:5.7.0.16599
Size:152 KB (155,648 bytes)
Digital DNA
PE subsystem:Windows GUI
Entropy:5.988827
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Shell open commands
  • vbefile
  • VBSFile
  • jsefile
  • JSFile
Scheduled tasks
  • The job '4804' runs on registration in the path '\4804'
  • The task 'SBW_UpdateTask_Time_3932323637373635372d7837235a576c4a3241345041' runs daily in the path '\SBW_UpdateTask_Time_3932323637373635372d7837235a576c4a3241345041'
  • The job 'SBW_UpdateTask_Time_313035393136322d5a236c2a4a45574150574132' runs daily in the path '\SBW_UpdateTask_Time_313035393136322d5a236c2a4a45574150574132'
  • The task '80e45e89-e004-444c-a9bb-a8361c5d9ecc' runs on registration in the path '\Event Viewer Tasks\80e45e89-e004-444c-a9bb-a8361c5d9ecc'
  • The job '4834' runs on registration in the path '\4834'
  • The job 'SBW_UpdateTask_Time_323532333439303136352d6c235a2a5b4532412d573432' runs daily in the path '\SBW_UpdateTask_Time_323532333439303136352d6c235a2a5b4532412d573432'
  • The task 'SBW_UpdateTask_Logon_323532333439303136352d6c235a2a5b4532412d573432' runs on logon in the path '\SBW_UpdateTask_Logon_323532333439303136352d6c235a2a5b4532412d573432'
  • The task 'SBW_UpdateTask_Time_333736373630353831392d784a234157344a2a416c505a' runs daily in the path '\SBW_UpdateTask_Time_333736373630353831392d784a234157344a2a416c505a'
  • The job 'SBW_UpdateTask_Logon_333736373630353831392d784a234157344a2a416c505a' runs on logon in the path '\SBW_UpdateTask_Logon_333736373630353831392d784a234157344a2a416c505a'
  • The job '4895' runs on registration in the path '\4895'
  • The task '4469' runs on registration in the path '\4469'
  • The task '4806' runs on registration in the path '\4806'
  • The job '4729' runs on registration in the path '\4729'
  • The task '4792' runs on registration in the path '\4792'
  • The task '4696' runs on registration in the path '\4696'
  • The task '4797' runs on registration in the path '\4797'
  • The task 'SBW_UpdateTask_Time_3737383533343234332d455b2a34504141454a5a576c' runs daily in the path '\SBW_UpdateTask_Time_3737383533343234332d455b2a34504141454a5a576c'
  • The job 'SBW_UpdateTask_Logon_3737383533343234332d455b2a34504141454a5a576c' runs on logon in the path '\SBW_UpdateTask_Logon_3737383533343234332d455b2a34504141454a5a576c'
  • The job '4394' runs on registration in the path '\4394'
  • The task '4510' runs on registration in the path '\4510'
  • The task '4638' runs on registration in the path '\4638'
  • The job '4628' runs on registration in the path '\4628'
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'IntelTBRunOnce' → wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'TempSnippingTool' → wscript.exe //B "C:\users\user\appdata\Local\Temp\TempSnippingTool.vbs"
  • 'SpeedUpSystem' → wscript "C:\users\user\appdata\Roaming\Adobe\Flash Player\SpeedCache\afile.vbs" "C:\users\user\appdata\Roaming\Adobe\Flash Player\SpeedCache\aso.bat"
  • 'ActiveXService' → wscript "C:\users\user\appdata\Roaming\ActiveX\invis.vbs" "C:\users\user\appdata\Roaming\ActiveX\svchost.exe"
  • 'Protector' → wscript.exe "C:\users\user\appdata\Roaming\SDIV 2.0\Prot\prot.vbs" check
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
  • Login entry path '\SBW_UpdateTask_Logon_323532333439303136352d6c235a2a5b4532412d573432'
  • Login entry path '\SBW_UpdateTask_Logon_333736373630353831392d784a234157344a2a416c505a'
  • Login entry path '\SBW_UpdateTask_Logon_3737383533343234332d455b2a34504141454a5a576c'
  • Login entry path '\USER_ESRV_SVC'
Startup files (all users) run once
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce'
  • 'Start Savin-repairJob' → wscript.exe "C:\users\user\appdata\Local\Start Savin\repair.js" "Start Savin-repairJob"

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 36.00%
Windows 8.1 Pro 13.50%
Windows 7 Ultimate 12.00%
Windows 8.1 10.50%
Windows 7 Professional 6.00%
Windows 8.1 Single Language 6.00%
Windows 8 5.50%
Windows 8 Single Language 3.00%
Windows 8.1 Pro with Media Center 2.00%
Windows 8 Enterprise N 2.00%
Windows Seven Black Edition 2.00%
Windows 8.1 N 1.50%

Distribution by countryDistribution by country

United States installs about 54.00% of Microsoft ® Windows Script Host.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Hewlett-Packard 22.04%
ASUS 19.59%
Dell 17.96%
Toshiba 13.06%
Acer 11.02%
Lenovo 6.53%
Alienware 3.27%
Samsung 3.27%
Intel 3.27%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE