Should I block it?

No, this file is 100% safe to run.

Additional versions

5.8.9600.16384	4.48%
5.8.9600.16384	0.06%
5.8.9431.0	0.23%
5.8.9431.0	0.01%
5.8.9200.16384	2.57%
5.8.9200.16384	14.22%
5.8.8400.0	0.06%
5.8.8400.0	0.06%
5.8.8250.0	0.01%
5.8.8102.0	0.06%
5.8.7600.16385	25.27%
5.8.7600.16385	38.21%
5.8.7600.16385	0.01%
5.8.7600.16385	0.01%
5.8.7600.16385	5.31%
5.8.7600.16385	0.16%
5.8.7264.0	0.01%
5.7.0.18066	0.11%
5.7.0.18066	0.06%
5.7.0.18066	0.01%
5.7.0.18066	0.16%
5.7.0.18066	0.01%
5.7.0.18066	0.01%
5.7.0.18066	0.01%
5.7.0.18066	0.06%
View more
5.7.0.18066	0.01%
5.7.0.18066	0.01%
5.7.0.18066	0.06%
5.7.0.18066	0.01%
5.7.0.18066	0.01%
5.7.0.18066	0.01%
5.7.0.18066	0.01%
5.7.0.18066	0.01%
5.7.0.18066	0.01%
5.7.0.16599	0.01%
5.7.0.16599	0.01%
5.7.0.16599	0.01%
5.7.0.16599	0.01%
5.7.0.16535	0.01%
5.7.0.6000	6.05%
5.7.0.6000	0.01%
5.7.0.6000	0.32%
5.7.0.6000	1.19%
5.7.0.6000	0.42%
5.7.0.6000	0.11%
5.7.0.6000	0.01%
5.6.0.8833	0.01%
5.6.0.8832	0.06%
5.6.0.8825	0.01%
5.6.0.8825	0.16%
5.6.0.8825	0.01%
10 other versions

Relationships

PE file structure

Show functions

Import table

advapi32.dll

RegCreateKeyA, RegCloseKey, RegSetValueA, RegOpenKeyA, RegQueryValueA, RegDeleteKeyA, RegSetValueExW, RegQueryValueExW, RegCreateKeyExW, RegCreateKeyExA, RegOpenKeyExW, ImpersonateLoggedOnUser, RegisterEventSourceW, GetUserNameW, LookupAccountNameW, ReportEventW, DeregisterEventSource, IsTextUnicode, RegQueryValueExA, RegEnumKeyExA, RegOpenKeyExA, RegSetValueExA

kernel32.dll

GetCommandLineA, lstrlenW, GetCommandLineW, HeapAlloc, HeapFree, GetProcessHeap, GetProcAddress, SearchPathW, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, GetLocaleInfoW, GetVersionExW, CreateFileMappingW, LoadLibraryExW, SetLastError, LoadResource, FindResourceExW, CreateFileW, GetFileSize, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, GetPrivateProfileIntW, GetPrivateProfileIntA, GetPrivateProfileStringW, GetPrivateProfileStringA, GetFullPathNameW, GetFullPathNameA, GetLocaleInfoA, LoadLibraryExA, LoadLibraryW, HeapReAlloc, GetStdHandle, GetConsoleMode, GetSystemDirectoryA, GetTempPathA, GetTempFileNameA, CreateFileA, WriteFile, FlushFileBuffers, GetUserDefaultLCID, GetCPInfo, GetFileAttributesW, FindFirstFileW, GetFileAttributesA, FindFirstFileA, FindClose, GetACP, CreateEventA, CreateThread, CloseHandle, SetEvent, FormatMessageW, LocalAlloc, LocalFree, FormatMessageA, GetVersionExA, GetModuleFileNameW, LoadLibraryA, FreeLibrary, lstrlenA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, RtlUnwind, OutputDebugStringA, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetCurrentThreadId, InterlockedIncrement, InterlockedCompareExchange, InterlockedExchange, InterlockedDecrement, ExitProcess, GetModuleHandleA, GetStartupInfoA, GetLastError, WideCharToMultiByte, MultiByteToWideChar, GetModuleFileNameA

msvcrt.dll

DllMain

ole32.dll

CLSIDFromString, CLSIDFromProgID, MkParseDisplayName, CoGetClassObject, CoInitializeSecurity, CreateFileMoniker, CreateBindCtx, CoMarshalInterThreadInterfaceInStream, CoGetInterfaceAndReleaseStream, CoUninitialize, CoInitialize, CoCreateInstance, CoRevokeClassObject, CoRegisterClassObject, StringFromCLSID, CoGetMalloc, CoRegisterMessageFilter

user32.dll

GetMessageA, DispatchMessageA, GetActiveWindow, MessageBoxW, PostThreadMessageA, GetParent, TranslateMessage, PeekMessageA, MsgWaitForMultipleObjects, SendMessageA, PostMessageA, LoadStringW, LoadStringA, CharNextA, GetClassInfoA, RegisterClassA, CreateWindowExA, GetWindowLongA, SetWindowLongA, SetTimer, DefWindowProcA, PostQuitMessage, KillTimer, EnumThreadWindows, IsWindowVisible, GetClassNameA

version.dll

GetFileVersionInfoSizeW, GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeA

wscript.exe

Microsoft Windows Script Host by Microsoft

Remove wscript.exe

Version:	5.7.0.6000
MD5:	1259e03dcd5f265b23db738fb075df8c
SHA1:	655d245277626a7893c55de282077d42f4ac4e0f
SHA256:	0a5b7295dbae6850d1ef99e7ec839e2139b29ec5352b7c730d729b3a32f95040

This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is wscript.exe?

The Microsoft Windows Script Host (WSH) is an automation technology for Microsoft Windows that provides scripting abilities comparable to batch files, but with a wider range of supported features. It was originally called Windows Scripting Host, but was renamed for the second release.

About wscript.exe (from Microsoft)

“Microsoft® Windows® Script Host (WSH) is a language-independent scripting host for Windows Script compatible scripting engines. It brings simple, powerful, and flexible scripting to the Windows 32-bit”

Overview

wscript.exe executes as a process with the local user's privileges. It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user). It is installed with a couple of know programs including Location Saisonniere published by Rocher Digital, Location Saisonniere from Rocher Digital and Location Saisonniere by Rocher Digital.

Details

File name:	wscript.exe
Publisher:	Microsoft Corporation
Product name:	Microsoft ® Windows Script Host
Description:	Microsoft ® Windows Based Script Host
Typical file path:	C:\Windows\System32\wscript.exe
Original name:	wscript.exe.mui
File version:	5.7.0.6000
Size:	152 KB (155,648 bytes)
Digital DNA
PE subsystem:	Windows GUI
Entropy:	5.988827
File packed:	No
Code language:	Microsoft Visual C++
.NET CLR:	No

More details

Programs

The following programs will install this file

Location Saisonniere

Rocher Digital

9% remove

Behaviors

Shell open commands

vbefile
VBSFile
jsefile
JSFile

Scheduled tasks

The job '4804' runs on registration in the path '\4804'
The task 'SBW_UpdateTask_Time_3932323637373635372d7837235a576c4a3241345041' runs daily in the path '\SBW_UpdateTask_Time_3932323637373635372d7837235a576c4a3241345041'
The job 'SBW_UpdateTask_Time_313035393136322d5a236c2a4a45574150574132' runs daily in the path '\SBW_UpdateTask_Time_313035393136322d5a236c2a4a45574150574132'
The task '80e45e89-e004-444c-a9bb-a8361c5d9ecc' runs on registration in the path '\Event Viewer Tasks\80e45e89-e004-444c-a9bb-a8361c5d9ecc'
The job '4834' runs on registration in the path '\4834'
The job 'SBW_UpdateTask_Time_323532333439303136352d6c235a2a5b4532412d573432' runs daily in the path '\SBW_UpdateTask_Time_323532333439303136352d6c235a2a5b4532412d573432'
The task 'SBW_UpdateTask_Logon_323532333439303136352d6c235a2a5b4532412d573432' runs on logon in the path '\SBW_UpdateTask_Logon_323532333439303136352d6c235a2a5b4532412d573432'
The task 'SBW_UpdateTask_Time_333736373630353831392d784a234157344a2a416c505a' runs daily in the path '\SBW_UpdateTask_Time_333736373630353831392d784a234157344a2a416c505a'
The job 'SBW_UpdateTask_Logon_333736373630353831392d784a234157344a2a416c505a' runs on logon in the path '\SBW_UpdateTask_Logon_333736373630353831392d784a234157344a2a416c505a'
The job '4895' runs on registration in the path '\4895'
The task '4469' runs on registration in the path '\4469'
The task '4806' runs on registration in the path '\4806'
The job '4729' runs on registration in the path '\4729'
The task '4792' runs on registration in the path '\4792'
The task '4696' runs on registration in the path '\4696'
The task '4797' runs on registration in the path '\4797'
The task 'SBW_UpdateTask_Time_3737383533343234332d455b2a34504141454a5a576c' runs daily in the path '\SBW_UpdateTask_Time_3737383533343234332d455b2a34504141454a5a576c'
The job 'SBW_UpdateTask_Logon_3737383533343234332d455b2a34504141454a5a576c' runs on logon in the path '\SBW_UpdateTask_Logon_3737383533343234332d455b2a34504141454a5a576c'
The job '4394' runs on registration in the path '\4394'
The task '4510' runs on registration in the path '\4510'
The task '4638' runs on registration in the path '\4638'
The job '4628' runs on registration in the path '\4628'

Startup files (all users) run

Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'

'IntelTBRunOnce' → wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

Startup files (user) run

Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'

'TempSnippingTool' → wscript.exe //B "C:\users\user\appdata\Local\Temp\TempSnippingTool.vbs"
'SpeedUpSystem' → wscript "C:\users\user\appdata\Roaming\Adobe\Flash Player\SpeedCache\afile.vbs" "C:\users\user\appdata\Roaming\Adobe\Flash Player\SpeedCache\aso.bat"
'ActiveXService' → wscript "C:\users\user\appdata\Roaming\ActiveX\invis.vbs" "C:\users\user\appdata\Roaming\ActiveX\svchost.exe"
'Protector' → wscript.exe "C:\users\user\appdata\Roaming\SDIV 2.0\Prot\prot.vbs" check

Scheduled tasks startups

Set to load on user login (bypasses Windows UAC if enabled)

Startup files (all users) run once

Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce'

'Start Savin-repairJob' → wscript.exe "C:\users\user\appdata\Local\Start Savin\repair.js" "Start Savin-repairJob"

Distribution by Windows OS

OS version	distribution
Windows 7 Home Premium	36.00%
Windows 8.1 Pro	13.50%
Windows 7 Ultimate	12.00%
Windows 8.1	10.50%
Windows 7 Professional	6.00%
Windows 8.1 Single Language	6.00%
Windows 8	5.50%
Windows 8 Single Language	3.00%
Windows 8.1 Pro with Media Center	2.00%
Windows 8 Enterprise N	2.00%
Windows Seven Black Edition	2.00%
Windows 8.1 N	1.50%

Distribution by country

United States installs about 54.00% of Microsoft ® Windows Script Host.

Distribution by PC manufacturer

PC Manufacturer	distribution
Hewlett-Packard	22.04%
ASUS	19.59%
Dell	17.96%
Toshiba	13.06%
Acer	11.02%
Lenovo	6.53%
Alienware	3.27%
Samsung	3.27%
Intel	3.27%

Remove Adware and Spyware Programs, FREE Download!