ms_auto.exe

Microsoft Autoplay Repair Wizard

Microsoft Corporation

Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft Autoplay Repair Wizard

Version:
5.2.3790.67 built by: srv03_qfe(wmbla)

MD5:
90a4962f44d2e75398d517bc90f06f8c

SHA-1:
f1d9b122e8c880c582f18bb03714748472cfb890

SHA-256:
39277ef5b5720d914ee52e418c32ad743493fa6ad3d9bca3247693d7d7448d16

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/15/2024 6:02:01 AM UTC  (today)

File size:
76.3 KB (78,160 bytes)

Product version:
5.2.3790.67

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
AutoFix.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\ms_auto.exe

Digital Signature
Authority:
Microsoft Corporation

Valid from:
10/18/2002 9:05:46 PM

Valid to:
12/18/2003 9:15:46 PM

Subject:
CN=Microsoft Windows Publisher, OU=Copyright (c) 2002 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Windows Verification Intermediate PCA, OU=Copyright (c) 1999 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=WA, C=US

Serial number:
6108B35700000000002E

File PE Metadata
Compilation timestamp:
6/28/2003 12:08:39 AM

OS version:
5.2

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
1536:+XvlSmK+ZUIk9nn1k2DtQLWvSZvOzj/hZYX8oJq5uM0br6Nyl:+XvlSmK+ZUIk9nn1k4vSJOzj/heL85u3

Entry address:
0x8D12

Entry point:
6A, 70, 68, D8, 42, 00, 01, E8, 4A, 02, 00, 00, 33, DB, 89, 5D, FC, 8D, 45, 80, 50, FF, 15, 9C, 10, 00, 01, 83, CF, FF, 89, 7D, FC, 66, 81, 3D, 00, 00, 00, 01, 4D, 5A, 75, 27, A1, 3C, 00, 00, 01, 8D, 80, 00, 00, 00, 01, 81, 38, 50, 45, 00, 00, 75, 14, 0F, B7, 48, 18, 81, F9, 0B, 01, 00, 00, 74, 20, 81, F9, 0B, 02, 00, 00, 74, 05, 89, 5D, E4, EB, 27, 83, B8, 84, 00, 00, 00, 0E, 76, F2, 33, C9, 39, 98, F8, 00, 00, 00, EB, 0E, 83, 78, 74, 0E, 76, E2, 33, C9, 39, 98, E8, 00, 00, 00, 0F, 95, C1, 89, 4D, E4, C7...
 
[+]

Entropy:
5.6958

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
35.5 KB (36,352 bytes)

The file ms_auto.exe has been discovered within the following program.

Windows Media Codec Pack  by windowsmediacodec.com
Windows Media Codec Pack is desigend to distributed bundled adware in the installer. The program itself just wraps and includes standard open source media players and codecs that are available for free online.
windowsmediacodec.com
67% remove it
 
Powered by Should I Remove It?

The file ms_auto.exe has been seen being distributed by the following 16 URLs.

http://gsf-cf.softonic.com/f1d/9b1/.../file?SD_used=0&channel=WEB&fdh=no&id_file=44330&instance=softonic_es&type=PROGRAM&Expires=1485612658&Signature=G6BAxZorWsqBxA8IAs~UxDua~vy~VqULRvwMGTM9ezjXJ39EiE5jAgVlKrM2i99kxdy9uQtpaOSQHg29-Hh-1qQQApLqin8q-1IXFLOJPuJ3HnRrc2tCuD6VtUsWC~GtWOI~ZKLO7Qajamupe8O-7u9beeKRZ~4OaJpfCIPq7q8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=AutoFix5.exe

http://gsf-cf.softonic.com/f1d/9b1/.../file?SD_used=0&channel=WEB&fdh=no&id_file=44330&instance=softonic_es&type=PROGRAM&Expires=1482955707&Signature=buywuPOsubILTMW12EkBIjesnIOF~ERp94NLozdlGma~Hv4UxMN154s4pniKKTknoLQkJe77Tz46FDW~fGzfDID7wdm05wOsXAhlrp0RgqFkWovkrG6QfmYjwH5REiTm~xGArXjYthz9OywqrVP4X697HQNb1KuAD9nPPUlKclI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=AutoFix5.exe

http://www.majorgeeks.com/index.php?ct=files&action=download&

ftp://zebulon.fr/autofix.exe

http://gsf-cf.softonic.com/f1d/9b1/.../file?SD_used=0&channel=WEB&fdh=no&id_file=44330&instance=softonic_es&type=PROGRAM&Expires=1476621632&Signature=TqpOiYeFW3FBduo~30DLYU~eBI9zYzCCu-GievmKchE3zmFpbAoppENKwADCkt3D7XsSVouTlvdigkTAUwdZq~GlwNHvHoja5IYnXGbNiuxXQ27hnzFeyX-s-RRaQzCGzGwoGpjVD0wRxcv5H4HpwOR~WHKljZrlPE~2~e92NQI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=AutoFix5.exe

http://gsf-cf.softonic.com/f1d/9b1/.../file?SD_used=0&channel=WEB&fdh=no&id_file=44330&instance=softonic_en&type=PROGRAM&Expires=1472342176&Signature=PtW0BLmV-GfszsF0EuWuflCwmb5dyojjLeiyQtm1EPdeTLSLEJnfgEN0lIFlKXFPduaBVYPFwdYF8c~6ycmpa3pGRslDhspeLVvi5sxeGkHtJf9GaSo2e5kaEKqeHxv4kG5SAR7FY7jMQGWORe9OfKqg0uRWgtYLCfdnJRym~Qw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=AutoFix5.exe

http://gsf-cf.softonic.com/f1d/9b1/.../file?SD_used=0&channel=WEB&fdh=no&id_file=44330&instance=softonic_es&type=PROGRAM&Expires=1473050856&Signature=V9g7ZJvP9cTx2HLTPZ4WDEa3h4wKfgRoyk4UbKYSXJ74axsjaCYIe~O0oPSIjOVnPLeqO-FIhP0B4gm~8LjwvnEAeqb4NwGuopjlHQeCAZu79CDG2KrsSPApSO0bQ3bn~j5pejUxD8xigAl-xyaYPHsqqt-wl1dSAtMpQq9MC~c_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=AutoFix5.exe

http://gsf-cf.softonic.com/f1d/9b1/.../file?SD_used=0&channel=WEB&fdh=no&id_file=44330&instance=softonic_es&type=PROGRAM&Expires=1426902605&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=c5hxQw1RLmy~OycsKT~mersSizqwhsWCbub2RnD9G69g-cB5Z6WhNgG5qlPDF6XRpBzAgZkFkpkPITynYVuWywkR~rR8FXncDDwnBArBqK9UG3pSQoCdfHeCZJkGQySvb9s0tUg-Z~pCU33y~DKwk5VrWzfppMaqAuEdTEyEomc_&filename=AutoFix5.exe