mscinet.exe

Supersoft

The application mscinet.exe by Supersoft has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Windows Security Firewall Manager’.
Publisher:
Supersoft  (signed and verified)

Version:
0.0.0.0

MD5:
dae1aa24cadf63dcb4b15149fb8dea90

SHA-1:
e23802cabfd8944b9410a12912466f99efb6458f

SHA-256:
fece137836649e9d0e2097861b9e1ac07322b2f8444066712238faeccf3dd420

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/30/2024 11:10:13 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.12.12.22

File size:
38.7 KB (39,584 bytes)

Product version:
0.0.0.0

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:

Authority:
Supersoft

Valid from:
9/30/2012 3:26:38 AM

Valid to:
12/31/2039 5:59:59 PM

Subject:
CN=Supersoft

Issuer:
CN=Supersoft

Serial number:
6B50254A40C7CFB14A405056B8F04272

File PE Metadata
Compilation timestamp:
6/5/2008 3:21:35 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x4001C80

Entry point:
55, 8B, EC, 33, C0, 5D, C3, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5202

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Windows Security Firewall Manager

Command:
C:\recycler\mscinet.exe


Remove mscinet.exe - Powered by Reason Core Security