msvcr100.dll.exe

Win32 Cabinet Self-Extractor

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application msvcr100.dll.exe, “Win32 Cabinet Self-Extractor ” has been detected as a potentially unwanted program by 20 anti-malware scanners. This is a setup program which is used to install the application. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
Microsoft Corporation*  (Invalid match)

Product:
Microsoft® Windows® Operating System

Description:
Win32 Cabinet Self-Extractor

Version:
6.00.2900.5512 (xpsp.080413-2105)

MD5:
7b7ee72c2613e965c3950bbe19e34518

SHA-1:
f1d7b7e659a43e968a869363a45818b20823d6b6

SHA-256:
7fcd13a5be27091d70ae6742e222b56f1346558b67b6c6de2b2c52b12402e4dd

Scanner detections:
20 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/26/2024 6:09:46 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.1147798
618

AhnLab V3 Security
Trojan/Win32.Gen
2015.05.11

Baidu Antivirus
Adware.MSIL.OutBrowse
4.0.3.15527

Bitdefender
Adware.Generic.1147798
1.0.20.735

Dr.Web
Trojan.MulDrop5.48649
9.0.1.0147

Emsisoft Anti-Malware
Adware.Generic.1147798
8.15.05.27.09

Fortinet FortiGate
Adware/OutBrowse
5/27/2015

F-Secure
Adware.Generic.1147798
11.2015-27-05_4

G Data
Adware.Generic.1147798
15.5.25

K7 AntiVirus
Riskware
13.203.15861

Kaspersky
not-a-virus:AdWare.MSIL.OutBrowse
14.0.0.1975

McAfee
Artemis!7B7EE72C2613
5600.6752

MicroWorld eScan
Adware.Generic.1147798
16.0.0.441

NANO AntiVirus
Riskware.Win32.Generic.dmunwm
0.30.24.1357

Panda Antivirus
Generic Suspicious
15.05.27.09

Qihoo 360 Security
HEUR/QVM06.1.Malware.Gen
1.0.0.1015

Quick Heal
AdWare.MSIL.g3 (Not a Virus)
5.15.14.00

Trend Micro House Call
TROJ_GEN.R000C0OBC15
7.2.147

Trend Micro
TROJ_GEN.R000C0OBC15
10.465.27

VIPRE Antivirus
Trojan.Win32.Generic
40128

File size:
1.2 MB (1,294,848 bytes)

Product version:
6.00.2900.5512

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
WEXTRACT.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\msvcr100.dll.exe

File PE Metadata
Compilation timestamp:
4/13/2008 8:32:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
24576:ZvaK0hc3rd93LR2Zh0V5dDPBmiHQP9M2hdRiAsDQ7FGh9f1oy1WZODeWqgbbDdxP:54wdNYZ8voen2hcDMFGhFJWZ2eWpUFq

Entry address:
0x645C

Entry point:
E8, 0A, 00, 00, 00, E9, 7A, FF, FF, FF, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, D0, B2, 00, 01, 85, C0, 74, 07, 3D, 40, BB, 00, 00, 75, 4D, 56, 8D, 45, F8, 50, FF, 15, 70, 11, 00, 01, 8B, 75, FC, 33, 75, F8, FF, 15, 6C, 11, 00, 01, 33, F0, FF, 15, 68, 11, 00, 01, 33, F0, FF, 15, 64, 11, 00, 01, 33, F0, 8D, 45, F0, 50, FF, 15, 60, 11, 00, 01, 8B, 45, F4, 33, 45, F0, 33, C6, 25, FF, FF, 00, 00, 5E, 75, 05, B8, 40, BB, 00, 00, A3, D0, B2, 00, 01, F7, D0, A3, CC, B2, 00, 01, C9, C3, CC, CC, CC...
 
[+]

Entropy:
7.9788

Developed / compiled with:
Microsoft CAB SFX

Code size:
38.5 KB (39,424 bytes)

The file msvcr100.dll.exe has been seen being distributed by the following 10 URLs.

http://download1264.mediafire.com/hx2bi6ihsqxg/.../Chew Wga v0.9 Setup.exe

http://download1719.mediafire.com/hsbyeaa4lckg/.../Chew Wga v0.9 Setup.exe

Remove msvcr100.dll.exe - Powered by Reason Core Security