MYSOCI~1.EXE

Windows Internet Explorer

High Tech Marketing SL

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application MYSOCI~1.EXE, “Archivo autoextractor de archivos CAB de Win32” by High Tech Marketing SL has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.
Publisher:
Microsoft Corporation  (signed by High Tech Marketing SL)

Product:
Windows® Internet Explorer

Description:
Archivo autoextractor de archivos CAB de Win32

Version:
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

MD5:
e913515bc0b5822abfcac33b9651f6fa

SHA-1:
1dfd11f9d30d48053328f52f1485b1769633dc27

SHA-256:
14c4312d58dac06d8f5e315e79b06a91c5bb7be73afad35bacf6719629ba10fa

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/27/2024 3:42:37 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Montiera.HighTechMarketing (M)
16.1.25.5

File size:
1.7 MB (1,745,240 bytes)

Product version:
9.00.8112.16421

Copyright:
© Microsoft Corporation. Reservados todos los derechos.

Original file name:
WEXTRACT.EXE .MUI

File type:
Executable application (Win32 EXE)

Language:
Spanish

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\mysoci~1.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
9/3/2012 8:00:00 PM

Valid to:
9/4/2013 7:59:59 PM

Subject:
CN=High Tech Marketing SL, O=High Tech Marketing SL, L=Huesca, S=Huesca, C=ES

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6EB1401795602AF167EEDEC95628B32C

File PE Metadata
Compilation timestamp:
3/8/2011 9:46:37 AM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:mJZ0lt4rHHD+7ufcUycMgcXdakdDpVuQUCzQri:sitQHHD7cUycMgcXdakNp4CEu

Entry address:
0x6B42

Entry point:
E8, 5D, 07, 00, 00, E9, 4D, FD, FF, FF, CC, CC, CC, CC, CC, 3B, 0D, C4, C2, 00, 01, 75, 03, C2, 00, 00, E9, D9, 07, 00, 00, CC, CC, CC, CC, CC, FF, 25, 7C, 12, 00, 01, CC, CC, CC, CC, CC, CC, FF, 25, 78, 12, 00, 01, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 81, EC, D0, 02, 00, 00, A1, C4, C2, 00, 01, 33, C5, 89, 45, FC, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC, FD, FF, FF, 66, 8C, 95, F8, FD, FF, FF, 66, 8C, 8D, EC, FD...
 
[+]

Code size:
43.5 KB (44,544 bytes)

Remove MYSOCI~1.EXE - Powered by Reason Core Security