mysocialcolor.exe

Windows Internet Explorer

High Tech Marketing SL

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application mysocialcolor.exe, “Archivo autoextractor de archivos CAB de Win32” by High Tech Marketing SL has been detected as adware by 2 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.mysocialcolor.com.
Publisher:
Microsoft Corporation  (signed by High Tech Marketing SL)

Product:
Windows® Internet Explorer

Description:
Archivo autoextractor de archivos CAB de Win32

Version:
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

MD5:
609f35342d2b408d1c0b6f22212b0d96

SHA-1:
d16ab38d31da943069f367566a86d1d4d1971f5c

SHA-256:
ccc8a79e0358084be22846e86f24782ff039ef856ecbed62b1d584a5b0230c3c

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
11/27/2024 3:51:25 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.HighTechMarketing
15.6.8.16

Trend Micro House Call
TROJ_GEN.F47V0929
7.2.159

File size:
1.7 MB (1,821,528 bytes)

Product version:
9.00.8112.16421

Copyright:
© Microsoft Corporation. Reservados todos los derechos.

Original file name:
WEXTRACT.EXE .MUI

File type:
Executable application (Win32 EXE)

Language:
Spanish

Common path:
C:\users\{user}\downloads\mysocialcolor.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
9/3/2012 9:00:00 PM

Valid to:
9/4/2013 8:59:59 PM

Subject:
CN=High Tech Marketing SL, O=High Tech Marketing SL, L=Huesca, S=Huesca, C=ES

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6EB1401795602AF167EEDEC95628B32C

File PE Metadata
Compilation timestamp:
3/8/2011 9:46:37 AM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:byT0RMe0BZ3llGQTnCJkpZ0+g+Gpk5RW3wjjEs2kcfJNA6D6ntIfHsvUHO5:OT0RV0BRG7+Bh+GEsjV6MCgUE

Entry address:
0x6B42

Entry point:
E8, 5D, 07, 00, 00, E9, 4D, FD, FF, FF, CC, CC, CC, CC, CC, 3B, 0D, C4, C2, 00, 01, 75, 03, C2, 00, 00, E9, D9, 07, 00, 00, CC, CC, CC, CC, CC, FF, 25, 7C, 12, 00, 01, CC, CC, CC, CC, CC, CC, FF, 25, 78, 12, 00, 01, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 81, EC, D0, 02, 00, 00, A1, C4, C2, 00, 01, 33, C5, 89, 45, FC, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC, FD, FF, FF, 66, 8C, 95, F8, FD, FF, FF, 66, 8C, 8D, EC, FD...
 
[+]

Code size:
43.5 KB (44,544 bytes)

The file mysocialcolor.exe has been seen being distributed by the following URL.

Remove mysocialcolor.exe - Powered by Reason Core Security