home

mysocialcolor.exe

Windows Internet Explorer

High Tech Marketing SL

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application mysocialcolor.exe, “Win32 Cabinet Self-Extractor ” by High Tech Marketing SL has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Microsoft Corporation  (signed by High Tech Marketing SL)

Product:
Windows® Internet Explorer

Description:
Win32 Cabinet Self-Extractor

Version:
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

MD5:
7462f3869520f02fa55c2ff4337e99d6

SHA-1:
ebad0427e7c2f692c725d1a6e79933c6222f3695

SHA-256:
c5afbe6cf28a29950343a29e914b7c0b7e30cdc7f419b10623f94573b102ec00

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/25/2024 1:26:10 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Montiera (M)
16.10.6.14

File size:
1.4 MB (1,519,960 bytes)

Product version:
9.00.8112.16421

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
WEXTRACT.EXE .MUI

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\mysocialcolor.exe

Digital Signature
Signed by:
High Tech Marketing SL

Authority:
Thawte, Inc.

Valid from:
9/3/2012 7:00:00 PM

Valid to:
9/4/2013 6:59:59 PM

Subject:
CN=High Tech Marketing SL, O=High Tech Marketing SL, L=Huesca, S=Huesca, C=ES

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6EB1401795602AF167EEDEC95628B32C

File PE Metadata
Compilation timestamp:
3/8/2011 6:46:37 AM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:Tya860OL5WxZwZXovvbxwNq+7qGx4PVoA8PKFE27hF37jr1Mc50th5GPoGBR:md60OtWxeXoe5Oy4PVVP3b1Mc5oh5Yoy

Entry address:
0x6B42

Entry point:
E8, 5D, 07, 00, 00, E9, 4D, FD, FF, FF, CC, CC, CC, CC, CC, 3B, 0D, C4, C2, 00, 01, 75, 03, C2, 00, 00, E9, D9, 07, 00, 00, CC, CC, CC, CC, CC, FF, 25, 7C, 12, 00, 01, CC, CC, CC, CC, CC, CC, FF, 25, 78, 12, 00, 01, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 81, EC, D0, 02, 00, 00, A1, C4, C2, 00, 01, 33, C5, 89, 45, FC, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC, FD, FF, FF, 66, 8C, 95, F8, FD, FF, FF, 66, 8C, 8D, EC, FD...
 
[+]

Entropy:
7.9461  (probably packed)

Code size:
43.5 KB (44,544 bytes)

Remove mysocialcolor.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.