home

toshiba-win7-64.exe

Windows Internet Explorer 10

Synacor, Inc.

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application toshiba-win7-64.exe, “Win32 Cabinet Self-Extractor ” by Synacor has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application.
Publisher:
Microsoft Corporation  (signed by Synacor, Inc.)

Product:
Windows Internet Explorer 10

Description:
Win32 Cabinet Self-Extractor

Version:
10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)

MD5:
e634e94561f33f882edde1374ce70916

SHA-1:
d6cec7be14c7412724614684e52343c949ff2bb8

SHA-256:
ab160c23700b47378356e2ff2808199039f30f512483e12ccf55d4f21a23ce36

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 4:37:32 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Visicom.Toolbar (M)
16.9.8.20

File size:
42.2 MB (44,238,968 bytes)

Product version:
10.00.9200.16521

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
WEXTRACT.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\toshiba-win7-64.exe

Digital Signature
Signed by:
Synacor, Inc.

Authority:
VeriSign, Inc.

Valid from:
5/9/2012 7:00:00 PM

Valid to:
7/12/2013 6:59:59 PM

Subject:
CN="Synacor, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Synacor, Inc.", L=Buffalo, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1DB5040E687E33BCDF64D5F215D429E3

File PE Metadata
Compilation timestamp:
2/17/2013 1:00:50 AM

OS version:
6.2

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.10

CTPH (ssdeep):
786432:xZ+74TxGsuhtVYSV+eP4vXL+O/nmlfzd+Mh6YCkbCPHbk4sa+jYzwbYMqB1Qh1IX:xo4dn0tGqbkXLdn2f4M6zQD4wsMxQca

Entry address:
0x6926

Entry point:
E8, 06, 08, 00, 00, E9, 0D, FE, FF, FF, CC, CC, CC, CC, CC, 3B, 0D, 00, 80, 40, 00, 75, 03, C2, 00, 00, E9, 05, 00, 00, 00, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 81, EC, 24, 03, 00, 00, A3, 20, 87, 40, 00, 89, 0D, 1C, 87, 40, 00, 89, 15, 18, 87, 40, 00, 89, 1D, 14, 87, 40, 00, 89, 35, 10, 87, 40, 00, 89, 3D, 0C, 87, 40, 00, 66, 8C, 15, 38, 87, 40, 00, 66, 8C, 0D, 2C, 87, 40, 00, 66, 8C, 1D, 08, 87, 40, 00, 66, 8C, 05, 04, 87, 40, 00, 66, 8C, 25, 00, 87, 40, 00, 66, 8C, 2D, FC, 86, 40, 00, 9C, 8F, 05, 30...
 
[+]

Entropy:
7.9998  (probably packed)

Code size:
25.5 KB (26,112 bytes)

The file toshiba-win7-64.exe has been seen being distributed by the following URL.

http://content.citrine.synacor.com/.../toshiba-win7-64.exe

Remove toshiba-win7-64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.