home

toshiba-win8-64.exe

Windows Internet Explorer 10

Synacor, Inc.

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application toshiba-win8-64.exe, “Win32 Cabinet Self-Extractor ” by Synacor has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Microsoft Corporation  (signed by Synacor, Inc.)

Product:
Windows Internet Explorer 10

Description:
Win32 Cabinet Self-Extractor

Version:
10.00.9200.16384 (win8_rtm.120725-1247)

MD5:
05a3e6492ab2f8289904c3f63e2a1e21

SHA-1:
42aad1ce7d1534056965e876062ed9456564903d

SHA-256:
c1398439dd44e557a8a462a3375b0dc2db40d171307fd30023b72095c513c567

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/23/2024 8:22:54 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Visicom.Toolbar (M)
16.9.8.20

File size:
392.1 KB (401,528 bytes)

Product version:
10.00.9200.16384

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
WEXTRACT.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\toshiba-win8-64.exe

Digital Signature
Signed by:
Synacor, Inc.

Authority:
VeriSign, Inc.

Valid from:
5/9/2012 5:00:00 PM

Valid to:
7/12/2013 4:59:59 PM

Subject:
CN="Synacor, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Synacor, Inc.", L=Buffalo, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1DB5040E687E33BCDF64D5F215D429E3

File PE Metadata
Compilation timestamp:
7/25/2012 7:16:02 PM

OS version:
6.2

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.10

CTPH (ssdeep):
6144:Jazap0yN90QELqRT7MPvcWJpKXGL6EsQ0SbtSUrPoqMZhf1kylK:Jky90O/evVJA2L6E308LoqMLf1kylK

Entry address:
0x6897

Entry point:
E8, B5, 03, 00, 00, E9, 0D, FE, FF, FF, CC, CC, CC, CC, CC, 3B, 0D, 0C, 70, 40, 00, 75, 03, C2, 00, 00, E9, 05, 00, 00, 00, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 81, EC, 24, 03, 00, 00, A3, 20, 74, 40, 00, 89, 0D, 1C, 74, 40, 00, 89, 15, 18, 74, 40, 00, 89, 1D, 14, 74, 40, 00, 89, 35, 10, 74, 40, 00, 89, 3D, 0C, 74, 40, 00, 66, 8C, 15, 38, 74, 40, 00, 66, 8C, 0D, 2C, 74, 40, 00, 66, 8C, 1D, 08, 74, 40, 00, 66, 8C, 05, 04, 74, 40, 00, 66, 8C, 25, 00, 74, 40, 00, 66, 8C, 2D, FC, 73, 40, 00, 9C, 8F, 05, 30...
 
[+]

Entropy:
7.7388  (probably packed)

Code size:
24 KB (24,576 bytes)

Remove toshiba-win8-64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.