- File Path:
C:\Windows\SysWOW64\extrac32.exe
- Description: Microsoft CAB File Extract Utility
Hashes
| Type |
Hash |
| MD5 |
9472AAB6390E4F1431BAA912FCFF9707 |
| SHA1 |
73EAE67D723328D609E43531E80DB37219ED5E02 |
| SHA256 |
A91D32973A1097EB1131FF630B0C082406703C48B8F442955DDA184C43BCE99E |
| SHA384 |
4CC8041CC3F31EED5D5095DE077E0082674E884A6CE72B208641DE469D803796B3E71A9F978A75F27D60401E799C7979 |
| SHA512 |
8671662575E3166CB31875CB618FBD7ED4BD80112AD849F05CAE28B725E1DC129A6099D00879006E4F451B64E5B8DF558A4E8C35D274ED003FB572964008E09E |
| SSDEEP |
768:jYDhe6vo5kwydC3ryl77oOP6emNLZnlOsWLuYksMfdxH:jOheqo5k77oe6eoyBuNsMfd |
| IMP |
7B1D3FE0DC6AA68A34FB0D96A1457FE6 |
| PESHA1 |
052FD384AFA1A7883AFB02A1C1F0E05771D48B57 |
| PE256 |
519EE514572F1CBAD00A931C97BEBF085FB83694044931C66AC5D46BA83888F4 |
Runtime Data
Usage (stdout):
Microsoft (R) Cabinet Extraction Tool
Copyright (c) Microsoft Corporation. All rights reserved..
EXTRACT [/Y] [/A] [/D | /E] [/L dir] cabinet [filename ...]
EXTRACT [/Y] source [newname]
EXTRACT [/Y] /C source destination
cabinet - Cabinet file (contains two or more files).
filename - Name of the file to extract from the cabinet.
Wild cards and multiple filenames (separated by
blanks) may be used.
source - Compressed file (a cabinet with only one file).
newname - New filename to give the extracted file.
If not supplied, the original name is used.
/A Process ALL cabinets. Follows cabinet chain
starting in first cabinet mentioned.
/C Copy source file to destination (to copy from DMF disks).
/D Display cabinet directory (use with filename to avoid extract).
/E Extract (use instead of *.* to extract all files).
/L dir Location to place extracted files (default is current directory).
/Y Do not prompt before overwriting an existing file.
Loaded Modules:
| Path |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\wow64.dll |
| C:\Windows\System32\wow64cpu.dll |
| C:\Windows\System32\wow64win.dll |
| C:\Windows\SysWOW64\extrac32.exe |
Signature
- Status: Signature verified.
- Serial:
3300000266BD1580EFA75CD6D3000000000266
- Thumbprint:
A4341B9FD50FB9964283220A36A1EF6F6FAA7840
- Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: extrac32.exe
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 5.00 (WinBuild.160101.0800)
- Product Version: 5.00
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/75
- VirusTotal Link: https://www.virustotal.com/gui/file/a91d32973a1097eb1131ff630b0c082406703c48b8f442955dda184c43bce99e/detection
Possible Misuse
The following table contains possible examples of extrac32.exe being misused. While extrac32.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
MIT License. Copyright (c) 2020-2021 Strontic.