Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

9.00.8112.16443 (WIN7_IE9_GDR.120227-1545) 0.39%
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) 0.13%
8.00.7600.16385 (win7_rtm.090713-1255) 0.13%
8.00.7600.16385 (win7_rtm.090713-1255) 0.13%
8.00.7264.0 (win7_rtm.090622-1900) 0.13%
8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) 45.89%
8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) 0.13%
8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) 0.39%
8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) 0.13%
8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) 0.13%
8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) 0.26%
8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) 0.13%
8.00.6001.18241 (longhorn_ie8_beta2(wmbla).080822-0214) 0.13%
7.00.5730.13 (longhorn(wmbla).070711-1130) 2.35%
7.00.5730.13 (longhorn(wmbla).070711-1130) 0.13%
7.00.5730.13 (longhorn(wmbla).070711-1130) 0.13%
7.00.5730.13 (longhorn(wmbla).070711-1130) 0.13%
7.00.5730.11 (winmain(wmbla).061017-1135) 1.04%
10.00.9200.16521 (win8_gdr_soc_ie.130216-2100) 44.20%
10.00.9200.16438 (win8_gdr_soc_ie_beta.121108-2200) 3.00%
10.00.8400.0 (winmain_win8rc.120518-1423) 0.52%
10.00.8250.0 (winmain_win8beta.120217-1520) 0.13%
10.00.8102.0 (winmain_win8m3.110823-1455) 0.26%

Relationships

PE structurePE file structure
Show functions
Import table
advapi32.dll
RegQueryValueExA, RegCloseKey, RegOpenKeyExA
kernel32.dll
GetVersion, GetModuleHandleW, GetProcAddress, ExpandEnvironmentStringsA, LoadLibraryA, lstrlenA, MultiByteToWideChar, FreeLibrary, GetCommandLineA, GetVersionExA, GetStartupInfoA, SetUnhandledExceptionFilter, GetModuleHandleA, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetLastError, GetEnvironmentStringsW, SetHandleCount, GetFileType, DeleteCriticalSection, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, InterlockedDecrement, GetCurrentThreadId, HeapDestroy, HeapCreate, VirtualFree, HeapFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, HeapAlloc, LeaveCriticalSection, EnterCriticalSection, OutputDebugStringA, InitializeCriticalSection, GetCPInfo, GetACP, GetOEMCP, Sleep, VirtualAlloc, HeapReAlloc, RtlUnwind, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, VirtualProtect, GetSystemInfo, VirtualQuery

MSHTA.exe

Windows Internet Explorer by Microsoft

Remove MSHTA.exe
Version:   9.00.8112.16443 (WIN7_IE9_GDR.120227-1545)
MD5:   948441d872d0207bd6e0dd0b71726af2
SHA1:   bf00ebd5e2f8c448451cb1b3dc6f4c6a63372df2
SHA256:   779565dd5212fb0c4634ac5d705c7a09dc55acb7ccf71d727b07a85f0c7edb9c
This is a Windows system installed file with Windows File Protection (WFP) enabled.

Overview

mshta.exe executes as a process with the local user's privileges. It has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. This version is designed to run on Windows 7.

DetailsDetails

File name:mshta.exe
Publisher:Microsoft Corporation
Product name:Windows® Internet Explorer
Description:Microsoft (R) HTML Application host
Typical file path:C:\Windows\System32\mshta.exe
File version:9.00.8112.16443 (WIN7_IE9_GDR.120227-1545)
Product version:9.00.8112.16443
Size:11.5 KB (11,776 bytes)
Digital DNA
Entropy:5.990163
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Shell open commands
  • htafile
Scheduled tasks
  • The job 'At9' runs in the path 'C:\WINDOWS\Tasks\At9.job'
  • The task 'At8' runs in the path 'C:\WINDOWS\Tasks\At8.job'
  • The job 'At7' runs in the path 'C:\WINDOWS\Tasks\At7.job'
  • The task 'At6' runs in the path 'C:\WINDOWS\Tasks\At6.job'
  • The job 'At5' runs in the path 'C:\WINDOWS\Tasks\At5.job'
  • The task 'At4' runs in the path 'C:\WINDOWS\Tasks\At4.job'
  • The job 'At3' runs in the path 'C:\WINDOWS\Tasks\At3.job'
  • The task 'At24' runs in the path 'C:\WINDOWS\Tasks\At24.job'
  • The job 'At23' runs in the path 'C:\WINDOWS\Tasks\At23.job'
  • The task 'At22' runs in the path 'C:\WINDOWS\Tasks\At22.job'
  • The job 'At21' runs in the path 'C:\WINDOWS\Tasks\At21.job'
  • The task 'At20' runs in the path 'C:\WINDOWS\Tasks\At20.job'
  • The job 'At2' runs in the path 'C:\WINDOWS\Tasks\At2.job'
  • The task 'At19' runs in the path 'C:\WINDOWS\Tasks\At19.job'
  • The job 'At18' runs in the path 'C:\WINDOWS\Tasks\At18.job'
  • The task 'At17' runs in the path 'C:\WINDOWS\Tasks\At17.job'
  • The job 'At16' runs in the path 'C:\WINDOWS\Tasks\At16.job'
  • The task 'At15' runs in the path 'C:\WINDOWS\Tasks\At15.job'
  • The job 'At14' runs in the path 'C:\WINDOWS\Tasks\At14.job'
  • The task 'At13' runs in the path 'C:\WINDOWS\Tasks\At13.job'
  • The job 'At12' runs in the path 'C:\WINDOWS\Tasks\At12.job'
  • The task 'At11' runs in the path 'C:\WINDOWS\Tasks\At11.job'
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
  • Firewall exception for 'C:\WINDOWS\system32\mshta.exe'

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 42.00%
Microsoft Windows XP 28.00%
Windows 7 Ultimate 18.50%
Windows 7 Professional 6.00%
Windows 7 Home Basic 2.00%
Windows 7 Starter 1.00%
Windows Developer Preview 1.00%
Windows 7 Enterprise 1.00%
Windows Vista Home Premium 0.50%

Distribution by countryDistribution by country

United States installs about 41.62% of Windows® Internet Explorer.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 24.37%
ASUS 15.05%
Toshiba 10.75%
Hewlett-Packard 10.04%
Acer 9.32%
Compaq 5.02%
Lenovo 5.02%
GIGABYTE 4.30%
Intel 3.58%
Sony 2.87%
American Megatrends 2.51%
Samsung 2.15%
Sahara 1.43%
MSI 1.43%
Alienware 0.72%
NEC 0.72%
Medion 0.72%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE