{ "id": "7af0f2dd-db0e-4974-bc59-ee0ca54ff460", "created_at": "2026-04-06T00:19:28.507076Z", "updated_at": "2026-04-10T03:36:47.848229Z", "deleted_at": null, "sha1_hash": "c23bb151275f36fccacc15c7f09a8bbe33ee9bdd", "title": "HTML Application", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 106047, "plain_text": "HTML Application\r\nBy Contributors to Wikimedia projects\r\nPublished: 2006-11-29 · Archived: 2026-04-05 20:07:06 UTC\r\nFrom Wikipedia, the free encyclopedia\r\nThis article is about Microsoft's proprietary HTA implementation. For information regarding the HTML5 Cache\r\nManifest, also referred to as offline HTML applications, see Cache manifest in HTML5.\r\nHTML Application (HTA)\r\nFilename extension .hta\r\nInternet\r\nmedia type\r\napplication/hta\r\nMagic number %hta\r\nDeveloped by Microsoft\r\nWebsite\r\nlearn.microsoft.com/en-us/previous-versions/ms536471(v=vs.85)?\r\nredirectedfrom=MSDN\r\nAn HTML Application (HTA) is a Microsoft Windows program whose source code consists of HTML, Dynamic\r\nHTML, and one or more scripting languages supported by Internet Explorer, such as VBScript or JScript. HTML\r\nis used to generate the user interface, and the scripting language is used for the program logic. An HTA executes\r\nwithout the constraints of the web browser security model; in fact, it executes as a \"fully trusted\" application.\r\nThe usual file extension of an HTA is .hta .\r\nThe ability to execute HTAs was introduced to Microsoft Windows in 1999, along with the release of Microsoft\r\nInternet Explorer 5.\r\n[1]\r\n On December 9, 2003, this technology was patented.\r\n[2][3]\r\nHTAs give the developer the features of HTML together with the advantages of scripting languages. They are\r\npopular with Microsoft system administrators who use them for system administration from prototypes to \"full-scale\" applications, especially where flexibility and speed of development are critical.[4]\r\nhttps://en.wikipedia.org/wiki/HTML_Application\r\nPage 1 of 4\n\nOne screenshot of one example window that is produced by mshta.exe\r\nAn HTA is executed using the program mshta.exe , or, alternatively, double-clicking on the file. This program is\r\ntypically installed along with Internet Explorer. mshta.exe executes the HTA by instantiating the Internet\r\nExplorer rendering engine (mshtml) as well as any required language engines (such as vbscript.dll).\r\nAn HTA is treated like any executable file with extension .exe . When executed via mshta.exe (or if the file icon\r\nis double-clicked), it runs immediately. When executed remotely via the browser, the user is asked once, before\r\nthe HTA is downloaded, whether or not to save or run the application; if saved, it can simply be run on demand\r\nafter that.[4]\r\nBy default, HTAs are rendered as per \"standards-mode content in IE7 Standards mode and quirks mode content in\r\nIE5 (Quirks) mode\", but this can be altered using X-UA-Compatible headers.[4]\r\nHTAs are dependent on the Trident (MSHTML) browser engine, used by Internet Explorer, but are not dependent\r\non the Internet Explorer application itself. If a user removes Internet Explorer from Windows, via the Control\r\nPanel, the MSHTML engine remains and HTAs continue to work. HTAs continue to work in Windows 11 as well.\r\nHTAs are fully supported running in modes equivalent to Internet Explorer versions 5 to 9. Further versions, such\r\nas 10 and 11, still support HTAs though with some minor features turned off.[citation needed]\r\nSecurity considerations\r\n[edit]\r\nWhen a regular HTML file is executed, the execution is confined to the security model of the web browser. This\r\nmeans it is confined to communicating with the server, manipulating the page's object model (usually to validate\r\nforms and/or create interesting visual effects) and reading or writing cookies.\r\nOn the other hand, an HTA runs as a fully trusted application and therefore has more privileges than a normal\r\nHTML file; for example, an HTA can create, edit and remove files and registry entries. Although HTAs run in this\r\n'trusted' environment, querying Active Directory can be subject to Internet Explorer Zone logic and associated\r\nerror messages.\r\nTo customize the appearance of an HTA, an optional tag hta:application was introduced to the HEAD section.\r\nThis tag exposes a set of attributes that enable control of border style, the program icon, etc., and provide\r\ninformation such as the argument (command line) used to launch the HTA.[5] Otherwise, an HTA has the same\r\nformat as an HTML page.\r\nhttps://en.wikipedia.org/wiki/HTML_Application\r\nPage 2 of 4\n\n---\ntitle: HTA - Hello World\n---\nAny text editor can be used to create an HTA. Editors with special features for developing HTML applications\nmay be obtained from Microsoft[6] or from third-party sources.[7]\nAn existing HTML file (with file extension .htm or .html , for example) can be changed to an HTA by simply\nchanging the extension to .hta .\nHTA files have been used to deliver malware.[8][9] One particular HTA, named 4chan.hta (detected by antiviruses\nas JS/Chafpin.gen), was widely distributed by users of the 4chan imageboard as a steganographic image in which\nthe user was instructed to download this image as an HTA file, which when executed, would cause the computer\nto automatically spam the website (evading 4chan's CAPTCHA in the process) with alternate variants of itself. It\nwas reported that such attacks were previously delivered in which the user was prompted to save it as a .js file.[10]\nThis is an example of Hello World as an HTML Application.\n\n## HTA - Hello World\n\nAdobe AIR\nActive Scripting\nApache Cordova\nChromium Embedded Framework\nElectron (software framework)\nFirefox OS\nReact Native\nXAML Browser Applications (XBAPs)\nXUL and XULRunner - a language and environment for Mozilla cross-platform applications that resembles\nthe mechanism of HTML Applications.\nWindows Script Host\n1. ^ Article ID:200874 in Microsoft Support, in Microsoft Support Knowledge Base\n2. ^ US6662341B1, Cooper, Phillip R.; Kohnfelder, Loren M. \u0026 Chavez, Roderick A., \"Method and\napparatus for writing a windows application in HTML\", issued 2003-12-09\n3. ^ Festa, Paul (2003-12-10). \"Microsoft wins HTML application patent\". CNET. Archived from the original\non 2016-03-10. Retrieved 2016-01-10.\nhttps://en.wikipedia.org/wiki/HTML_Application\nPage 3 of 4\n\n4. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n \"Introduction to HTML Applications (HTAs)\". Microsoft MSDN. May 2011. Retrieved\r\n24 June 2016. Sections include Why Use HTAs, Creating an HTA, HTA-Specific Functionality, Security,\r\nCompatibility, Deployment\r\n5. ^ HTA:APPLICATION Object, in MSDN Library, the complete specification of the tag hta:application\r\n6. ^ HTA Helpomatic\r\n7. ^ HTAEdit, an editor for HTAs with a built-in debugger\r\n8. ^ \"Spora Ransomware Dropper Uses HTA to Infect System\". VMRay. 2017-01-17. Retrieved 2018-12-22.\r\n9. ^ \"8 Scariest Ransomware Viruses\". Retrieved 2018-12-22.\r\n10. ^ Constantin, Lucian (2010-08-10). \"4chan Flood Script Is Back with New Social Engineering Trick\".\r\nSoftpedia. Retrieved 2021-11-09.\r\nHTML Component (HTC) Reference at MSDN. An HTC encapsulates specific functionality or behavior\r\nwithin HTAs.\r\nThe Script Center, The Script Center, home of Hey, Scripting Guy! Blog\r\nLearn About Scripting for HTML Applications (HTAs), a tutorial site for learning about HTA's\r\nSource: https://en.wikipedia.org/wiki/HTML_Application\r\nhttps://en.wikipedia.org/wiki/HTML_Application\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "MITRE" ], "references": [ "https://en.wikipedia.org/wiki/HTML_Application" ], "report_names": [ "HTML_Application" ], "threat_actors": [ { "id": "9f101d9c-05ea-48b9-b6f1-168cd6d06d12", "created_at": "2023-01-06T13:46:39.396409Z", "updated_at": "2026-04-10T02:00:03.312816Z", "deleted_at": null, "main_name": "Earth Lusca", "aliases": [ "CHROMIUM", "ControlX", "TAG-22", "BRONZE UNIVERSITY", "AQUATIC PANDA", "RedHotel", "Charcoal Typhoon", "Red Scylla", "Red Dev 10", "BountyGlad" ], "source_name": "MISPGALAXY:Earth Lusca", "tools": [ "RouterGod", "SprySOCKS", "ShadowPad", "POISONPLUG", "Barlaiy", "Spyder", "FunnySwitch" ], "source_id": "MISPGALAXY", "reports": null }, { "id": "18a7b52d-a1cd-43a3-8982-7324e3e676b7", "created_at": "2025-08-07T02:03:24.688416Z", "updated_at": "2026-04-10T02:00:03.734754Z", "deleted_at": null, "main_name": "BRONZE UNIVERSITY", "aliases": [ "Aquatic Panda", "Aquatic Panda ", "CHROMIUM", "CHROMIUM ", "Charcoal Typhoon", "Charcoal Typhoon ", "Earth Lusca", "Earth Lusca ", "FISHMONGER ", "Red Dev 10", "Red Dev 10 ", "Red Scylla", "Red Scylla ", "RedHotel", "RedHotel ", "Tag-22", "Tag-22 " ], "source_name": "Secureworks:BRONZE UNIVERSITY", "tools": [ "Cobalt Strike", "Fishmaster", "FunnySwitch", "Spyder", "njRAT" ], "source_id": "Secureworks", "reports": null }, { "id": "6abcc917-035c-4e9b-a53f-eaee636749c3", "created_at": "2022-10-25T16:07:23.565337Z", "updated_at": "2026-04-10T02:00:04.668393Z", "deleted_at": null, "main_name": "Earth Lusca", "aliases": [ "Bronze University", "Charcoal Typhoon", "Chromium", "G1006", "Red Dev 10", "Red Scylla" ], "source_name": "ETDA:Earth Lusca", "tools": [ "Agentemis", "AntSword", "BIOPASS", "BIOPASS RAT", "BadPotato", "Behinder", "BleDoor", "Cobalt Strike", "CobaltStrike", "Doraemon", "FRP", "Fast Reverse Proxy", "FunnySwitch", "HUC Port Banner Scanner", "KTLVdoor", "Mimikatz", "NBTscan", "POISONPLUG.SHADOW", "PipeMon", "RbDoor", "RibDoor", "RouterGod", "SAMRID", "ShadowPad Winnti", "SprySOCKS", "WinRAR", "Winnti", "XShellGhost", "cobeacon", "fscan", "lcx", "nbtscan" ], "source_id": "ETDA", "reports": null }, { "id": "d53593c3-2819-4af3-bf16-0c39edc64920", "created_at": "2022-10-27T08:27:13.212301Z", "updated_at": "2026-04-10T02:00:05.272802Z", "deleted_at": null, "main_name": "Earth Lusca", "aliases": [ "Earth Lusca", "TAG-22", "Charcoal Typhoon", "CHROMIUM", "ControlX" ], "source_name": "MITRE:Earth Lusca", "tools": [ "Mimikatz", "PowerSploit", "Tasklist", "certutil", "Cobalt Strike", "Winnti for Linux", "Nltest", "NBTscan", "ShadowPad" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434768, "ts_updated_at": 1775792207, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/c23bb151275f36fccacc15c7f09a8bbe33ee9bdd.pdf", "text": "https://archive.orkl.eu/c23bb151275f36fccacc15c7f09a8bbe33ee9bdd.txt", "img": "https://archive.orkl.eu/c23bb151275f36fccacc15c7f09a8bbe33ee9bdd.jpg" } }