× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 424fd8d921eb5424ac52c5ca79426d98fa04a57093a6191443df80f9facb8f3f
File name: p.exe
Detection ratio: 21 / 67
Analysis date: 2018-04-27 02:00:55 UTC ( 10 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Win-Trojan/FCN.140610 20180426
Avira (no cloud) TR/Dropper.Gen 20180426
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180426
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180418
Cylance Unsafe 20180427
Cyren W32/Ursu.F.gen!Eldorado 20180426
eGambit Unsafe.AI_Score_59% 20180427
Endgame malicious (high confidence) 20180402
ESET-NOD32 a variant of MSIL/TrojanDropper.Agent.DNB 20180426
Fortinet MSIL/Kryptik.LHA!tr 20180426
Sophos ML heuristic 20180120
K7AntiVirus Trojan ( 005265a71 ) 20180426
K7GW Trojan ( 005265a71 ) 20180426
Kaspersky HEUR:Backdoor.MSIL.Generic 20180427
McAfee GenericRXEY-VT!5D36AA1FEA2C 20180426
McAfee-GW-Edition BehavesLike.Win32.Trojan.tz 20180425
Palo Alto Networks (Known Signatures) generic.ml 20180427
Qihoo-360 HEUR/QVM03.0.C5C2.Malware.Gen 20180427
SentinelOne (Static ML) static engine - malicious 20180225
Symantec ML.Attribute.HighConfidence 20180426
ZoneAlarm by Check Point HEUR:Backdoor.MSIL.Generic 20180426
Ad-Aware 20180426
AegisLab 20180426
Alibaba 20180426
ALYac 20180426
Antiy-AVL 20180426
Arcabit 20180426
Avast 20180426
Avast-Mobile 20180426
AVG 20180426
AVware 20180426
Babable 20180406
BitDefender 20180426
Bkav 20180426
CAT-QuickHeal 20180426
ClamAV 20180426
CMC 20180426
Comodo 20180426
Cybereason None
DrWeb 20180426
Emsisoft 20180426
F-Prot 20180426
F-Secure 20180426
GData 20180426
Ikarus 20180426
Jiangmin 20180427
Kingsoft 20180427
Malwarebytes 20180427
MAX 20180427
Microsoft 20180426
eScan 20180426
NANO-Antivirus 20180427
nProtect 20180427
Panda 20180426
Rising 20180426
Sophos AV 20180426
SUPERAntiSpyware 20180426
Symantec Mobile Insight 20180424
Tencent 20180427
TheHacker 20180426
TotalDefense 20180426
TrendMicro 20180426
TrendMicro-HouseCall 20180426
Trustlook 20180427
VBA32 20180426
VIPRE 20180426
ViRobot 20180426
Webroot 20180427
Yandex 20180425
Zillya 20180426
Zoner 20180426
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2010 Microsoft Corporation. All rights reserved.

Product Microsoft Office InfoPath
Original name msoxmled.exe
Internal name msoxmled.exe
File version 14.0.4750.1000
Description XML Editor
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-24 16:38:14
Entry Point 0x0004C59B
Number of sections 3
.NET details
Module Version ID d3b412ee-2027-4111-affc-a8b199fb9a59
PE sections
Overlays
MD5 b1c9088e65dfc241e34d4699ce275291
File type ASCII text
Offset 323072
Size 1073152
Entropy 0.00
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 5
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
17920

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
14.0.4750.1000

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
XML Editor

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
8.0

EntryPoint
0x4c59b

FileType
Win32 EXE

OriginalFileName
msoxmled.exe

MIMEType
application/octet-stream

LegalCopyright
2010 Microsoft Corporation. All rights reserved.

PEType
PE32

FileVersion
14.0.4750.1000

LegalTrademarks1
Microsoft is a registered trademark of Microsoft Corporation.

TimeStamp
2018:04:24 17:38:14+01:00

LegalTrademarks3
InfoPath is a registered trademark of Microsoft Corporation.

LegalTrademarks2
Windows is a registered trademark of Microsoft Corporation.

InternalName
msoxmled.exe

ProductVersion
14.0.4750.1000

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
304640

ProductName
Microsoft Office InfoPath

ProductVersionNumber
14.0.4750.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5d36aa1fea2ce38148c245b93da0e4ae
SHA1 a4a34aa774828bfa9ce27c22778b832e90a4b5b9
SHA256 424fd8d921eb5424ac52c5ca79426d98fa04a57093a6191443df80f9facb8f3f
ssdeep
6144:PVBMlEbVH6PBaKXa8dUFvGfLDVMcukVAECeW0K5I2O:PTIHdUF+v2cUa/

authentihash 63b55d51f200442e8a3d6a52c02a49ef96ddacbd6b6b7132dfc2b19fc6641d70
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 1.3 MB ( 1396224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (62.0%)
Win64 Executable (generic) (23.4%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
OS/2 Executable (generic) (1.7%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2018-04-27 02:00:55 UTC ( 10 months ago )
Last submission 2018-05-25 13:09:39 UTC ( 9 months ago )
File names msoxmled.exe
bf9fa89492cb6f59c9d9788c9b05a004177c6eab
p.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!