» msoxmled.exe
Overview
Analysis
File Details
Behaviors (1)

msoxmled.exe

Microsoft Office InfoPath

Microsoft Corporation

The executable msoxmled.exe has been detected as malware by 33 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.

File name:

msoxmled.exe

Publisher:

Microsoft Corporation

Product:

Microsoft Office InfoPath

Description:

XML Editor

Version:

12.0.4518.1014

MD5:

8e154058cf75ca20be77947763feb929

SHA-1:

3d1f0049d01da71bd3f0e06b0613a16766d84b15

SHA-256:

37ec92a7eaa4fba4c90e5f9ad8a7aac7d4bfd0fa2da7434a74cb73df65e8f6de

Scanner detections:

33 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/24/2024 10:30:45 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.3

834

Agnitum Outpost

Win32.Sality.FA.Gen

7.1.1

AhnLab V3 Security

Win32/Kashu.E

2014.10.24

Avira AntiVirus

W32/Sality.AT

7.11.30.172

avast!

Win32:Sality

141023-1

AVG

Win32/Sality

2015.0.3312

Baidu Antivirus

Virus.Win32.Sality.$Emu

4.0.3.141024

Bitdefender

Win32.Sality.3

1.0.20.1485

Bkav FE

W32.Sality.PE

1.3.0.4959

Dr.Web

Win32.Sector.22

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

14.10.24

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Prot

W32/Sality.gen2

4.6.5.141

F-Secure

Win32.Sality.3

11.2014-24-10_6

G Data

Win32.Sality

14.10.24

IKARUS anti.virus

Virus.Win32.Sality

t3scan.1.7.8.0

K7 AntiVirus

Virus

13.185.13789

Kaspersky

Virus.Win32.Sality

15.0.0.494

McAfee

W32/Sality.gen.z

5600.6968

Microsoft Security Essentials

Threat.Undefined

1.187.339.0

MicroWorld eScan

Win32.Sality.3

15.0.0.891

NANO AntiVirus

Virus.Win32.Sality.bzkem

0.28.2.62841

Norman

Sality.ZHB

11.20141024

nProtect

Win32.Sality.3

14.10.23.01

Qihoo 360 Security

Malware.QVM19.Gen

1.0.0.1015

Quick Heal

W32.Sality.U

10.14.14.00

Sophos

Mal/Sality-D

4.98

Total Defense

Win32/Sality.AA

37.0.11245

Trend Micro House Call

PE_SALITY.ER

7.2.297

Trend Micro

PE_SALITY.ER

10.465.24

Vba32 AntiVirus

Virus.Win32.Sality.bakb

3.12.26.3

VIPRE Antivirus

Threat.4734158

33706

ViRobot

Win32.Sality.N

2011.4.7.4223

File size:

121.8 KB (124,688 bytes)

Product version:

12.0.4518.1014

Original file name:

msoxmled.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\common files\microsoft shared\office12\msoxmled.exe

File PE Metadata

Compilation timestamp:

10/27/2006 11:30:58 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

3072:Kj8pk4gBahZPBRB9qfvklKlwFod25Muj+dALcyoA7CF:1Fvwvk8lwgbWhot

Entry address:

0x5419

Entry point:

4D, 8D, 35, 07, 2A, 03, 2A, B0, DA, 81, FD, 80, C1, 00, 00, 72, 06, C7, C3, 11, 6F, C9, 3F, 89, D1, 0F, BE, FA, E8, 32, 00, 00, 00, 8A, E4, BD, 23, 22, B7, 3B, 0F, B6, E8, 8D, 15, DE, F2, FF, FF, 0F, B6, CD, 81, C2, 22, 0D, 00, 00, B1, F7, 0F, CD, 08, DC, 81, C2, 01, 00, 00, 00, 0F, B6, C7, 3B, CA, 81, FA, 30, 09, 00, 00, 72, E7, 75, 02, 8A, D5, 15, CE, B1, FB, DD, F6, C4, 2C, 33, CE, F7, DE, 59, 74, 04, 84, F9, F6, D8, 86, D6, BB, F9, 0E, 00, 00, 28, D2, 81, EB, CB, 0D, 00, 00, EB, 08, BD, FD, FF, F6, 2C... 
[+]

Code size:

21 KB (21,504 bytes)

Shell Open Command

Open type:

xmlfile

Command:

"C:\Program Files\common files\microsoft shared\office12\msoxmled.exe" \verb open "%1"

Remove msoxmled.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.