home

msoxmlmf.dll

Microsoft Office InfoPath

Microsoft Corporation

The library is part of Microsoft Office 2010. While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The library msoxmlmf.dll, “Microsoft Office XML MIME Filter” has been detected as malware by 11 anti-virus scanners.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft Office InfoPath

Description:
Microsoft Office XML MIME Filter

Version:
14.0.7005.1000

MD5:
8bd18a6a930e537d086594944cf67448

SHA-1:
59d1014e4a1d3b2fa6683caf9063d038cdcc531f

SHA-256:
22c49f588b30bbbf3eb8c1e053cc68be6fe6e74a21234b38d5e976b4586f07a6

Scanner detections:
11 / 68

Status:
Malware

Analysis date:
4/26/2024 1:12:15 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Pioneer-C
160209-2

AVG
Win32/Floxif.A
2015.0.4489

Dr.Web
Win32.FloodFix.7
9.0.1.05190

Emsisoft Anti-Malware
Win32.Floxif
10.0.0.5366

ESET NOD32
Win32/Floxif.H virus
7.0.302.0

F-Prot
W32/Floxif.B
4.6.5.141

Kaspersky
Virus.Win32.Pioneer
15.0.0.562

McAfee
Trojan.Dropper-FIY!8BD18A6A930E
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5692.0

Norman
Win32.Floxif.A
03.12.2014 13:20:04

Sophos
Virus 'W32/Floxif-C'
5.23

File size:
125.1 KB (128,055 bytes)

Product version:
14.0.7005.1000

Copyright:
© 2010 Microsoft Corporation. All rights reserved.

Original file name:
msoxmlmf.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\common files\microsoft shared\office14\msoxmlmf.dll

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
9/4/2012 9:42:09 PM

Valid to:
3/4/2013 9:42:09 PM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
330000009D1E8D27AEB8F3D83800010000009D

Registration
CLSID:
{807573E5-5146-11D5-A672-00B0D022E945}

COM registered:
Yes

File PE Metadata
Compilation timestamp:
10/31/2012 12:32:32 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:dh3uwW0xs5WzfjKDOQ+F3r2lQBV+UdE+rECWp7hKZy6fTqrd2n:PdWIQSbKDOQ+1BV+UdvrEFp7hKZJfTqY

Entry address:
0x85DA

Entry point:
E9, 4D, CF, FF, FF, 83, 7D, 0C, 01, 75, 05, E8, DA, F3, FF, FF, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, CC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, F6, 45, 08, 02, 57, 8B, F9, 74, 25, 56, 68, A8, 8B, 33, 40, 8D, 77, FC, FF, 36, 6A, 0C, 57, E8, FD, 04, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, F6, DC, FF, FF, 59, 8B, C6, 5E, EB, 14, E8, 73, 05, 00, 00, F6, 45, 08, 01, 74, 07, 57, E8, DF, DC, FF, FF, 59, 8B, C7, 5F, 5D, C2, 04, 00, 68, A2, 86, 33, 40, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89...
 
[+]

Entropy:
7.5283

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
34.5 KB (35,328 bytes)

PROTOCOLS Filter
Type of filter:
text/xml

CLSID:
{807573E5-5146-11D5-A672-00B0D022E945}

CLSID name:
Microsoft Office InfoPath XML Mime Filter


Remove msoxmlmf.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.