» Xda.Shell.exe
Overview
Analysis
File Details
Behaviors (1)

Xda.Shell.exe

Xerox Device Agent

Xerox Corporation

It runs as a scheduled task under the Windows Task Scheduler.

File name:

Xda.Shell.exe

Publisher:

Xerox Corporation (signed and verified)

Product:

Xerox Device Agent

Version:

4.1.55.0

MD5:

026aa2e69ae304e994ab065fd2ba8c09

SHA-1:

1aed30c6ec3dc7d22316a25ffa4fe65f83044f64

SHA-256:

24e228da5c6bedb714833d02aa71ca386a54984a4edebf4a57134bda44c85e2a

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/18/2024 11:34:19 PM UTC (a few moments ago)

File size:

833 KB (852,960 bytes)

Product version:

4.1.55.0

� 2007, Xerox Corporation

Original file name:

Xda.Shell.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\copyfax\virginia graphic systems inc\bin\xda.shell.exe

Digital Signature

Signed by:

Xerox Corporation

Authority:

COMODO CA Limited

Valid from:

1/3/2013 7:00:00 PM

Valid to:

1/4/2014 6:59:59 PM

Subject:

CN=Xerox Corporation, O=Xerox Corporation, STREET=800 Phillips Rd, L=Webster, S=NY, PostalCode=14580, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

009BBB97FF77F1AFC19695285AED239D7C

File PE Metadata

Compilation timestamp:

3/28/2013 6:01:08 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:9aQqDG/Ut3BbmtnZhxygc5KiN2eo+hBZNa6O+U34DT0UdT43BbmtnZhxygc5KiNK:9aQqaw7K+NvE0

Entry address:

0x737AE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

3.9236

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

456 KB (466,944 bytes)

Scheduled Task

Task name:

{15FBABB9-EEAE-4A06-A997-3C55D21D1083}

Trigger:

Registration (Runs on registration)

Scan Xda.Shell.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.