» Xda.Shell.exe
Overview
Analysis
File Details
Behaviors (1)

Xda.Shell.exe

Xerox Device Agent

Xerox Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DSCRun’.

File name:

Xda.Shell.exe

Publisher:

Xerox Corporation (signed and verified)

Product:

Xerox Device Agent

Version:

4.1.214.0

MD5:

53c472e2dd668fbfd8b9b4d6864da32b

SHA-1:

4e51b7f2ef0bb611c9961abe22abed177507b449

SHA-256:

3d6baac1b72a1305d0b91f0d78b7da85bdd0d81d47897da1a6b035cb9ecd6521

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 8:54:25 PM UTC (today)

File size:

833 KB (852,960 bytes)

Product version:

4.1.214.0

� 2007, Xerox Corporation

Original file name:

Xda.Shell.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\offitech nv\xda_offitech nv\bin\xda.shell.exe

Digital Signature

Signed by:

Xerox Corporation

Authority:

COMODO CA Limited

Valid from:

1/4/2013 1:00:00 AM

Valid to:

1/5/2014 12:59:59 AM

Subject:

CN=Xerox Corporation, O=Xerox Corporation, STREET=800 Phillips Rd, L=Webster, S=NY, PostalCode=14580, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

009BBB97FF77F1AFC19695285AED239D7C

File PE Metadata

Compilation timestamp:

8/27/2013 12:14:11 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:hb3G/Ut3BbmtnZhxygc5KiN2eo+hBZBAr+U3y2TPUdTa3BbmtnZhxygc5KiN2eoT:hyw0+cWOy

Entry address:

0x738AE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

456 KB (466,944 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

DSCRun

Command:

"C:\Program Files\offitech nv\xda_offitech nv\bin\xda.shell.exe" hide

Scan Xda.Shell.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.