» Xda.Shell.exe
Overview
Analysis
File Details
Behaviors (1)

Xda.Shell.exe

Xerox Device Agent

Xerox Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DSCRun’.

File name:

Xda.Shell.exe

Publisher:

Xerox Corporation (signed and verified)

Product:

Xerox Device Agent

Version:

4.2.97.0

MD5:

f5f6c68a3dcbe8430b515566026aacac

SHA-1:

e4a4b6c1bc18ff979efbce1c8d94b5178bb53ec1

SHA-256:

f836d1ecef5dc445d2e804ff8d25e8549c275dd505af6b9d4b47fc6050e74b5c

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/24/2024 10:41:10 PM UTC (today)

File size:

837 KB (857,056 bytes)

Product version:

4.2.97.0

� 2007, Xerox Corporation

Original file name:

Xda.Shell.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\xerox\xerox device agent\bin\xda.shell.exe

Digital Signature

Signed by:

Xerox Corporation

Authority:

COMODO CA Limited

Valid from:

1/3/2013 6:00:00 PM

Valid to:

1/4/2014 5:59:59 PM

Subject:

CN=Xerox Corporation, O=Xerox Corporation, STREET=800 Phillips Rd, L=Webster, S=NY, PostalCode=14580, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

009BBB97FF77F1AFC19695285AED239D7C

File PE Metadata

Compilation timestamp:

10/23/2013 5:59:37 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:7G/Ut3BbmtnZhxygc5KiN2eo+hBZwk+U3BpxnDU6Ty3BbmtnZhxygc5KiN2eo+h3:SwH+2z2N

Entry address:

0x740BE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

3.9291

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

460 KB (471,040 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

DSCRun

Command:

"C:\Program Files\xerox\xerox device agent\bin\xda.shell.exe" hide

Scan Xda.Shell.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.