home

xmx.exe

CrossMediaExperience

VoiceFive Networks, Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The application xmx.exe by VoiceFive Networks has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.
Publisher:
VoiceFive Networks, Inc.  (signed and verified)

Product:
CrossMediaExperience

Version:
1.3.330.364 (Build 330.364)

MD5:
ff6fb3d236283a7565f5204d00865e18

SHA-1:
6de6827a7ec4563e2472c3b87e7ccc3ed50558e7

SHA-256:
e91d18255d9be785c03d992eeaffd6e1dcd0905076cdf49c20bfe1ea62a8138e

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
10/31/2024 11:11:57 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TMRG.VoiceFiveNetworks (M)
15.12.18.17

File size:
2.8 MB (2,928,456 bytes)

Product version:
1.3.330.364 (Build 330.364)

Copyright:
Copyright © 2001-2004

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\xmx.exe

Digital Signature
Signed by:
VoiceFive Networks, Inc.

Authority:
VeriSign, Inc.

Valid from:
8/9/2009 7:00:00 PM

Valid to:
10/5/2012 6:59:59 PM

Subject:
CN="VoiceFive Networks, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="VoiceFive Networks, Inc.", L=Reston, S=VA, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7FE867AFCDCA794F00B81D64E13D7A0B

File PE Metadata
Compilation timestamp:
8/16/2011 10:06:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
49152:Ru8WVwtXske/upwWWnQ7uBbljfSR0kPRBe4tkqqMSJTbVKtSjj:08WVyE/ulFiJhSRN5rkqqpb

Entry address:
0x1DA338

Entry point:
E8, 0C, EF, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, B0, A3, 5D, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, 6E, 96, 03, 00, 8B, 45, 0C, 8B, 40, 04, 83, E0...
 
[+]

Entropy:
6.5802

Code size:
2.2 MB (2,308,096 bytes)

Remove xmx.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.