L
Luke-H
Guest
I have recently come across a file on network that has the hash 8E4AB33EB49B8DFAE025C7FACCC31B9236DD311A46BC20CFD4763F6AB2B8E465.
This hash according to open source belongs to Wextract.exe and was produced by Microsoft (although the file is not signed). The original Wextract file is obviously legitimate but this particular file is called by a different name and on virustotal, is reported by a handful of vendors (Including Microsoft) as malicious. The vendors list it as a potentially unwanted program. I am just concerned that in this case the file may be referred to as malicious becuase of the behavior carried out by the legitimate version. The link below shows the VT results for the hash:
VirusTotal
Can someone please confirm:
1) If the above hash belongs to the legitimate version of Wextract?
2) Are all Microsoft files digitally signed?
Many thanks
More...
This hash according to open source belongs to Wextract.exe and was produced by Microsoft (although the file is not signed). The original Wextract file is obviously legitimate but this particular file is called by a different name and on virustotal, is reported by a handful of vendors (Including Microsoft) as malicious. The vendors list it as a potentially unwanted program. I am just concerned that in this case the file may be referred to as malicious becuase of the behavior carried out by the legitimate version. The link below shows the VT results for the hash:
VirusTotal
Can someone please confirm:
1) If the above hash belongs to the legitimate version of Wextract?
2) Are all Microsoft files digitally signed?
Many thanks
More...