• File Path: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\eqnedt32.exe


Type Hash
MD5 D41D8CD98F00B204E9800998ECF8427E
SHA1 DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA256 E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA384 38B060A751AC96384CD9327EB1B1E36A21FDB71114BE07434C0CC7BF63F6E1DA274EDEBFE76F65FBD51AD2F14898B95B
SHA512 CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E


  • Status: The form specified for the subject is not one supported or known by the specified trust provider
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename:
  • Product Name:
  • Company Name:
  • File Version:
  • Product Version:
  • Language:
  • Legal Copyright:

File Scan

  • VirusTotal Detections: 0/60
  • VirusTotal Link: https://www.virustotal.com/gui/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/detection/

Possible Misuse

The following table contains possible examples of eqnedt32.exe being misused. While eqnedt32.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma win_exploit_cve_2017_11882.yml description: Detects exploits that use CVE-2017-11882 to start EQNEDT32.EXE and other sub processes like mshta.exe DRL 1.0
sigma win_exploit_cve_2017_11882.yml ParentImage: '*\EQNEDT32.EXE' DRL 1.0
sigma win_office_shell.yml - '*\EQNEDT32.EXE' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.