inspect.exe
- File Path:
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm\inspect.exe
- Description: Inspect Object (32-bit UNICODE Release)
Screenshot
Hashes
Type | Hash |
---|---|
MD5 | B804026AF7C771E19D70EA0358340BF9 |
SHA1 | E553C5BA1DCB55001C3B0542D981ECB23C131317 |
SHA256 | A678C604BE37EB2BFF3B88C59B7BF2928C223932BB04AE45E477833DBB27BBC2 |
SHA384 | A88232F95D294D2033CE112A598B0D06B4DC92586A70768259DB08A36EA83DBA2EBC4E32EF9B714BBD86CEE328CA5247 |
SHA512 | B2379175B90461E9D0EC89BF3D5794B54BF9CC8003DD89C761E418930F99A09C82FC72332E3EBAAF60CA4AD236B00607D8A213ACD1AA6F97306B59166EA86361 |
SSDEEP | 6144:5GrMU3kMKYMKYqOyVSfzptFge6b9TTUW8Tp:mMU3vmjy4zpx6bFup |
IMP | 09619BB57B671BC1DACCF1B9547AEB88 |
PESHA1 | E0E7BF852B2FAC8F00D230BEDBE24D1C43895020 |
PE256 | 93C8300FD3DEF61CF2D43B80E5856FEB8FE91A8476A9EEDCB9B791998C5EEF2D |
Signature
- Status: Signature verified.
- Serial:
33000002B7E8E007A82AEF13150000000002B7
- Thumbprint:
5A68625F1A516670A744F7EF919500A479D32A5B
- Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows Kits Publisher, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: INSPECT.EXE
- Product Name: Microsoft Active Accessibility
- Company Name: Microsoft Corporation
- File Version: 7.2.0.0
- Product Version: 7.2.0.0
- Language: English (United States)
- Legal Copyright: 2012 Microsoft Corporation. All rights reserved.
- Machine Type: 452
File Scan
- VirusTotal Detections: Unknown
File Similarity (ssdeep match)
Possible Misuse
The following table contains possible examples of inspect.exe
being misused. While inspect.exe
is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
Source | Source File | Example | License |
---|---|---|---|
malware-ioc | oceanlotus-rtf_ocx_campaigns.misp.event.json | "description": "Some security tools inspect files with static signatures to determine if they are known malicious. Adversaries may add data to files to increase the size beyond what security tools are capable of handling or to change the file hash to avoid hash-based blacklists.\n\nDetection: Depending on the method used to pad files, a file-based signature may be capable of detecting padding using a scanning or on-access based tool. \n\nWhen executed, the resulting process from padded files may also exhibit other behavior characteristics of being used to conduct an intrusion such as system and network information Discovery or Lateral Movement, which could be used as event indicators that point to the source file.\n\nPlatforms: Linux, macOS, Windows\n\nDefense Bypassed: Anti-virus, Signature-based detection", |
© ESET 2014-2018 |
malware-ioc | windigo | One can also manually inspect a server for outgoing DNS requests to DGA |
© ESET 2014-2018 |
malware-ioc | gaming_supply_chain.misp_event.json | "description": "Some security tools inspect files with static signatures to determine if they are known malicious. Adversaries may add data to files to increase the size beyond what security tools are capable of handling or to change the file hash to avoid hash-based blacklists.", |
© ESET 2014-2018 |
MIT License. Copyright (c) 2020-2021 Strontic.