oleview.exe
- File Path:
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\oleview.exe - Description: OLE/COM Object Viewer
Screenshot
Hashes
| Type | Hash |
|---|---|
| MD5 | A5BBC4727B92D18A472C8DFB566CAB1E |
| SHA1 | 12E3095AF25E991FA1E5B981AE38A4817F0521F8 |
| SHA256 | FCD9002C8CB103B8E28A399075068B7713A3696350C0C2AAF8DD7642711A1481 |
| SHA384 | 759B4FFE9EA550EBC9F0B5B9FC96A1A2AF9D2CA33BAF2EEF9219FF41FE0592C95151E0BCEDAE98B9D1F39BC25DDBB427 |
| SHA512 | 3F3B2C60B929A0FC1C19BB3E9A57D6D378F4B01FA24C5BBD74B2175EF433EB48CA17041FE5088CD5352DB185CCC1017C1924C5E6FD2B8E6C77BAE50E92B66863 |
| SSDEEP | 3072:NyoSSX7XA5RwkP10/Cg+ufLLobyT9S9jDeQPQ9S0bGA:EaXjA5yBF+ma9jDNPwTG |
| IMP | 7F02DF18D2B4D893FC5BFAF1D6EB2AB6 |
| PESHA1 | DAD88D52033321971FCBD8FA42FCABBC7EA63E2E |
| PE256 | 21C6C3591D1711D48BDDCD3B416BEDBB8696668B496D02740C35870929220655 |
Runtime Data
Window Title:
OLE/COM Object Viewer
Open Handles:
| Path | Type |
|---|---|
| (R-D) C:\Windows\Fonts\StaticCache.dat | File |
| (R-D) C:\Windows\System32\en-US\aclui.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\KernelBase.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\MFC42u.dll.mui | File |
| (R-D) C:\Windows\SystemResources\imageres.dll.mun | File |
| (RW-) C:\Users\user | File |
| (RW-) C:\Windows | File |
| (RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_11b1e5df2ffd8627 | File |
| \BaseNamedObjects__ComCatalogCache__ | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 | Section |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 | Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 | Section |
| \BaseNamedObjects\RotHintTable | Section |
| \Sessions\1\BaseNamedObjects\1b80HWNDInterface:a90726 | Section |
| \Sessions\1\Windows\Theme1383959086 | Section |
| \Windows\Theme2042523233 | Section |
Loaded Modules:
| Path |
|---|
| C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x86\oleview.exe |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\wow64.dll |
| C:\Windows\System32\wow64cpu.dll |
| C:\Windows\System32\wow64win.dll |
Signature
- Status: Signature verified.
- Serial:
33000002CF6D2CC57CAA65A6D80000000002CF - Thumbprint:
1A221B3B4FEF088B17BA6704FD088DF192D9E0EF - Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: OLEVIEW.EXE
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.1 (WinBuild.160101.0800)
- Product Version: 10.0.19041.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/75
- VirusTotal Link: https://www.virustotal.com/gui/file/fcd9002c8cb103b8e28a399075068b7713a3696350c0c2aaf8dd7642711a1481/detection
Possible Misuse
The following table contains possible examples of oleview.exe being misused. While oleview.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | proc_creation_win_plugx_susp_exe_locations.yml | Image\|endswith: '\OleView.exe' |
DRL 1.0 |
MIT License. Copyright (c) 2020-2021 Strontic.