D
Diviney
Hi,
My antivirus flagged this file as malware, it is part of an app offered on the Microsoft Store called Cool File Viewer, I want to report it to microsoft but I can't figure out how (I already tried reporting it through the app store by viewing the app and going to Review tab, no option is there) I also can't find vendor information for this program at all. Very strange.
File info:
c:\program files\windowsapps\20815shootingapp.airfileviewer_1.4.3.0_x86__xcg28tkrsnqww\fvapp\apps\office\program\soffice.bin
Name:
soffice.bin
SHA256:
f52fe82928b3828c8653542ef0e624b4479d4ef922027cf34c64eab1b276247c
The file was deleted before I could get to the machine, so I cannot submit the file to my AV company for analysis. All AV scans have returned clean results since this detection. I have a root cause analysis available that shows svchost.exe invoked that file soffice.bin which then invoked this executable: c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.12430.20280.0_x64__8wekyb3d8bbwe\hxtsr.exe which is just microsoft outlook communictions.
It seems like most of the apps in this directory C:\program files\windowsapps are legitimate apps but I'm concerned that this app in particular is trying to send malware to our machines disguised as an app update.
Another KB I found helpful, I was able to run the takeown & icacls commands to get ownership of the files so that I could modify them: Unnecessary apps in C:\Program Files\WindowsApps
Any help or resources would be appreciated. I don't want to block the Microsoft store from being accessed but it's starting to look like that is what needs to be done.
Thanks, Alex
Continue reading...
My antivirus flagged this file as malware, it is part of an app offered on the Microsoft Store called Cool File Viewer, I want to report it to microsoft but I can't figure out how (I already tried reporting it through the app store by viewing the app and going to Review tab, no option is there) I also can't find vendor information for this program at all. Very strange.
File info:
c:\program files\windowsapps\20815shootingapp.airfileviewer_1.4.3.0_x86__xcg28tkrsnqww\fvapp\apps\office\program\soffice.bin
Name:
soffice.bin
SHA256:
f52fe82928b3828c8653542ef0e624b4479d4ef922027cf34c64eab1b276247c
The file was deleted before I could get to the machine, so I cannot submit the file to my AV company for analysis. All AV scans have returned clean results since this detection. I have a root cause analysis available that shows svchost.exe invoked that file soffice.bin which then invoked this executable: c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.12430.20280.0_x64__8wekyb3d8bbwe\hxtsr.exe which is just microsoft outlook communictions.
It seems like most of the apps in this directory C:\program files\windowsapps are legitimate apps but I'm concerned that this app in particular is trying to send malware to our machines disguised as an app update.
Another KB I found helpful, I was able to run the takeown & icacls commands to get ownership of the files so that I could modify them: Unnecessary apps in C:\Program Files\WindowsApps
Any help or resources would be appreciated. I don't want to block the Microsoft store from being accessed but it's starting to look like that is what needs to be done.
Thanks, Alex
Continue reading...