× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0bd0a04d7b32648f627387894a165b321ac277bd8103a4ca6790607458adf778
File name: explorer.exe
Detection ratio: 0 / 61
Analysis date: 2017-05-23 10:02:32 UTC ( 1 month ago )
Antivirus Result Update
Ad-Aware 20170523
AegisLab 20170523
AhnLab-V3 20170523
Alibaba 20170523
ALYac 20170523
Antiy-AVL 20170523
Arcabit 20170523
Avast 20170523
AVG 20170523
Avira (no cloud) 20170523
AVware 20170523
Baidu 20170503
BitDefender 20170523
Bkav 20170523
CAT-QuickHeal 20170523
ClamAV 20170523
CMC 20170522
Comodo 20170523
CrowdStrike Falcon (ML) 20170130
Cyren 20170523
DrWeb 20170523
Emsisoft 20170523
Endgame 20170515
ESET-NOD32 20170523
F-Prot 20170523
F-Secure 20170523
Fortinet 20170523
GData 20170523
Ikarus 20170523
Invincea 20170519
Jiangmin 20170523
K7AntiVirus 20170523
K7GW 20170523
Kaspersky 20170523
Kingsoft 20170523
Malwarebytes 20170523
McAfee 20170523
McAfee-GW-Edition 20170523
Microsoft 20170523
eScan 20170523
NANO-Antivirus 20170523
nProtect 20170523
Palo Alto Networks (Known Signatures) 20170523
Panda 20170522
Qihoo-360 20170523
Rising None
SentinelOne (Static ML) 20170516
Sophos 20170523
SUPERAntiSpyware 20170523
Symantec 20170522
Symantec Mobile Insight 20170523
Tencent 20170523
TheHacker 20170522
TrendMicro 20170523
TrendMicro-HouseCall 20170523
Trustlook 20170523
VBA32 20170522
VIPRE 20170523
ViRobot 20170523
Webroot 20170523
WhiteArmor 20170517
Yandex 20170518
Zillya 20170523
ZoneAlarm by Check Point 20170523
Zoner 20170523
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name EXPLORER.EXE
Internal name explorer
File version 10.0.14393.206 (rs1_release.160915-0644)
Description Windows Explorer
Signature verification Signed file, verified signature
Signing date 6:11 PM 9/15/2016
Signers
[+] Microsoft Windows
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Windows Production PCA 2011
Valid from 6:15 PM 8/18/2015
Valid to 6:15 PM 11/18/2016
Valid usage Code Signing, NT5 Crypto
Algorithm sha256RSA
Thumbprint E85459B23C232DB3CB94C7A56D47678F58E8E51E
Serial number 33 00 00 00 BC E1 20 FD D2 7C C8 EE 93 00 00 00 00 00 BC
[+] Microsoft Windows Production PCA 2011
Status Valid
Issuer Microsoft Root Certificate Authority 2010
Valid from 7:41 PM 10/19/2011
Valid to 7:51 PM 10/19/2026
Valid usage All
Algorithm sha256RSA
Thumbprint 580A6F4CC4E4B669B9EBDC1B2B3E087B80D0678D
Serial number 61 07 76 56 00 00 00 00 00 08
[+] Microsoft Root Certificate Authority 2010
Status Valid
Issuer Microsoft Root Certificate Authority 2010
Valid from 10:57 PM 6/23/2010
Valid to 11:04 PM 6/23/2035
Valid usage All
Algorithm sha256RSA
Thumbprint 3B1EFD3A66EA28B16697394703A72CA340A05BD5
Serial number 28 CC 3A 25 BF BA 44 AC 44 9A 9B 58 6B 43 39 AA
Counter signers
[+] Microsoft Time-Stamp Service
Status Valid
Issuer Microsoft Time-Stamp PCA 2010
Valid from 8:24 PM 3/30/2016
Valid to 8:24 PM 6/30/2017
Valid usage Timestamp Signing
Algorithm sha256RSA
Thumbrint 86589244E93E817BE7A0D90078E042FB7CA2CAE8
Serial number 33 00 00 00 89 49 F5 0C E4 F1 8B 94 B3 00 00 00 00 00 89
[+] Microsoft Time-Stamp PCA 2010
Status Valid
Issuer Microsoft Root Certificate Authority 2010
Valid from 10:36 PM 7/1/2010
Valid to 10:46 PM 7/1/2025
Valid usage All
Algorithm sha256RSA
Thumbrint 2AA752FE64C49ABE82913C463529CF10FF2F04EE
Serial number 61 09 81 2A 00 00 00 00 00 02
[+] Microsoft Root Certificate Authority 2010
Status Valid
Issuer Microsoft Root Certificate Authority 2010
Valid from 10:57 PM 6/23/2010
Valid to 11:04 PM 6/23/2035
Valid usage All
Algorithm sha256RSA
Thumbrint 3B1EFD3A66EA28B16697394703A72CA340A05BD5
Serial number 28 CC 3A 25 BF BA 44 AC 44 9A 9B 58 6B 43 39 AA
PE header basic information
Target machine x64
Compilation timestamp 2016-09-15 16:24:18
Entry Point 0x0009EB50
Number of sections 8
PE sections
Overlays
MD5 b3ac1428a579cf7ddcdd00b4a910d84d
File type data
Offset 4623872
Size 49424
Entropy 7.83
PE imports
CryptBinaryToStringW
CryptStringToBinaryW
GetTextMetricsW
CreateFontIndirectW
PatBlt
OffsetRgn
CreatePen
GdiFlush
CreateRectRgnIndirect
CombineRgn
GetClipBox
GetViewportOrgEx
Rectangle
GetDeviceCaps
ExcludeClipRect
DeleteDC
SetBkMode
StretchBlt
DeleteObject
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
OffsetWindowOrgEx
GetCurrentObject
GetGlyphOutlineW
ExtTextOutW
CreateBitmap
GetStockObject
SetViewportOrgEx
GetOutlineTextMetricsW
GetDIBits
SetTextAlign
SelectClipRgn
CreateCompatibleDC
GdiAlphaBlend
StretchDIBits
SetStretchBltMode
GetBkColor
CreateRectRgn
SelectObject
SetRectRgn
CreateSolidBrush
Polyline
GetClipRgn
SetBkColor
GetTextExtentPoint32W
CreateCompatibleBitmap
GetUserDefaultUILanguage
GetComputerNameW
RegisterWaitForSingleObject
GetPackageFullName
GetPackagesByPackageFamily
ParseApplicationUserModelId
PowerCreateRequest
ChangeTimerQueueTimer
lstrcmpiW
RegisterApplicationRestart
MulDiv
UnregisterWaitEx
FindPackagesByPackageFamily
MoveFileW
CreateTimerQueueTimer
GlobalUnlock
DeleteTimerQueueTimer
SetTermsrvAppInstallMode
GlobalLock
lstrlenW
PowerSetRequest
ResourceManagerQueueGetString
GetMergedSystemPri
ResourceManagerQueueIsResourceReference
VarUI4FromStr
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
SysAllocString
SafeArrayDestroy
SafeArrayCreate
SysFreeString
SysAllocStringByteLen
VariantInit
InitVariantFromGUIDAsString
PropVariantToStringAlloc
PSPropertyBag_WriteDWORD
PropVariantToUInt32
InitVariantFromResource
PSPropertyBag_WriteStr
PSCreateMemoryPropertyStore
RpcBindingFree
NdrClientCall3
RpcBindingSetAuthInfoExW
I_RpcExceptionFilter
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW
SHSetValueW
Ord(1)
SHOpenRegStream2W
Ord(184)
SHCreateMemStream
Ord(142)
Ord(123)
SHStrDupW
GetDpiForMonitor
Ord(162)
Ord(174)
Ord(121)
SHGetValueW
SHRegGetValueW
Ord(192)
Ord(190)
SetCurrentProcessExplicitAppUserModelID
Ord(109)
Ord(186)
IStream_Read
SHDeleteValueW
Ord(188)
Ord(292)
SHUnicodeToAnsi
SHCreateStreamOnFileEx
Ord(145)
SHDeleteKeyW
SetProcessReference
SHQueryInfoKeyW
Ord(126)
SHAnsiToUnicode
IStream_Write
SHCreateStreamOnFileW
IUnknown_Set
Ord(213)
Ord(143)
Ord(122)
SHEnumKeyExW
Ord(120)
Ord(244)
Ord(170)
SHCreateThread
Ord(183)
IStream_Reset
SHCreateThreadRef
SHSetThreadRef
IsOS
SHQueryValueExW
Ord(187)
IUnknown_SetSite
Ord(200)
SHGetThreadRef
IUnknown_QueryService
DragQueryFileW
SHCreateDataObject
SHCreateItemFromParsingName
SHUpdateRecycleBinIcon
SHChangeNotifyRegisterThread
Ord(792)
SHGetLocalizedName
Ord(731)
Ord(22)
Ord(54)
SHChangeNotify
ShellExecuteExW
SHBindToFolderIDListParent
Ord(894)
Ord(895)
Ord(155)
Ord(100)
Ord(25)
SHGetIDListFromObject
SHGetStockIconInfo
Ord(866)
Ord(206)
SHBindToParent
SHEvaluateSystemCommandTemplate
Shell_NotifyIconW
Ord(245)
Ord(89)
Ord(162)
Ord(190)
SHGetKnownFolderIDList
SHCreateAssociationRegistration
Ord(885)
SHEnableServiceObject
SHGetKnownFolderPath
Ord(244)
Ord(711)
Ord(6)
Ord(680)
Ord(904)
Shell_NotifyIconGetRect
Ord(727)
Ord(67)
Ord(16)
SHAppBarMessage
SHParseDisplayName
Ord(254)
SHGetFolderPathEx
Ord(95)
Ord(132)
Ord(152)
Ord(18)
SHGetFolderLocation
Ord(850)
SHGetPathFromIDListW
Shell_GetCachedImageIndexW
Ord(17)
SHFileOperationW
Ord(188)
SHGetPropertyStoreForWindow
SHCreateItemFromIDList
SHCreateItemWithParent
SHBindToObject
SHGetSpecialFolderPathW
Ord(19)
Ord(181)
SHAddToRecentDocs
SHGetNameFromIDList
ShellExecuteW
Ord(21)
Ord(899)
SHCreateItemInKnownFolder
Ord(60)
Ord(790)
Ord(91)
Ord(134)
Ord(764)
Ord(733)
Ord(85)
Ord(906)
Ord(4)
DuplicateIcon
Ord(743)
Ord(645)
Ord(201)
Ord(896)
Ord(753)
Ord(61)
SHGetFolderPathAndSubDirW
Ord(137)
Ord(2)
Ord(723)
Ord(43)
Ord(907)
Ord(23)
Ord(644)
ExtractIconExW
Ord(905)
Ord(200)
StrCmpNIW
StrRChrW
AssocQueryKeyW
Ord(154)
Ord(158)
Ord(479)
PathParseIconLocationW
PathFindExtensionW
PathRemoveArgsW
PathCommonPrefixW
PathIsDirectoryW
Ord(292)
Ord(279)
Ord(24)
StrChrW
Ord(167)
PathQuoteSpacesW
PathFileExistsW
Ord(165)
StrChrIW
PathGetDriveNumberW
StrCmpIW
PathCombineW
Ord(467)
Ord(157)
Ord(413)
Ord(204)
PathIsFileSpecW
Ord(548)
Ord(478)
PathRemoveFileSpecW
ChrCmpIW
Ord(571)
Ord(388)
AssocQueryStringByKeyW
StrStrIW
Ord(219)
AssocQueryStringW
Ord(163)
StrToIntW
StrCmpW
PathFindFileNameW
AssocCreate
Ord(164)
Ord(172)
Ord(197)
Ord(544)
Ord(236)
Ord(481)
Ord(460)
PathRemoveBlanksW
PathGetArgsW
Ord(635)
Ord(509)
GetUserNameExW
RedrawWindow
GetMessagePos
SetWindowRgn
GetMenuInfo
RegisterWindowMessageW
UnregisterHotKey
DrawTextW
SetWindowLongPtrW
DestroyMenu
GetGuiResources
GetForegroundWindow
Ord(2702)
SetWindowPos
CalculatePopupWindowPosition
IsWindow
EndPaint
WindowFromPoint
SetMenuItemInfoW
GetDC
GetAsyncKeyState
ReleaseDC
GetMenuStringW
HungWindowFromGhostWindow
LockWorkStation
SendMessageW
UnregisterClassA
GetCurrentInputMessageSource
GhostWindowFromHungWindow
SetThreadDesktop
GetClientRect
DefWindowProcW
SetMenuDefaultItem
SetScrollPos
GetThreadDesktop
InSendMessage
MsgWaitForMultipleObjectsEx
LoadImageW
ClientToScreen
RegisterHotKey
RegisterClipboardFormatW
PostThreadMessageW
MsgWaitForMultipleObjects
Ord(2522)
CopyImage
DestroyWindow
GetUserObjectInformationW
GetParent
UpdateWindow
GetPropW
EqualRect
EnumWindows
GetMenuState
GetMessageW
PostQuitMessage
ShowWindow
SetMenuInfo
SetPropW
EnumDisplayMonitors
PeekMessageW
Ord(2573)
GetPointerInfo
SetWindowPlacement
ShowWindowAsync
RegisterPowerSettingNotification
GetSystemMenu
ChildWindowFromPoint
SendInput
TranslateMessage
IsWindowEnabled
GetWindow
GetMenuDefaultItem
InternalGetWindowText
GetPhysicalCursorPos
GetIconInfo
LoadAcceleratorsW
RegisterClassW
IsZoomed
GetWindowPlacement
SetWindowLongW
GetWindowCompositionAttribute
IsHungAppWindow
IsIconic
EnumDisplayDevicesW
TrackPopupMenuEx
DrawFocusRect
SetTimer
Ord(2005)
FillRect
MonitorFromPoint
CopyRect
DeferWindowPos
IsWindowUnicode
CreateWindowExW
GetWindowRgnBox
PtInRect
GetSystemMetricsForDpi
MapWindowPoints
GetPointerType
GetMonitorInfoW
OpenInputDesktop
IsTopLevelWindow
BeginPaint
OffsetRect
SetFocus
CopyIcon
KillTimer
TrackMouseEvent
SendNotifyMessageW
DefWindowProcA
ChangeWindowMessageFilterEx
GetSystemMetrics
EnableMenuItem
GetWindowRect
InflateRect
GetCursorInfo
SetCapture
ReleaseCapture
EnumChildWindows
DrawTextExW
GetMessageExtraInfo
SendDlgItemMessageW
PostMessageW
InvalidateRect
EnableMouseInPointer
SetWindowCompositionAttribute
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetClassLongW
GetLastActivePopup
DrawIconEx
SetWindowTextW
Ord(2707)
SetCoalescableTimer
RemovePropW
BringWindowToTop
UnhookWinEvent
FindWindowW
ScreenToClient
GetProcessWindowStation
GetScrollInfo
SetGestureConfig
GetLayeredWindowAttributes
GetWindowBand
GetMenuItemCount
GetClassLongPtrW
Ord(2574)
GetDesktopWindow
LoadCursorW
LoadIconW
FindWindowExW
DispatchMessageW
InsertMenuW
SwitchToThisWindow
SetForegroundWindow
NotifyWinEvent
IsProcessDPIAware
ExitWindowsEx
GetMenuItemInfoW
GetCursorPos
GetCaretBlinkTime
GetPointerDevices
IntersectRect
SetLayeredWindowAttributes
EndDialog
CreateIconIndirect
GetCapture
GetShellWindow
EndTask
Ord(2704)
SetWinEventHook
GetIconInfoExW
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
GetSysColorBrush
BeginDeferWindowPos
GetLastInputInfo
RegisterClassExW
SetRectEmpty
Ord(2577)
CascadeWindows
AdjustWindowRectEx
GetClassWord
SendMessageTimeoutW
GetSysColor
SendMessageCallbackW
SetScrollInfo
GetKeyState
EndDeferWindowPos
GetWindowRgn
UpdateLayeredWindow
GetDoubleClickTime
DestroyIcon
CreateWindowInBand
GetWindowLongW
IsWindowVisible
GetWindowLongPtrW
TileWindows
SubtractRect
SetCursorPos
SystemParametersInfoW
UnionRect
MonitorFromWindow
SetRect
DeleteMenu
MonitorFromRect
GetClassNameW
AdjustWindowRect
ModifyMenuW
CloseDesktop
IsRectEmpty
GetFocus
SetCursor
GetAncestor
ReplyMessage
TranslateAcceleratorW
GetProfileType
IsAppThemed
BufferedPaintInit
Ord(104)
GetThemeMetric
GetThemeInt
Ord(129)
GetThemeMargins
Ord(121)
GetThemeFont
Ord(120)
IsThemeActive
DrawThemeParentBackground
DrawThemeBackground
GetWindowTheme
GetThemePartSize
SetWindowTheme
Ord(86)
DrawThemeTextEx
Ord(126)
GetThemeBool
EndBufferedPaint
CloseThemeData
Ord(98)
BufferedPaintUnInit
Ord(106)
IsCompositionActive
GetThemeColor
GetThemeBackgroundExtent
BeginBufferedPaint
OpenThemeData
BufferedPaintSetAlpha
GetBufferedPaintBits
Ord(118)
Ord(122)
IsSettingSyncEnabled
IsRoamingEnabled
BiPtQueryWorkItem
BiPtEnumerateWorkItemsForPackageName
BiPtFreeMemory
BiPtAssociateApplicationEntryPoint
CoUninitialize
IIDFromString
CoMarshalInterThreadInterfaceInStream
CoEnableCallCancellation
CoGetStdMarshalEx
CoFreeUnusedLibraries
CoWaitForMultipleHandles
StringFromGUID2
CoSetProxyBlanket
CoGetApartmentType
CreateStreamOnHGlobal
RoGetAgileReference
CoCreateGuid
CoGetInterfaceAndReleaseStream
CLSIDFromString
CoTaskMemRealloc
CoGetCallContext
CoRegisterClassObject
StringFromIID
CoCreateInstance
PropVariantClear
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoTaskMemAlloc
CoRevokeClassObject
CoInitializeSecurity
CoGetMalloc
CoReleaseMarshalData
CoTaskMemFree
CoCancelCall
CoDisableCallCancellation
GetTimeFormatEx
GetTimeFormatW
GetDateFormatW
GetDateFormatEx
OutputDebugStringA
OutputDebugStringW
DelayLoadFailureHook
ResolveDelayLoadedAPI
GetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetErrorMode
SetLastError
WriteFile
GetLongPathNameW
CompareFileTime
RemoveDirectoryW
GetTempPathW
FindNextFileW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
DeleteFileW
GetFileAttributesW
FindFirstFileExW
DuplicateHandle
CloseHandle
HeapAlloc
HeapDestroy
HeapFree
GetProcessHeap
LocalAlloc
GlobalAlloc
LocalFree
GlobalFree
LocalReAlloc
GetQueuedCompletionStatus
CreateIoCompletionPort
AssignProcessToJobObject
CreateJobObjectW
SetInformationJobObject
QueryInformationJobObject
FindStringOrdinal
SizeofResource
LoadResource
FreeLibraryAndExitThread
GetModuleHandleA
GetModuleFileNameW
LockResource
GetModuleHandleW
FreeLibrary
LoadStringW
FindResourceExW
LoadLibraryExW
GetModuleFileNameA
GetProcAddress
GetModuleHandleExW
FormatMessageW
GetUserDefaultLangID
IsValidLocaleName
GetCalendarInfoW
GetUserPreferredUILanguages
GetThreadUILanguage
GetUserGeoID
GetLocaleInfoW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
PathCchAppend
PathCchAddExtension
PathCchCombine
GetCurrentDirectoryW
ExpandEnvironmentStringsW
GetCommandLineW
SearchPathW
OpenThread
TerminateThread
GetExitCodeProcess
ExitProcess
SetProcessShutdownParameters
TlsAlloc
SetThreadPriorityBoost
QueueUserAPC
GetProcessId
GetCurrentProcess
GetPriorityClass
OpenProcessToken
SetThreadPriority
GetCurrentProcessId
OpenProcess
ProcessIdToSessionId
GetStartupInfoW
GetCurrentThread
CreateThread
TlsFree
OpenThreadToken
ResumeThread
SetPriorityClass
TerminateProcess
GetThreadPriority
CreateProcessW
TlsGetValue
TlsSetValue
GetCurrentThreadId
QueryPerformanceCounter
QueryFullProcessImageNameW
RegCreateKeyExW
RegOpenCurrentUser
RegCloseKey
RegDeleteTreeW
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW
RegGetValueW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyExW
RegEnumValueW
RegQueryValueExW
SHRegGetBoolUSValueW
SHRegGetUSValueW
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
ReleaseActCtx
DeactivateActCtx
ActivateActCtx
CreateActCtxW
WideCharToMultiByte
CompareStringOrdinal
CompareStringW
MultiByteToWideChar
CharLowerBuffW
CharNextW
CharLowerW
IsCharAlphaNumericW
InitOnceExecuteOnce
EnterCriticalSection
ReleaseMutex
InitOnceComplete
TryEnterCriticalSection
SetEvent
AcquireSRWLockShared
InitializeCriticalSectionEx
WaitForSingleObjectEx
DeleteCriticalSection
WaitForSingleObject
CreateMutexExW
CreateSemaphoreExW
ReleaseSemaphore
CreateMutexW
ResetEvent
OpenMutexW
ReleaseSRWLockExclusive
InitOnceBeginInitialize
CreateEventExW
ReleaseSRWLockShared
WaitForMultipleObjectsEx
CreateEventW
InitializeCriticalSection
OpenEventW
SleepEx
Sleep
OpenSemaphoreW
InitializeSRWLock
AcquireSRWLockExclusive
LeaveCriticalSection
GetTickCount64
GetSystemTime
GetProductInfo
GetWindowsDirectoryW
GetSystemDirectoryW
GetVersionExW
GetTickCount
GetSystemTimeAsFileTime
GetLocalTime
SetThreadpoolWait
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
SetThreadpoolTimer
SubmitThreadpoolWork
TrySubmitThreadpoolCallback
WaitForThreadpoolTimerCallbacks
CallbackMayRunLong
CloseThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
GetDynamicTimeZoneInformation
FileTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SetRestrictedErrorInfo
RoOriginateError
RoGetMatchingRestrictedErrorInfo
RoActivateInstance
RoGetActivationFactory
WindowsSubstringWithSpecifiedLength
WindowsDuplicateString
WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal
WindowsCreateString
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage
GetTraceLoggerHandle
StartTraceW
StopTraceW
EnableTraceEx2
EventSetInformation
EventWriteTransfer
EventRegister
EventWrite
EventActivityIdControl
EventUnregister
EventEnabled
GetPwrCapabilities
PowerDeterminePlatformRoleEx
CallNtPowerInformation
GetTokenInformation
GetAclInformation
CreateWellKnownSid
IsValidSid
CopySid
DuplicateToken
CheckTokenMembership
InitializeAcl
GetAce
GetLengthSid
EqualSid
DeleteAce
AddAce
MakeAbsoluteSD
GetDefaultIdentityProvider
ReleaseIdentityProviderEnumContext
GetIdentityProviderInfoByGUID
EnumerateIdentityProviders
QueryServiceConfigW
NotifyServiceStatusChangeW
Ord(140)
DwmGetWindowAttribute
DwmSetWindowAttribute
DwmQueryThumbnailSourceSize
Ord(113)
Ord(159)
Ord(140)
Ord(141)
Ord(124)
DwmUnregisterThumbnail
DwmRegisterThumbnail
DwmEnableBlurBehindWindow
DwmIsCompositionEnabled
Ord(139)
Ord(138)
DwmUpdateThumbnailProperties
Ord(114)
iswalnum
__wgetmainargs
malloc
_vsnprintf_s
floorf
realloc
memset
_snwprintf_s
__dllonexit
wcsncpy_s
_CxxThrowException
wcstol
wcscpy_s
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
_fmode
_vsnwprintf
?what@exception@@UEBAPEBDXZ
_cexit
?terminate@@YAXXZ
__C_specific_handler
memcpy_s
floor
_lock
??1type_info@@UEAA@XZ
sqrt
_onexit
mktime
exit
_XcptFilter
_commode
__setusermatherr
wcsrchr
_wcmdln
_get_errno
_amsg_exit
ceilf
_wcsicmp
??0exception@@QEAA@AEBQEBDH@Z
_set_errno
memmove_s
_unlock
wcschr
memcmp
memcpy
ceil
__CxxFrameHandler3
wcscspn
free
_errno
_initterm
_vsnwprintf_s
wcscmp
memmove
_wcstoui64
localtime
wcstombs
strchr
??1exception@@UEAA@XZ
_itow_s
??0exception@@QEAA@AEBV0@@Z
wcsspn
swprintf_s
bsearch
time
wcsstr
_exit
_wtoi
difftime
__set_app_type
RtlNtStatusToDosError
RtlInitUnicodeString
RtlPublishWnfStateData
NtQueryWnfStateData
RtlFlushHeaps
WinSqmSetDWORD
NtSetThreadExecutionState
NtSetSystemInformation
RtlQueryWnfStateData
NtOpenProcessToken
NtOpenThreadToken
RtlUnsubscribeWnfNotificationWaitForCompletion
NtClose
WinSqmAddToStream
NtQueryInformationToken
NtSetInformationProcess
WinSqmAddToStreamEx
RtlSubscribeWnfStateChangeNotification
NtQueryInformationProcess
WinSqmIsOptedIn
Ord(104)
Number of PE resources by type
IMAGE 234
RT_ICON 233
RT_GROUP_ICON 29
RT_MANIFEST 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 499
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
10.0

InitializedDataSize
2902528

ImageVersion
10.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
10.0.14393.206

UninitializedDataSize
512

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
14.0

FileTypeExtension
exe

OriginalFileName
EXPLORER.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
10.0.14393.206 (rs1_release.160915-0644)

TimeStamp
2016:09:15 17:24:18+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
explorer

ProductVersion
10.0.14393.206

FileDescription
Windows Explorer

OSVersion
10.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
AMD AMD64

CompanyName
Microsoft Corporation

CodeSize
1736704

FileSubtype
0

ProductVersionNumber
10.0.14393.206

Warning
Possibly corrupt Version resource

EntryPoint
0x9eb50

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
File identification
MD5 13be475da00ab05866cc3632f5ad54b0
SHA1 34c157d1ead16d580cd4cce47e38f312e87c05d1
SHA256 0bd0a04d7b32648f627387894a165b321ac277bd8103a4ca6790607458adf778
ssdeep
49152:UzFA9qNiq8XATNBTo1beT+Hofxseeuizr0TbPhYK+Lw8A7/eFwIADKo:UzMi4bnIVbPhuw8a0ODKo

authentihash 81c4f24dbab672f533032678a84036f9b32b65eb8bf5e668ef7df495f7d99ddc
imphash 96ba76efff6ab9fe5e4a88f42cd3b86e
File size 4.5 MB ( 4673296 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (58.5%)
Win 9x/ME Control Panel applet (32.9%)
Generic Win/DOS Executable (4.2%)
DOS Executable Generic (4.2%)
Tags
64bits peexe assembly signed overlay

VirusTotal metadata
First submission 2016-09-24 23:24:16 UTC ( 9 months ago )
Last submission 2017-05-23 10:02:32 UTC ( 1 month ago )
File names 2e3d3dc303aa2749bbd94069a4021ed2.tmp
b71849e05a4e3444a84111286d7b2808.tmp
950196100b1ffc41a7f21d11a453a3b6.tmp
652ee61.tmpscan
7d9fe73483bc7d43a5fb953adf5d356c.tmp
d9a091ec1ce2f9409e6b9fd6d4b1f8bf.tmp
4fcb9e09df669e4084f9a63e63613980.tmp
1bf534af08f66843bbe79cc681ff0cd2.tmp
25e90293d640d201324d00008823e828_explorer.exe
ad8faae709ce9f4e88f60b34517251ec.tmp
85e64723411ff248841af01479730af0.tmp
a1352eb440f3544492b5d4502cfab3bd.tmp
f978474112e79142a1c1f17fed542f0e.tmp
e3170ea072cc8b489f43bfd86568a5ac.tmp
e879f2c919f05a43a25b854dd9b44ee2.tmp
18b05eef3deb4b49baec882f79bf7e46.tmp
explorer.exe
61c26c8af01be348bf7bd30eedd0fc53.tmp
13BE475DA00AB05866CC3632F5AD54B0_explorer.exe
8d18515365e5c5438c922d28cb1775a6.tmp
152ee61.tmpscan
1a55cded21006748b8b4d19ba915710f.tmp
b786744e9be83b4cb09f83cdfdd21ae6.tmp
22b5eb1f3f2fd2016d560000b04a5018_explorer.exe
ee3b1a5e2d5a1348b5acf032060b56c2.tmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!