× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 62b6df6d0dac0c9b248187e4b67a904c3801b11eb7f3968c5db3077fe4a9aa22
File name: iexplore
Detection ratio: 0 / 67
Analysis date: 2018-02-22 01:35:01 UTC ( 1 hour, 16 minutes ago )
Antivirus Result Update
Ad-Aware 20180222
AegisLab 20180222
AhnLab-V3 20180221
Alibaba 20180216
ALYac 20180222
Arcabit 20180222
Avast 20180222
Avast-Mobile 20180221
AVG 20180222
Avira (no cloud) 20180221
AVware 20180222
Baidu 20180208
BitDefender 20180222
Bkav 20180212
CAT-QuickHeal 20180221
ClamAV 20180222
CMC 20180221
Comodo 20180222
CrowdStrike Falcon (ML) 20170201
Cybereason 20180205
Cylance 20180222
Cyren 20180222
DrWeb 20180222
eGambit 20180222
Emsisoft 20180221
Endgame 20180216
ESET-NOD32 20180222
F-Prot 20180221
F-Secure 20180222
Fortinet 20180221
GData 20180221
Ikarus 20180221
Sophos ML 20180121
Jiangmin 20180222
K7AntiVirus 20180221
K7GW 20180221
Kaspersky 20180222
Kingsoft 20180222
Malwarebytes 20180222
MAX 20180222
McAfee 20180221
McAfee-GW-Edition 20180221
Microsoft 20180221
eScan 20180222
NANO-Antivirus 20180222
nProtect 20180222
Palo Alto Networks (Known Signatures) 20180222
Panda 20180221
Qihoo-360 20180222
Rising 20180221
SentinelOne (Static ML) 20180115
Sophos AV 20180221
SUPERAntiSpyware 20180221
Symantec 20180222
Symantec Mobile Insight 20180220
Tencent 20180222
TheHacker 20180219
TotalDefense 20180221
TrendMicro 20180221
TrendMicro-HouseCall 20180222
Trustlook 20180222
VBA32 20180221
VIPRE 20180222
ViRobot 20180221
Webroot 20180222
WhiteArmor 20180205
Yandex 20180221
Zillya 20180221
ZoneAlarm by Check Point 20180222
Zoner 20180222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Internet Explorer
Original name IEXPLORE.EXE
Internal name iexplore
File version 11.00.9600.18616 (winblue_ltsb.170302-0600)
Description Internet Explorer
Signature verification Signed file, verified signature
Signing date 5:38 PM 3/4/2017
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Code Signing PCA
Valid from 9:17 PM 8/18/2016
Valid to 9:17 PM 11/2/2017
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 98ED99A67886D020C564923B7DF25E9AC019DF26
Serial number 33 00 00 01 40 96 A9 EE 70 56 FE CC 07 00 01 00 00 01 40
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:19 PM 8/31/2010
Valid to 11:29 PM 8/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status Valid
Issuer Microsoft Time-Stamp PCA
Valid from 6:58 PM 9/7/2016
Valid to 6:58 PM 9/7/2018
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint CC5B869DBD2603381FD2E60C387D299EBE0D06CF
Serial number 33 00 00 00 CB D9 52 06 53 BF 3E 2A 59 00 00 00 00 00 CB
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 1:53 PM 4/3/2007
Valid to 2:03 PM 4/3/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-02 16:44:43
Entry Point 0x00001E40
Number of sections 6
PE sections
Overlays
MD5 ed153053463462dd484c8c89765fc125
File type data
Offset 799744
Size 15560
Entropy 7.40
PE imports
GetNativeSystemInfo
GetLastError
LoadLibraryExW
GetSystemInfo
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
GetVersionExA
HeapSetInformation
SetProcessDEPPolicy
LoadLibraryExA
Wow64DisableWow64FsRedirection
LocalAlloc
GetCommandLineW
UnhandledExceptionFilter
SetErrorMode
GetStartupInfoW
GetProcAddress
GetModuleHandleA
RaiseException
ExpandEnvironmentStringsW
DeleteCriticalSection
SetUnhandledExceptionFilter
GetCurrentProcess
Wow64RevertWow64FsRedirection
CloseHandle
GetSystemTimeAsFileTime
SetDllDirectoryW
IsWow64Process
GetModuleHandleW
LocalFree
TerminateProcess
InitializeCriticalSection
VirtualQuery
CreateProcessW
Sleep
GetCurrentThreadId
VirtualAlloc
GetCurrentProcessId
RegCloseKey
EventRegister
EventWrite
RegGetValueW
RegOpenKeyExW
EventUnregister
RegQueryValueExW
Ord(139)
Ord(32)
Ord(650)
Ord(701)
Ord(9)
__p__fmode
__wgetmainargs
??_U@YAPAXI@Z
wcschr
_vsnwprintf
_cexit
?terminate@@YAXXZ
exit
??_V@YAXPAX@Z
iswalpha
__setusermatherr
_XcptFilter
_amsg_exit
memset
rand_s
__p__commode
_except_handler4_common
wcsncmp
_controlfp
iswspace
_initterm
_exit
_wcmdln
__set_app_type
Number of PE resources by type
RT_ICON 178
RT_GROUP_ICON 27
RT_MANIFEST 1
WEVT_TEMPLATE 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 209
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.1

LinkerVersion
11.0

ImageVersion
6.3

FileSubtype
0

FileVersionNumber
11.0.9600.18616

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
781824

EntryPoint
0x1e40

OriginalFileName
IEXPLORE.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
11.00.9600.18616 (winblue_ltsb.170302-0600)

TimeStamp
2017:03:02 17:44:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
iexplore

ProductVersion
11.00.9600.18616

FileDescription
Internet Explorer

OSVersion
6.3

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
16896

ProductName
Internet Explorer

ProductVersionNumber
11.0.9600.18616

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Compressed bundles
File identification
MD5 8a590f790a98f3d77399be457e01386a
SHA1 a8e91e847a90f70772fd5cd7684d077b95dfcd9d
SHA256 62b6df6d0dac0c9b248187e4b67a904c3801b11eb7f3968c5db3077fe4a9aa22
ssdeep
24576:qkts/6TgGLbMMHMMMvMMZMMMKzb6XmMMMiMMMz8JMMHMMM6MMZMMMeXNMMzMMMUn:qkXMMHMMMvMMZMMMlmMMMiMMMYJMMHMu

authentihash a6b3c224c18b9790a6eecc973b0dc2e2fcbed27f3dd3bce0cac2913ee06dca0d
imphash fc51828b75c4d5037039ac24cc9c9ea2
File size 796.2 KB ( 815304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-03-14 17:23:30 UTC ( 11 months, 2 weeks ago )
Last submission 2017-10-23 00:42:25 UTC ( 4 months ago )
File names 43ddc924cf54fa4b86acc7b6c5b86979.tmp
cdb0d2ac84e18748bafbd816e78339a0.tmp
682b4a86c6b00c459467f747dedd05ac.tmp
53ae047152823e41af6478f461efb4f3.tmp
b8f0f85af520214ba671bb14867e992c.tmp
f29db779a974bc4891d53de9a20cfc81.tmp
76b7db5f45733741988032ca770c7ed6.tmp
3700702a1a9b854f888bdc81d90012f7.tmp
5a1378d10a9c5b4ab4b9d00c017e4301.tmp
9da4af097de1e74196d9be78f673db4b.tmp
17b395abc554dc46a89ca1de5ab7e84d.tmp
1f8ef5e3662b174aa48dec269b5bdb29.tmp
36a3ce1f3533bd4bba007e3ac457223b.tmp
iexplore.exe
3583840821db45458d4c1c6d3e0fc0c6.tmp
1d5bfc74407fb740b3c7ea1370d975a6.tmp
6c6f13ab67eb114d82db61172bd3916f.tmp
c5fc95109bd4e84eb0dffd978577e254.tmp
c8feb5bd5b2deb4190296f6704a54bea.tmp
1ff18ce320d76c4a8650b06544ffb971.tmp
805a7b0a3193e949967e19cb3602ad5e.tmp
f3360637e1bcc8429b82305671dfcae0.tmp
aaeb3f0db2b7554bb58ced2bd1b9b3d3.tmp
368ab78d714e6b46ad2f4e79b29cd9c5.tmp
0491760986259143b3663f3cdcc44ad1.tmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!