× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6a671b92a69755de6fd063fcbe4ba926d83b49f78c42dbaeed8cdb6bbc57576a
File name: explorer.exe
Detection ratio: 0 / 61
Analysis date: 2017-03-24 21:47:52 UTC ( 1 day, 9 hours ago )
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
ALYac 20170324
AVG 20170324
AVware 20170324
Ad-Aware 20170324
AegisLab 20170324
AhnLab-V3 20170324
Antiy-AVL 20170324
Arcabit 20170324
Avast 20170324
Avira (no cloud) 20170324
Baidu 20170323
BitDefender 20170324
CAT-QuickHeal 20170324
CMC 20170324
ClamAV 20170324
Comodo 20170324
CrowdStrike Falcon (ML) 20170130
Cyren 20170324
DrWeb 20170324
ESET-NOD32 20170324
Emsisoft 20170324
Endgame 20170317
F-Prot 20170324
F-Secure 20170324
Fortinet 20170324
GData 20170324
Ikarus 20170324
Invincea 20170203
Jiangmin 20170324
K7AntiVirus 20170324
K7GW 20170324
Kaspersky 20170324
Kingsoft 20170324
Malwarebytes 20170324
McAfee 20170324
McAfee-GW-Edition 20170324
eScan 20170324
Microsoft 20170324
NANO-Antivirus 20170324
Palo Alto Networks (Known Signatures) 20170324
Panda 20170324
Qihoo-360 20170324
Rising 20170324
SUPERAntiSpyware 20170324
SentinelOne (Static ML) 20170315
Sophos 20170324
Symantec 20170324
Tencent 20170324
TheHacker 20170321
TotalDefense 20170324
TrendMicro 20170324
TrendMicro-HouseCall 20170324
VBA32 20170324
VIPRE 20170324
ViRobot 20170324
Webroot 20170324
Yandex 20170323
Zillya 20170323
ZoneAlarm by Check Point 20170324
Zoner 20170324
nProtect 20170324
Alibaba 20170324
Symantec Mobile Insight 20170324
Trustlook 20170324
WhiteArmor 20170315
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name EXPLORER.EXE
Internal name explorer
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Windows Explorer
Signature verification Signed file, verified signature
Signing date 8:37 PM 11/20/2010
Signers
[+] Microsoft Windows
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Windows Verification PCA
Valid from 10:57 PM 12/7/2009
Valid to 10:57 PM 3/7/2011
Valid usage Code Signing, NT5 Crypto
Algorithm sha1RSA
Thumbprint 02ECEEA9D5E0A9F3E39B6F4EC3F7131ED4E352C4
Serial number 61 15 23 0F 00 00 00 00 00 0A
[+] Microsoft Windows Verification PCA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Root Certificate Authority
Valid from 10:55 PM 9/15/2005
Valid to 11:05 PM 3/15/2016
Valid usage Code Signing, NT5 Crypto
Algorithm sha1RSA
Thumbprint 5DF0D7571B0780783960C68B78571FFD7EDAF021
Serial number 61 07 02 DC 00 00 00 00 00 0B
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 8:12 PM 7/25/2008
Valid to 8:22 PM 7/25/2011
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 56E832A33DDC8CF2C916DA7CBB1175CBACABAE2C
Serial number 61 03 DC F6 00 00 00 00 00 0C
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 1:53 PM 4/3/2007
Valid to 2:03 PM 4/3/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine x64
Compilation timestamp 2010-11-20 10:21:56
Entry Point 0x0002B790
Number of sections 6
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
EventWrite
ConvertSidToStringSidW
RegCreateKeyW
LsaLookupSids
GetTraceEnableFlags
OpenThreadToken
CryptHashData
RegisterTraceGuidsW
RegQueryValueExW
LsaOpenPolicy
GetSidSubAuthorityCount
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
EventRegister
LsaClose
QueryServiceStatus
RegGetValueW
RegOpenKeyExW
EventUnregister
CryptCreateHash
EnableTraceEx
RegOpenKeyW
GetTokenInformation
CryptReleaseContext
StartTraceW
IsValidSid
UnregisterTraceGuids
RegQueryInfoKeyW
StopTraceW
RegEnumValueW
GetTraceEnableLevel
CryptAcquireContextW
RegEnumKeyExW
GetLengthSid
ConvertStringSidToSidW
TraceMessage
CryptDestroyHash
StartServiceW
OpenServiceW
RegDeleteValueW
OpenProcessToken
RegSetValueExW
CryptGetHashParam
OpenSCManagerW
LsaFreeMemory
CheckTokenMembership
RegDeleteKeyExW
CloseServiceHandle
GetTraceLoggerHandle
EventEnabled
Ord(110)
Ord(111)
SetDIBits
GetTextMetricsW
CreateFontIndirectW
PatBlt
OffsetRgn
CreatePen
GetRgnBox
CreateRectRgnIndirect
LPtoDP
CombineRgn
GetClipBox
GetViewportOrgEx
CreateDIBSection
GetLayout
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
SetBkMode
SetLayout
GetRegionData
IntersectClipRect
BitBlt
GdiAlphaBlend
SetTextColor
OffsetWindowOrgEx
ExtTextOutW
GetObjectW
CreateBitmap
GetStockObject
SetViewportOrgEx
ExtCreateRegion
GdiFlush
SelectClipRgn
CreateCompatibleDC
StretchBlt
DeleteObject
GetBkColor
CreateRectRgn
GetClipRgn
GetTextColor
SetWindowOrgEx
Polyline
SelectObject
SetBkColor
GetTextExtentPointW
GetTextExtentPoint32W
CreateCompatibleBitmap
ReleaseMutex
InterlockedPopEntrySList
DeactivateActCtx
WaitForSingleObject
LockResource
HeapDestroy
GetFileAttributesW
QueryFullProcessImageNameW
GetLocalTime
GetProcessId
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
SetErrorMode
GetLocaleInfoW
WideCharToMultiByte
FindResourceExW
GetSystemTimeAsFileTime
ReleaseActCtx
ResumeThread
SetEvent
LocalFree
GetThreadPriority
InterlockedPushEntrySList
CreateEventW
LoadResource
FindClose
CreateJobObjectW
QueueUserWorkItem
SetLastError
GetUserDefaultUILanguage
GetSystemTime
OpenThread
InitializeCriticalSection
GetUserDefaultLangID
GetModuleFileNameW
ExitProcess
LoadLibraryA
RaiseException
GetPriorityClass
LoadLibraryExA
CreateActCtxW
SetThreadPriority
DelayLoadFailureHook
AssignProcessToJobObject
ActivateActCtx
SetInformationJobObject
RtlVirtualUnwind
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FlushInstructionCache
GetPrivateProfileStringW
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
GetDynamicTimeZoneInformation
SetPriorityClass
TerminateProcess
SearchPathW
GlobalAlloc
GetCurrentThreadId
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetLastError
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
CompareStringOrdinal
lstrcmpiW
GetWindowsDirectoryW
GetFileSize
OpenProcess
RegisterApplicationRestart
GetDateFormatW
GetStartupInfoW
DeleteFileW
SetTermsrvAppInstallMode
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
GetBinaryTypeW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
RtlLookupFunctionEntry
ResetEvent
QueryInformationJobObject
FindFirstFileW
DuplicateHandle
WaitForMultipleObjects
GetProcAddress
GetProductInfo
GetTimeZoneInformation
CreateFileW
HeapAlloc
LeaveCriticalSection
GlobalGetAtomNameW
SystemTimeToFileTime
GetComputerNameW
lstrlenA
GlobalFree
CompareStringW
SetProcessShutdownParameters
GlobalUnlock
lstrlenW
CreateProcessW
GetQueuedCompletionStatus
CompareFileTime
GetCurrentProcessId
CreateIoCompletionPort
GetCommandLineW
GetCurrentThread
GetTickCount64
QueryPerformanceFrequency
MapViewOfFile
GetModuleHandleA
ReadFile
RtlCaptureContext
CloseHandle
GlobalLock
GetModuleHandleW
GetLongPathNameW
GetCurrentDirectoryW
UnmapViewOfFile
OpenEventW
VirtualFree
Sleep
VirtualAlloc
SysAllocStringLen
VariantClear
SysAllocString
SysFreeString
SysAllocStringByteLen
VariantInit
CallNtPowerInformation
GetPwrCapabilities
PowerDeterminePlatformRole
PropVariantToUInt64
PropVariantToString
VariantToStringWithDefault
PropVariantToStringAlloc
PropVariantToInt64
PropVariantToUInt32
VariantToBooleanWithDefault
PropVariantToBoolean
VariantToStringAlloc
PSCreateMemoryPropertyStore
VariantToInt32WithDefault
RpcBindingFree
NdrClientCall3
RpcBindingSetAuthInfoExW
I_RpcExceptionFilter
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW
DragQueryFileW
SHCreateDataObject
SHCreateItemFromParsingName
SHUpdateRecycleBinIcon
SHChangeNotifyRegisterThread
SHGetLocalizedName
Ord(814)
Ord(731)
Ord(22)
Ord(54)
Ord(132)
ShellExecuteExW
SHCreateShellItemArrayFromShellItem
SHBindToFolderIDListParent
Ord(64)
Ord(895)
SHGetFileInfoW
Ord(155)
Ord(100)
Ord(902)
Ord(4)
Ord(176)
Ord(25)
Ord(95)
SHEvaluateSystemCommandTemplate
Ord(892)
Ord(154)
SHFileOperationW
Ord(245)
Ord(89)
Ord(162)
SHCreateItemFromIDList
Ord(190)
Ord(165)
Ord(840)
SHGetStockIconInfo
Ord(747)
Ord(885)
SHEnableServiceObject
Ord(893)
SHGetKnownFolderPath
Ord(102)
Ord(244)
Ord(711)
Ord(6)
Ord(680)
Shell_NotifyIconGetRect
SHGetFolderPathW
SHCreateShellItemArrayFromIDLists
Ord(818)
Ord(727)
Ord(67)
Ord(787)
Ord(16)
SHParseDisplayName
SHGetIDListFromObject
SHGetFolderPathEx
Ord(74)
SHBindToParent
SHChangeNotify
Ord(152)
Ord(18)
SHGetFolderLocation
Ord(850)
SHGetPathFromIDListW
Shell_GetCachedImageIndexW
Ord(88)
Ord(17)
Shell_NotifyIconW
Ord(188)
SHGetPathFromIDListA
Ord(265)
SHGetPropertyStoreForWindow
Ord(886)
Ord(193)
Ord(254)
SHCreateItemWithParent
SHBindToObject
Ord(660)
SHGetSpecialFolderPathW
Ord(19)
Ord(181)
SHAddToRecentDocs
SHGetNameFromIDList
ShellExecuteW
Ord(21)
Ord(899)
Ord(894)
Ord(60)
Ord(790)
Ord(91)
Ord(134)
Ord(733)
Ord(241)
Ord(85)
Ord(849)
Ord(68)
Ord(645)
Ord(28)
Ord(201)
Ord(896)
Ord(753)
Ord(61)
SHCreateShellItem
SHBindToFolderIDListParentEx
Ord(137)
Ord(2)
Ord(723)
SHGetKnownFolderIDList
Ord(23)
Ord(644)
ExtractIconExW
SHGetSpecialFolderLocation
Ord(200)
Ord(156)
Ord(217)
SHRegGetUSValueW
PathIsRootW
Ord(510)
PathIsDirectoryW
SHRegGetValueW
SHRegGetBoolUSValueW
Ord(484)
Ord(168)
Ord(184)
Ord(630)
Ord(237)
SHDeleteValueW
Ord(476)
StrToIntW
Ord(176)
PathFindFileNameW
Ord(164)
SHCreateThreadRef
Ord(487)
Ord(631)
PathQuoteSpacesW
Ord(460)
PathRemoveBlanksW
Ord(199)
SHSetValueW
Ord(388)
Ord(154)
Ord(548)
Ord(219)
Ord(178)
StrRetToBufW
Ord(437)
PathParseIconLocationW
PathFindExtensionW
PathRemoveArgsW
SHDeleteKeyW
SHGetValueW
Ord(292)
Ord(24)
SHCreateStreamOnFileW
Ord(165)
StrCmpIW
Ord(467)
Ord(204)
PathIsFileSpecW
Ord(478)
PathRemoveFileSpecW
PathAppendW
Ord(163)
Ord(559)
StrCmpW
StrCmpNW
Ord(635)
Ord(571)
Ord(197)
Ord(16)
Ord(212)
PathGetArgsW
Ord(509)
Ord(270)
Ord(479)
PathIsPrefixW
Ord(502)
Ord(629)
Ord(278)
Ord(618)
PathGetDriveNumberW
Ord(213)
PathStripToRootW
PathCombineW
Ord(439)
Ord(9)
PathStripPathW
Ord(413)
PathCommonPrefixW
StrStrIW
Ord(175)
AssocQueryStringW
Ord(503)
PathIsNetworkPathW
Ord(10)
SHSetThreadRef
AssocCreate
Ord(172)
Ord(8)
StrCmpNIW
Ord(560)
AssocQueryKeyW
SHOpenRegStream2W
SHStrDupA
Ord(225)
SHStrDupW
Ord(174)
Ord(433)
Ord(279)
StrChrW
StrTrimW
PathFileExistsW
StrChrIW
Ord(215)
PathRemoveExtensionW
Ord(157)
SHQueryInfoKeyW
ChrCmpIW
Ord(256)
Ord(240)
Ord(177)
Ord(12)
Ord(193)
Ord(158)
Ord(236)
Ord(632)
StrRetToStrW
GetUserNameExW
RedrawWindow
GetForegroundWindow
SetWindowRgn
UnregisterHotKey
SetMenuDefaultItem
SetWindowLongPtrW
SetRectEmpty
DestroyMenu
PostQuitMessage
GetMessagePos
LockSetForegroundWindow
SetWindowPos
GetNextDlgTabItem
IsWindow
EndPaint
WindowFromPoint
CascadeWindows
RegisterShellHookWindow
GetShellWindow
SetMenuItemInfoW
SetActiveWindow
DispatchMessageW
GetCursorPos
ChildWindowFromPointEx
GetDlgCtrlID
HungWindowFromGhostWindow
LockWorkStation
SendMessageW
GhostWindowFromHungWindow
UnregisterClassW
GetClassInfoW
AllowSetForegroundWindow
DrawTextW
SetScrollPos
GetThreadDesktop
CallNextHookEx
MsgWaitForMultipleObjectsEx
LoadImageW
GetActiveWindow
RegisterHotKey
GetWindowTextW
RegisterClipboardFormatW
MsgWaitForMultipleObjects
SetWindowCompositionAttribute
DeregisterShellHookWindow
PtInRect
DrawEdge
GetUserObjectInformationW
GetClassInfoExW
UpdateWindow
GetPropW
IsProcessDPIAware
SetClassLongW
EnumWindows
UpdateLayeredWindowIndirect
GetMessageW
ShowWindow
FlashWindowEx
GetNextDlgGroupItem
SetPropW
EnumDisplayMonitors
PeekMessageW
InsertMenuItemW
SetWindowPlacement
CharUpperW
ShowWindowAsync
ShutdownBlockReasonCreate
LoadIconW
ChildWindowFromPoint
TranslateMessage
SetThreadDesktop
GetWindow
GetMenuDefaultItem
ActivateKeyboardLayout
RegisterClassW
InternalGetWindowText
GetIconInfo
LoadAcceleratorsW
GetMenuStringW
IsZoomed
GetWindowPlacement
SendNotifyMessageW
DestroyWindow
CalculatePopupWindowPosition
IsHungAppWindow
EnableMenuItem
TrackPopupMenuEx
DrawFocusRect
SetTimer
LoadStringW
GetKeyboardLayout
SwitchToThisWindow
MonitorFromPoint
CopyRect
DeferWindowPos
CreateWindowExW
GetWindowRgnBox
GetUpdateRect
GetWindowInfo
GetMenuItemInfoW
IsChild
SetFocus
RegisterWindowMessageW
GetMonitorInfoW
OpenInputDesktop
BeginPaint
OffsetRect
DefWindowProcW
CopyIcon
KillTimer
TrackMouseEvent
CharPrevW
WaitMessage
ChangeWindowMessageFilterEx
MapWindowPoints
GetParent
GetSystemMetrics
IsIconic
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
GetMessageExtraInfo
SendDlgItemMessageW
GetProcessWindowStation
InvalidateRect
EndDialog
IsWindowEnabled
EqualRect
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetClassLongW
GetLastActivePopup
DrawIconEx
SetWindowTextW
GetDlgItem
RemovePropW
SystemParametersInfoW
BringWindowToTop
FindWindowW
ClientToScreen
PostMessageW
SetGestureConfig
GetLayeredWindowAttributes
TrackPopupMenu
GetMenuItemCount
GetClassLongPtrW
IsDlgButtonChecked
CheckDlgButton
GetMenuState
SetWindowsHookExW
LoadCursorW
GetSystemMenu
GetDC
InsertMenuW
FillRect
SetForegroundWindow
NotifyWinEvent
ExitWindowsEx
WindowFromDC
GetAsyncKeyState
GetCaretBlinkTime
IsWinEventHookInstalled
ReleaseDC
IntersectRect
SetLayeredWindowAttributes
GetScrollInfo
GetDlgItemInt
ModifyMenuW
GetCapture
SetWinEventHook
EndTask
ScreenToClient
MessageBeep
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
GetSysColorBrush
BeginDeferWindowPos
GetLastInputInfo
RegisterClassExW
UnhookWindowsHookEx
MoveWindow
DialogBoxParamW
AppendMenuW
GetWindowDC
AdjustWindowRectEx
GetFocus
GetSysColor
SendMessageCallbackW
SetScrollInfo
GetKeyState
EndDeferWindowPos
UpdateLayeredWindow
GetDoubleClickTime
DestroyIcon
GetWindowLongW
IsWindowVisible
GetWindowLongPtrW
TileWindows
GetDesktopWindow
SubtractRect
SetCursorPos
GetGUIThreadInfo
UnionRect
MonitorFromWindow
FrameRect
SetRect
DeleteMenu
MonitorFromRect
CharNextW
CallWindowProcW
GetClassNameW
AdjustWindowRect
GetClientRect
CloseDesktop
IsRectEmpty
SendMessageTimeoutW
EnableWindow
SetCursor
GetAncestor
SetDlgItemInt
TranslateAcceleratorW
IsAppThemed
DrawThemeTextEx
DrawThemeIcon
GetThemeMetric
IsThemePartDefined
GetThemeMargins
BeginBufferedPaint
GetThemeBackgroundRegion
GetThemeBackgroundContentRect
GetThemeTextExtent
DrawThemeParentBackground
DrawThemeBackground
BufferedPaintInit
GetThemePartSize
SetWindowTheme
DrawThemeText
IsThemeActive
Ord(86)
GetWindowTheme
GetThemeBool
EndBufferedPaint
CloseThemeData
BufferedPaintUnInit
GetThemeRect
IsCompositionActive
GetThemeColor
GetThemeBackgroundExtent
BufferedPaintClear
OpenThemeData
GetBufferedPaintBits
DwmSetWindowAttribute
DwmQueryThumbnailSourceSize
Ord(113)
Ord(127)
Ord(124)
DwmUnregisterThumbnail
DwmEnableBlurBehindWindow
DwmIsCompositionEnabled
DwmUpdateThumbnailProperties
Ord(114)
Ord(105)
GdipSetInterpolationMode
GdiplusShutdown
GdipCreateFromHDC
GdipSetCompositingMode
GdipFree
GdipGetImageHeight
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipGetImageWidth
GdipDrawImageRectI
GdipDeleteGraphics
cosf
malloc
__wgetmainargs
realloc
memset
wcschr
__dllonexit
_fmode
_vsnwprintf
_amsg_exit
?terminate@@YAXXZ
__C_specific_handler
_lock
sqrt
_onexit
exit
_XcptFilter
memcmp
iswalpha
__setusermatherr
sin
_wcmdln
_cexit
_wcsicmp
_unlock
_commode
free
ceil
_exit
memmove
memcpy
bsearch
wcsstr
_initterm
__set_app_type
_wtoi
EtwEventEnabled
WinSqmSetString
WinSqmEventEnabled
WinSqmSetDWORD
RtlGetProductInfo
NtSetSystemInformation
NtSetInformationProcess
NtOpenProcessToken
NtOpenThreadToken
NtClose
WinSqmAddToStream
NtQueryInformationToken
NtQueryInformationProcess
WinSqmAddToStreamEx
EtwEventWrite
WinSqmIsOptedIn
OleUninitialize
CoUninitialize
CoMarshalInterThreadInterfaceInStream
StringFromGUID2
CreateStreamOnHGlobal
ReleaseStgMedium
RegisterDragDrop
CoGetInterfaceAndReleaseStream
RevokeDragDrop
CoRegisterMessageFilter
CLSIDFromString
CoRegisterClassObject
CoInitialize
OleInitialize
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoTaskMemAlloc
CoRevokeClassObject
CoFreeUnusedLibraries
CreateBindCtx
CoGetMalloc
PropVariantClear
CoTaskMemFree
SLGetWindowsInformationDWORD
Number of PE resources by type
RT_ICON 193
RT_GROUP_ICON 23
RT_BITMAP 16
RT_MANIFEST 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 235
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.1

LinkerVersion
9.0

ImageVersion
6.1

FileSubtype
0

FileVersionNumber
6.1.7601.17514

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
2119680

EntryPoint
0x2b790

OriginalFileName
EXPLORER.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2010:11:20 11:21:56+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
explorer

ProductVersion
6.1.7601.17514

FileDescription
Windows Explorer

OSVersion
6.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
AMD AMD64

CompanyName
Microsoft Corporation

CodeSize
752640

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 ac4c51eb24aa95b77f705ab159189e24
SHA1 4583daf9442880204730fb2c8a060430640494b1
SHA256 6a671b92a69755de6fd063fcbe4ba926d83b49f78c42dbaeed8cdb6bbc57576a
ssdeep
49152:jxrceI/lIRYraisQhFCUCAvYYYYYYYYYYYRYYYYYYYYYYE3iA7/eFUJN9ojoso2W:FrcPlIWFvYYYYYYYYYYYRYYYYYYYYYY4

authentihash c860e83fe205fdcb328874b64907cf565d02a8c0e9c60b4bf46a044465625cbb
imphash 6422e341c67ba0880e012f8c7c634c21
File size 2.7 MB ( 2872320 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Tags
peexe assembly signed via-tor 64bits trusted

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with explorer.exe as its name.
VirusTotal metadata
First submission 2011-01-14 22:45:00 UTC ( 6 years, 2 months ago )
Last submission 2017-03-24 21:47:52 UTC ( 1 day, 9 hours ago )
File names msl-12020-1097
msl-8388-2453
msl-7744-2950
c640a2bc87c2ab4283c15eb3326e7f80.tmp
msl-1904-1055
exploder.exe
msl-65336-1117
msl-8868-1550
msl-5652-12458
EXPLORER.EXE.MUI
explorer(1091).exe
explorer_backup_w7sbc.exe
msl-6920-1511
msl-7080-1060
explorer1.exe
explorer.backup.exe
1ecaf22c842bf4dba411e27fe1c9a272
msl-3016-1055
msl-8616-3963
explorer_Win.exe
explorer.exe
62f8516b83704b479626b1079f997cac.tmp
msl-7848-910
msl-1544-5851
Explorer.EXE
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!