× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6bed1a3a956a859ef4420feb2466c040800eaf01ef53214ef9dab53aeff1cff0
File name: explorer.exe
Detection ratio: 0 / 54
Analysis date: 2015-06-24 08:07:31 UTC ( 2 years, 4 months ago ) View latest
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
ALYac 20150624
AVG 20150623
AVware 20150623
Ad-Aware 20150623
AegisLab 20150623
Yandex 20150623
AhnLab-V3 20150623
Alibaba 20150623
Antiy-AVL 20150623
Arcabit 20150624
Avast 20150623
Avira (no cloud) 20150624
Baidu-International 20150623
BitDefender 20150623
Bkav 20150623
ByteHero 20150624
CAT-QuickHeal 20150623
ClamAV 20150624
Comodo 20150623
Cyren 20150623
DrWeb 20150623
ESET-NOD32 20150623
Emsisoft 20150623
F-Prot 20150622
F-Secure 20150623
Fortinet 20150624
GData 20150623
Ikarus 20150623
Jiangmin 20150620
K7AntiVirus 20150623
K7GW 20150623
Kaspersky 20150623
Kingsoft 20150624
Malwarebytes 20150624
McAfee 20150623
McAfee-GW-Edition 20150623
Microsoft 20150624
NANO-Antivirus 20150623
Panda 20150623
Qihoo-360 20150624
Rising 20150618
SUPERAntiSpyware 20150623
Sophos AV 20150624
Symantec 20150623
Tencent 20150624
TheHacker 20150622
TrendMicro 20150623
TrendMicro-HouseCall 20150623
VBA32 20150622
VIPRE 20150623
ViRobot 20150623
Zillya 20150624
Zoner 20150624
nProtect 20150623
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name EXPLORER.EXE
Internal name explorer
File version 6.1.7601.17567 (win7sp1_gdr.110224-1502)
Description Windows Explorer
Signature verification Signed file, verified signature
Signing date 8:16 PM 2/28/2011
Signers
[+] Microsoft Windows
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Windows Verification PCA
Valid from 10:57 PM 12/7/2009
Valid to 10:57 PM 3/7/2011
Valid usage Code Signing, NT5 Crypto
Algorithm sha1RSA
Thumbprint 02ECEEA9D5E0A9F3E39B6F4EC3F7131ED4E352C4
Serial number 61 15 23 0F 00 00 00 00 00 0A
[+] Microsoft Windows Verification PCA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Root Certificate Authority
Valid from 10:55 PM 9/15/2005
Valid to 11:05 PM 3/15/2016
Valid usage Code Signing, NT5 Crypto
Algorithm sha1RSA
Thumbprint 5DF0D7571B0780783960C68B78571FFD7EDAF021
Serial number 61 07 02 DC 00 00 00 00 00 0B
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 8:12 PM 7/25/2008
Valid to 8:22 PM 7/25/2011
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 56E832A33DDC8CF2C916DA7CBB1175CBACABAE2C
Serial number 61 03 DC F6 00 00 00 00 00 0C
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 1:53 PM 4/3/2007
Valid to 2:03 PM 4/3/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine x64
Compilation timestamp 2011-02-25 04:24:04
Entry Point 0x0002B754
Number of sections 6
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
EventWrite
ConvertSidToStringSidW
RegCreateKeyW
LsaLookupSids
GetTraceEnableFlags
OpenThreadToken
CryptHashData
RegisterTraceGuidsW
RegQueryValueExW
LsaOpenPolicy
GetSidSubAuthorityCount
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
EventRegister
LsaClose
QueryServiceStatus
RegGetValueW
RegOpenKeyExW
EventUnregister
CryptCreateHash
EnableTraceEx
RegOpenKeyW
GetTokenInformation
CryptReleaseContext
StartTraceW
IsValidSid
UnregisterTraceGuids
RegQueryInfoKeyW
StopTraceW
RegEnumValueW
GetTraceEnableLevel
CryptAcquireContextW
RegEnumKeyExW
GetLengthSid
ConvertStringSidToSidW
TraceMessage
CryptDestroyHash
StartServiceW
OpenServiceW
RegDeleteValueW
OpenProcessToken
RegSetValueExW
CryptGetHashParam
OpenSCManagerW
LsaFreeMemory
CheckTokenMembership
RegDeleteKeyExW
CloseServiceHandle
GetTraceLoggerHandle
EventEnabled
Ord(110)
Ord(111)
SetDIBits
GetTextMetricsW
CreateFontIndirectW
PatBlt
OffsetRgn
CreatePen
GetRgnBox
CreateRectRgnIndirect
LPtoDP
CombineRgn
GetClipBox
GetViewportOrgEx
CreateDIBSection
GetLayout
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
SetBkMode
SetLayout
GetRegionData
IntersectClipRect
BitBlt
GdiAlphaBlend
SetTextColor
OffsetWindowOrgEx
ExtTextOutW
GetObjectW
CreateBitmap
GetStockObject
SetViewportOrgEx
ExtCreateRegion
GdiFlush
SelectClipRgn
CreateCompatibleDC
StretchBlt
DeleteObject
GetBkColor
CreateRectRgn
GetClipRgn
GetTextColor
SetWindowOrgEx
Polyline
SelectObject
SetBkColor
GetTextExtentPointW
GetTextExtentPoint32W
CreateCompatibleBitmap
ReleaseMutex
InterlockedPopEntrySList
DeactivateActCtx
WaitForSingleObject
LockResource
HeapDestroy
GetFileAttributesW
QueryFullProcessImageNameW
GetLocalTime
GetProcessId
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
SetErrorMode
GetLocaleInfoW
WideCharToMultiByte
FindResourceExW
GetSystemTimeAsFileTime
ReleaseActCtx
ResumeThread
SetEvent
LocalFree
GetThreadPriority
InterlockedPushEntrySList
CreateEventW
LoadResource
FindClose
CreateJobObjectW
QueueUserWorkItem
SetLastError
GetUserDefaultUILanguage
GetSystemTime
OpenThread
InitializeCriticalSection
GetUserDefaultLangID
GetModuleFileNameW
ExitProcess
LoadLibraryA
RaiseException
GetPriorityClass
LoadLibraryExA
CreateActCtxW
SetThreadPriority
DelayLoadFailureHook
AssignProcessToJobObject
ActivateActCtx
SetInformationJobObject
RtlVirtualUnwind
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FlushInstructionCache
GetPrivateProfileStringW
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
GetDynamicTimeZoneInformation
SetPriorityClass
TerminateProcess
SearchPathW
GlobalAlloc
GetCurrentThreadId
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetLastError
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
CompareStringOrdinal
lstrcmpiW
GetWindowsDirectoryW
GetFileSize
OpenProcess
RegisterApplicationRestart
GetDateFormatW
GetStartupInfoW
DeleteFileW
SetTermsrvAppInstallMode
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
GetBinaryTypeW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
RtlLookupFunctionEntry
ResetEvent
QueryInformationJobObject
FindFirstFileW
DuplicateHandle
WaitForMultipleObjects
GetProcAddress
GetProductInfo
GetTimeZoneInformation
CreateFileW
HeapAlloc
LeaveCriticalSection
GlobalGetAtomNameW
SystemTimeToFileTime
GetComputerNameW
lstrlenA
GlobalFree
CompareStringW
SetProcessShutdownParameters
GlobalUnlock
lstrlenW
CreateProcessW
GetQueuedCompletionStatus
CompareFileTime
GetCurrentProcessId
CreateIoCompletionPort
GetCommandLineW
GetCurrentThread
GetTickCount64
QueryPerformanceFrequency
MapViewOfFile
GetModuleHandleA
ReadFile
RtlCaptureContext
CloseHandle
GlobalLock
GetModuleHandleW
GetLongPathNameW
GetCurrentDirectoryW
UnmapViewOfFile
OpenEventW
VirtualFree
Sleep
VirtualAlloc
SysAllocStringLen
VariantClear
SysAllocString
SysFreeString
SysAllocStringByteLen
VariantInit
CallNtPowerInformation
GetPwrCapabilities
PowerDeterminePlatformRole
PropVariantToUInt64
PropVariantToString
VariantToStringWithDefault
PropVariantToStringAlloc
PropVariantToInt64
PropVariantToUInt32
VariantToBooleanWithDefault
PropVariantToBoolean
VariantToStringAlloc
PSCreateMemoryPropertyStore
VariantToInt32WithDefault
RpcBindingFree
NdrClientCall3
RpcBindingSetAuthInfoExW
I_RpcExceptionFilter
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW
DragQueryFileW
SHCreateDataObject
SHCreateItemFromParsingName
SHUpdateRecycleBinIcon
SHChangeNotifyRegisterThread
SHGetLocalizedName
Ord(814)
Ord(731)
Ord(22)
Ord(54)
Ord(132)
ShellExecuteExW
SHCreateShellItemArrayFromShellItem
SHBindToFolderIDListParent
Ord(64)
Ord(895)
SHGetFileInfoW
Ord(155)
Ord(100)
Ord(902)
Ord(4)
Ord(176)
Ord(25)
Ord(95)
SHEvaluateSystemCommandTemplate
Ord(892)
Ord(154)
SHFileOperationW
Ord(245)
Ord(89)
Ord(162)
SHCreateItemFromIDList
Ord(190)
Ord(165)
Ord(840)
SHGetStockIconInfo
Ord(747)
Ord(885)
SHEnableServiceObject
Ord(893)
SHGetKnownFolderPath
Ord(102)
Ord(244)
Ord(711)
Ord(6)
Ord(680)
Shell_NotifyIconGetRect
SHGetFolderPathW
SHCreateShellItemArrayFromIDLists
Ord(818)
Ord(727)
Ord(67)
Ord(787)
Ord(16)
SHParseDisplayName
SHGetIDListFromObject
SHGetFolderPathEx
Ord(74)
SHBindToParent
SHChangeNotify
Ord(152)
Ord(18)
SHGetFolderLocation
Ord(850)
SHGetPathFromIDListW
Shell_GetCachedImageIndexW
Ord(88)
Ord(17)
Shell_NotifyIconW
Ord(188)
SHGetPathFromIDListA
Ord(265)
SHGetPropertyStoreForWindow
Ord(886)
Ord(193)
Ord(254)
SHCreateItemWithParent
SHBindToObject
Ord(660)
SHGetSpecialFolderPathW
Ord(19)
Ord(181)
SHAddToRecentDocs
SHGetNameFromIDList
ShellExecuteW
Ord(21)
Ord(899)
Ord(894)
Ord(60)
Ord(790)
Ord(91)
Ord(134)
Ord(733)
Ord(241)
Ord(85)
Ord(849)
Ord(68)
Ord(645)
Ord(28)
Ord(201)
Ord(896)
Ord(753)
Ord(61)
SHCreateShellItem
SHBindToFolderIDListParentEx
Ord(137)
Ord(2)
Ord(723)
SHGetKnownFolderIDList
Ord(23)
Ord(644)
ExtractIconExW
SHGetSpecialFolderLocation
Ord(200)
Ord(156)
Ord(217)
SHRegGetUSValueW
PathIsRootW
Ord(510)
PathIsDirectoryW
SHRegGetValueW
SHRegGetBoolUSValueW
Ord(484)
Ord(168)
Ord(184)
Ord(630)
Ord(237)
SHDeleteValueW
Ord(476)
StrToIntW
Ord(176)
PathFindFileNameW
Ord(164)
SHCreateThreadRef
Ord(487)
Ord(631)
PathQuoteSpacesW
Ord(460)
PathRemoveBlanksW
Ord(199)
SHSetValueW
Ord(388)
Ord(154)
Ord(548)
Ord(219)
Ord(178)
StrRetToBufW
Ord(437)
PathParseIconLocationW
PathFindExtensionW
PathRemoveArgsW
SHDeleteKeyW
SHGetValueW
Ord(292)
Ord(24)
SHCreateStreamOnFileW
Ord(165)
StrCmpIW
Ord(467)
Ord(204)
PathIsFileSpecW
Ord(478)
PathRemoveFileSpecW
PathAppendW
Ord(163)
Ord(559)
StrCmpW
StrCmpNW
Ord(635)
Ord(571)
Ord(197)
Ord(16)
Ord(212)
PathGetArgsW
Ord(509)
Ord(270)
Ord(479)
PathIsPrefixW
Ord(502)
Ord(629)
Ord(278)
Ord(618)
PathGetDriveNumberW
Ord(213)
PathStripToRootW
PathCombineW
Ord(439)
Ord(9)
PathStripPathW
Ord(413)
PathCommonPrefixW
StrStrIW
Ord(175)
AssocQueryStringW
Ord(503)
PathIsNetworkPathW
Ord(10)
SHSetThreadRef
AssocCreate
Ord(172)
Ord(8)
StrCmpNIW
Ord(560)
AssocQueryKeyW
SHOpenRegStream2W
SHStrDupA
Ord(225)
SHStrDupW
Ord(174)
Ord(433)
Ord(279)
StrChrW
StrTrimW
PathFileExistsW
StrChrIW
Ord(215)
PathRemoveExtensionW
Ord(157)
SHQueryInfoKeyW
ChrCmpIW
Ord(256)
Ord(240)
Ord(177)
Ord(12)
Ord(193)
Ord(158)
Ord(236)
Ord(632)
StrRetToStrW
GetUserNameExW
RedrawWindow
GetForegroundWindow
SetWindowRgn
UnregisterHotKey
SetMenuDefaultItem
SetWindowLongPtrW
SetRectEmpty
DestroyMenu
PostQuitMessage
GetMessagePos
LockSetForegroundWindow
SetWindowPos
GetNextDlgTabItem
IsWindow
EndPaint
WindowFromPoint
CascadeWindows
RegisterShellHookWindow
GetShellWindow
SetMenuItemInfoW
SetActiveWindow
DispatchMessageW
GetCursorPos
ChildWindowFromPointEx
GetDlgCtrlID
HungWindowFromGhostWindow
LockWorkStation
SendMessageW
GhostWindowFromHungWindow
UnregisterClassW
GetClassInfoW
AllowSetForegroundWindow
DrawTextW
SetScrollPos
GetThreadDesktop
CallNextHookEx
MsgWaitForMultipleObjectsEx
LoadImageW
GetActiveWindow
RegisterHotKey
GetWindowTextW
RegisterClipboardFormatW
MsgWaitForMultipleObjects
SetWindowCompositionAttribute
DeregisterShellHookWindow
PtInRect
DrawEdge
GetUserObjectInformationW
GetClassInfoExW
UpdateWindow
GetPropW
IsProcessDPIAware
SetClassLongW
EnumWindows
UpdateLayeredWindowIndirect
GetMessageW
ShowWindow
FlashWindowEx
GetNextDlgGroupItem
SetPropW
EnumDisplayMonitors
PeekMessageW
InsertMenuItemW
SetWindowPlacement
CharUpperW
ShowWindowAsync
ShutdownBlockReasonCreate
LoadIconW
ChildWindowFromPoint
TranslateMessage
SetThreadDesktop
GetWindow
GetMenuDefaultItem
ActivateKeyboardLayout
RegisterClassW
InternalGetWindowText
GetIconInfo
LoadAcceleratorsW
GetMenuStringW
IsZoomed
GetWindowPlacement
SendNotifyMessageW
DestroyWindow
CalculatePopupWindowPosition
IsHungAppWindow
EnableMenuItem
TrackPopupMenuEx
DrawFocusRect
SetTimer
LoadStringW
GetKeyboardLayout
SwitchToThisWindow
MonitorFromPoint
CopyRect
DeferWindowPos
CreateWindowExW
GetWindowRgnBox
GetUpdateRect
GetWindowInfo
GetMenuItemInfoW
IsChild
SetFocus
RegisterWindowMessageW
GetMonitorInfoW
OpenInputDesktop
BeginPaint
OffsetRect
DefWindowProcW
CopyIcon
KillTimer
TrackMouseEvent
CharPrevW
WaitMessage
ChangeWindowMessageFilterEx
MapWindowPoints
GetParent
GetSystemMetrics
IsIconic
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
GetMessageExtraInfo
SendDlgItemMessageW
GetProcessWindowStation
InvalidateRect
EndDialog
IsWindowEnabled
EqualRect
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetClassLongW
GetLastActivePopup
DrawIconEx
SetWindowTextW
GetDlgItem
RemovePropW
SystemParametersInfoW
BringWindowToTop
FindWindowW
ClientToScreen
PostMessageW
SetGestureConfig
GetLayeredWindowAttributes
TrackPopupMenu
GetMenuItemCount
GetClassLongPtrW
IsDlgButtonChecked
CheckDlgButton
GetMenuState
SetWindowsHookExW
LoadCursorW
GetSystemMenu
GetDC
InsertMenuW
FillRect
SetForegroundWindow
NotifyWinEvent
ExitWindowsEx
WindowFromDC
GetAsyncKeyState
GetCaretBlinkTime
IsWinEventHookInstalled
ReleaseDC
IntersectRect
SetLayeredWindowAttributes
GetScrollInfo
GetDlgItemInt
ModifyMenuW
GetCapture
SetWinEventHook
EndTask
ScreenToClient
MessageBeep
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
GetSysColorBrush
BeginDeferWindowPos
GetLastInputInfo
RegisterClassExW
UnhookWindowsHookEx
MoveWindow
DialogBoxParamW
AppendMenuW
GetWindowDC
AdjustWindowRectEx
GetFocus
GetSysColor
SendMessageCallbackW
SetScrollInfo
GetKeyState
EndDeferWindowPos
UpdateLayeredWindow
GetDoubleClickTime
DestroyIcon
GetWindowLongW
IsWindowVisible
GetWindowLongPtrW
TileWindows
GetDesktopWindow
SubtractRect
SetCursorPos
GetGUIThreadInfo
UnionRect
MonitorFromWindow
FrameRect
SetRect
DeleteMenu
MonitorFromRect
CharNextW
CallWindowProcW
GetClassNameW
AdjustWindowRect
GetClientRect
CloseDesktop
IsRectEmpty
SendMessageTimeoutW
EnableWindow
SetCursor
GetAncestor
SetDlgItemInt
TranslateAcceleratorW
IsAppThemed
DrawThemeTextEx
DrawThemeIcon
GetThemeMetric
IsThemePartDefined
GetThemeMargins
BeginBufferedPaint
GetThemeBackgroundRegion
GetThemeBackgroundContentRect
GetThemeTextExtent
DrawThemeParentBackground
DrawThemeBackground
BufferedPaintInit
GetThemePartSize
SetWindowTheme
DrawThemeText
IsThemeActive
Ord(86)
GetWindowTheme
GetThemeBool
EndBufferedPaint
CloseThemeData
BufferedPaintUnInit
GetThemeRect
IsCompositionActive
GetThemeColor
GetThemeBackgroundExtent
BufferedPaintClear
OpenThemeData
GetBufferedPaintBits
DwmSetWindowAttribute
DwmQueryThumbnailSourceSize
Ord(113)
Ord(127)
Ord(124)
DwmUnregisterThumbnail
DwmEnableBlurBehindWindow
DwmIsCompositionEnabled
DwmUpdateThumbnailProperties
Ord(114)
Ord(105)
GdipSetInterpolationMode
GdiplusShutdown
GdipCreateFromHDC
GdipSetCompositingMode
GdipFree
GdipGetImageHeight
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipGetImageWidth
GdipDrawImageRectI
GdipDeleteGraphics
cosf
malloc
__wgetmainargs
realloc
memset
wcschr
__dllonexit
_fmode
_vsnwprintf
_amsg_exit
?terminate@@YAXXZ
__C_specific_handler
_lock
sqrt
_onexit
exit
_XcptFilter
memcmp
iswalpha
__setusermatherr
sin
_wcmdln
_cexit
_wcsicmp
_unlock
_commode
free
ceil
_exit
memmove
memcpy
bsearch
wcsstr
_initterm
__set_app_type
_wtoi
EtwEventEnabled
WinSqmSetString
WinSqmEventEnabled
WinSqmSetDWORD
RtlGetProductInfo
NtSetSystemInformation
NtSetInformationProcess
NtOpenProcessToken
NtOpenThreadToken
NtClose
WinSqmAddToStream
NtQueryInformationToken
NtQueryInformationProcess
WinSqmAddToStreamEx
EtwEventWrite
WinSqmIsOptedIn
OleUninitialize
CoUninitialize
CoMarshalInterThreadInterfaceInStream
StringFromGUID2
CreateStreamOnHGlobal
ReleaseStgMedium
RegisterDragDrop
CoGetInterfaceAndReleaseStream
RevokeDragDrop
CoRegisterMessageFilter
CLSIDFromString
CoRegisterClassObject
CoInitialize
OleInitialize
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoTaskMemAlloc
CoRevokeClassObject
CoFreeUnusedLibraries
CreateBindCtx
CoGetMalloc
PropVariantClear
CoTaskMemFree
SLGetWindowsInformationDWORD
Number of PE resources by type
RT_ICON 193
RT_GROUP_ICON 23
RT_BITMAP 16
RT_MANIFEST 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 235
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.1

LinkerVersion
9.0

ImageVersion
6.1

FileSubtype
0

FileVersionNumber
6.1.7601.17567

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
2119168

EntryPoint
0x2b754

OriginalFileName
EXPLORER.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17567 (win7sp1_gdr.110224-1502)

TimeStamp
2011:02:25 05:24:04+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
explorer

ProductVersion
6.1.7601.17567

FileDescription
Windows Explorer

OSVersion
6.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
AMD AMD64

CompanyName
Microsoft Corporation

CodeSize
752640

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17567

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 332feab1435662fc6c672e25beb37be3
SHA1 5a49d7390ee87519b9d69d3e4aa66ca066cc8255
SHA256 6bed1a3a956a859ef4420feb2466c040800eaf01ef53214ef9dab53aeff1cff0
ssdeep
49152:S/Co9niu04mHTaSk1EeC72ZbhvYYYYYYYYYYYRYYYYYYYYYYE3iA7/eFUJN9ojoI:uC0iscClvYYYYYYYYYYYRYYYYYYYYYY9

authentihash 7c21b488df6ca3d872ec59e1d4beb781b42bf4ca226f525fd92283b1d7d1b467
imphash 2b00763a0982b2619edf5b6200495224
File size 2.7 MB ( 2871808 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Tags
peexe assembly signed via-tor 64bits trusted

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with explorer.exe as its name.
VirusTotal metadata
First submission 2011-04-27 14:24:57 UTC ( 6 years, 6 months ago )
Last submission 2017-10-23 13:15:13 UTC ( 11 hours, 24 minutes ago )
File names alt5f8e.tmp
89773ccb4c92a74b9ea9cbbaed7f7e31.tmp
9b10e55.tmpscan
explorer_backup_wti.exe
wime69f.tmp
explorer_.exe.Back.3.01502059354215
altc47d.tmp
EXPLORER.EXE.MUI
12130f34831c0b459383a7a89d25e5e3.tmp
a04000e773a7d544a9ac52a4acbe8d34.tmp
8f6ba4f66156e54ea4992e24b11d710d.tmp
explorer.backup.exe
e6a6c27c90f85249988b26cefef21f70.tmp
explorer.exe
explorer.exe
a9ed02779015534dba266c7f84c3fb39.tmp
00fd508e9b6b2642960e78888721ada4.tmp
alt3a58.tmp
00e6fbb13a716c4f8ff2e8175cad6ead.tmp
explorer.exe
972b8b62e5b9f1429b84e4f148adfa38.tmp
274d2787d739ff4e98f94668ff9f4524.tmp
Explorer.EXE
64763eb84b492a4aac29697681f90d85.tmp
4f77a599f6bed84bb9f8f498cefd75db.tmp
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!