× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad
File name: explorer.exe
Detection ratio: 0 / 54
Analysis date: 2015-06-24 08:10:50 UTC ( 2 years, 4 months ago ) View latest
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
ALYac 20150623
AVG 20150623
AVware 20150623
Ad-Aware 20150623
AegisLab 20150623
Yandex 20150623
AhnLab-V3 20150623
Alibaba 20150623
Antiy-AVL 20150623
Arcabit 20150623
Avast 20150623
Avira (no cloud) 20150623
Baidu-International 20150623
BitDefender 20150623
Bkav 20150623
ByteHero 20150624
CAT-QuickHeal 20150623
ClamAV 20150623
Comodo 20150623
Cyren 20150623
DrWeb 20150623
ESET-NOD32 20150623
Emsisoft 20150623
F-Prot 20150624
F-Secure 20150623
Fortinet 20150624
GData 20150623
Ikarus 20150623
Jiangmin 20150620
K7AntiVirus 20150623
K7GW 20150623
Kaspersky 20150623
Kingsoft 20150624
Malwarebytes 20150623
McAfee 20150623
McAfee-GW-Edition 20150623
eScan 20150623
Microsoft 20150623
NANO-Antivirus 20150622
Panda 20150622
Qihoo-360 20150624
Rising 20150618
SUPERAntiSpyware 20150623
Symantec 20150624
Tencent 20150624
TheHacker 20150622
TrendMicro 20150623
TrendMicro-HouseCall 20150623
VBA32 20150622
VIPRE 20150623
ViRobot 20150623
Zillya 20150624
Zoner 20150624
nProtect 20150623
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name EXPLORER.EXE
Internal name explorer
File version 6.1.7601.17567 (win7sp1_gdr.110224-1502)
Description Windows Explorer
Signature verification Signed file, verified signature
Signing date 8:16 PM 2/28/2011
Signers
[+] Microsoft Windows
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Windows Verification PCA
Valid from 10:57 PM 12/7/2009
Valid to 10:57 PM 3/7/2011
Valid usage Code Signing, NT5 Crypto
Algorithm sha1RSA
Thumbprint 02ECEEA9D5E0A9F3E39B6F4EC3F7131ED4E352C4
Serial number 61 15 23 0F 00 00 00 00 00 0A
[+] Microsoft Windows Verification PCA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Root Certificate Authority
Valid from 10:55 PM 9/15/2005
Valid to 11:05 PM 3/15/2016
Valid usage Code Signing, NT5 Crypto
Algorithm sha1RSA
Thumbprint 5DF0D7571B0780783960C68B78571FFD7EDAF021
Serial number 61 07 02 DC 00 00 00 00 00 0B
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 8:12 PM 7/25/2008
Valid to 8:22 PM 7/25/2011
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 56E832A33DDC8CF2C916DA7CBB1175CBACABAE2C
Serial number 61 03 DC F6 00 00 00 00 00 0C
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 1:53 PM 4/3/2007
Valid to 2:03 PM 4/3/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-02-25 03:53:11
Entry Point 0x00030F02
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
EventWrite
ConvertSidToStringSidW
RegCreateKeyW
OpenServiceW
GetTraceEnableFlags
OpenThreadToken
CryptHashData
RegisterTraceGuidsW
RegQueryValueExW
CryptCreateHash
CloseServiceHandle
GetSidSubAuthority
ConvertStringSidToSidW
CreateWellKnownSid
OpenProcessToken
LsaClose
QueryServiceStatus
RegGetValueW
RegOpenKeyExW
EventUnregister
LsaOpenPolicy
EnableTraceEx
RegOpenKeyW
GetTokenInformation
CryptReleaseContext
StartTraceW
IsValidSid
UnregisterTraceGuids
RegQueryInfoKeyW
StopTraceW
RegEnumValueW
GetTraceEnableLevel
CryptAcquireContextW
GetSidSubAuthorityCount
RegEnumKeyExW
GetLengthSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
TraceMessage
CryptDestroyHash
StartServiceW
LsaLookupSids
RegDeleteValueW
EventRegister
RegSetValueExW
CryptGetHashParam
OpenSCManagerW
LsaFreeMemory
CheckTokenMembership
RegDeleteKeyExW
GetTraceLoggerHandle
EventEnabled
Ord(110)
Ord(111)
SetDIBits
GetTextMetricsW
CreateFontIndirectW
PatBlt
OffsetRgn
CreatePen
GetRgnBox
CreateRectRgnIndirect
LPtoDP
CombineRgn
GetClipBox
GetViewportOrgEx
GetLayout
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
SetBkMode
SetLayout
GetRegionData
IntersectClipRect
BitBlt
CreateDIBSection
GdiAlphaBlend
SetTextColor
OffsetWindowOrgEx
ExtTextOutW
GetObjectW
CreateBitmap
GetStockObject
SetViewportOrgEx
ExtCreateRegion
GdiFlush
SelectClipRgn
CreateCompatibleDC
StretchBlt
DeleteObject
GetBkColor
CreateRectRgn
GetClipRgn
GetTextColor
SetWindowOrgEx
Polyline
SelectObject
SetBkColor
GetTextExtentPointW
GetTextExtentPoint32W
CreateCompatibleBitmap
ReleaseMutex
DeactivateActCtx
WaitForSingleObject
CreateIoCompletionPort
HeapDestroy
CreateJobObjectW
GetFileAttributesW
QueryFullProcessImageNameW
GetLocalTime
GetProcessId
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
SetErrorMode
GetLocaleInfoW
WideCharToMultiByte
InterlockedExchange
FindResourceExW
GetSystemTimeAsFileTime
ReleaseActCtx
GetThreadPriority
SetEvent
LocalFree
ResumeThread
CreateEventW
LoadResource
FindClose
InterlockedDecrement
QueueUserWorkItem
SetLastError
GetUserDefaultUILanguage
GetSystemTime
OpenThread
InitializeCriticalSection
GetUserDefaultLangID
GetModuleFileNameW
HeapAlloc
SetTermsrvAppInstallMode
LoadLibraryA
RaiseException
HeapSetInformation
SetProcessDEPPolicy
GetPriorityClass
LoadLibraryExA
CreateActCtxW
SetThreadPriority
DelayLoadFailureHook
ActivateActCtx
SetInformationJobObject
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FlushInstructionCache
GetPrivateProfileStringW
CreateThread
GetSystemDirectoryW
GetSystemDefaultUILanguage
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
GetDynamicTimeZoneInformation
SetPriorityClass
TerminateProcess
SearchPathW
GlobalAlloc
GetCurrentThreadId
GetProcAddress
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GlobalGetAtomNameW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
CompareStringOrdinal
lstrcmpiW
LeaveCriticalSection
GetWindowsDirectoryW
GetFileSize
OpenProcess
RegisterApplicationRestart
GetDateFormatW
GetStartupInfoW
DeleteFileW
GlobalLock
GetProcessHeap
GetComputerNameW
AssignProcessToJobObject
GetBinaryTypeW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
QueryInformationJobObject
FindFirstFileW
DuplicateHandle
WaitForMultipleObjects
GetProductInfo
GetTimeZoneInformation
CreateFileW
ExitProcess
InterlockedIncrement
GetLastError
SystemTimeToFileTime
CreateFileMappingW
GlobalFree
GetTimeFormatW
SetProcessShutdownParameters
GlobalUnlock
lstrlenW
VirtualFree
GetQueuedCompletionStatus
GetCurrentDirectoryW
CompareStringW
LockResource
GetCommandLineW
InterlockedCompareExchange
GetCurrentThread
GetTickCount64
QueryPerformanceFrequency
MapViewOfFile
GetModuleHandleA
ReadFile
CloseHandle
GetModuleHandleW
GetLongPathNameW
CompareFileTime
UnmapViewOfFile
OpenEventW
CreateProcessW
Sleep
VirtualAlloc
GetCurrentProcessId
SysAllocStringLen
VariantClear
SysAllocString
SysFreeString
SysAllocStringByteLen
VariantInit
CallNtPowerInformation
GetPwrCapabilities
PowerDeterminePlatformRole
PropVariantToUInt64
PropVariantToString
VariantToStringWithDefault
PropVariantToStringAlloc
PropVariantToInt64
PropVariantToUInt32
VariantToBooleanWithDefault
PropVariantToBoolean
VariantToStringAlloc
PSCreateMemoryPropertyStore
VariantToInt32WithDefault
RpcBindingFree
NdrClientCall2
RpcBindingSetAuthInfoExW
I_RpcExceptionFilter
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW
DragQueryFileW
SHCreateDataObject
SHCreateItemFromParsingName
SHUpdateRecycleBinIcon
SHChangeNotifyRegisterThread
SHGetLocalizedName
Ord(814)
Ord(731)
Ord(22)
Ord(54)
SHChangeNotify
ShellExecuteExW
SHCreateShellItemArrayFromShellItem
SHBindToFolderIDListParent
SHGetKnownFolderIDList
Ord(895)
Ord(849)
Ord(155)
Ord(100)
Ord(902)
Ord(4)
Ord(176)
Ord(25)
SHBindToParent
SHEvaluateSystemCommandTemplate
Ord(892)
Ord(154)
SHFileOperationW
Ord(245)
Ord(89)
Ord(162)
Ord(190)
Ord(165)
Ord(840)
SHGetStockIconInfo
SHGetFileInfoW
Ord(885)
SHEnableServiceObject
Ord(893)
SHGetKnownFolderPath
Ord(102)
Ord(244)
Ord(711)
Ord(6)
Ord(680)
Shell_NotifyIconGetRect
SHGetFolderPathW
SHCreateShellItemArrayFromIDLists
Ord(818)
Ord(727)
Ord(67)
Ord(787)
Ord(16)
SHParseDisplayName
SHGetIDListFromObject
Ord(254)
SHGetFolderPathEx
Ord(74)
Ord(95)
Ord(132)
Ord(152)
Ord(18)
SHGetFolderLocation
Ord(850)
SHGetPathFromIDListW
Shell_GetCachedImageIndexW
Ord(88)
Ord(17)
Shell_NotifyIconW
Ord(188)
SHGetPathFromIDListA
Ord(265)
SHGetPropertyStoreForWindow
Ord(886)
SHCreateItemFromIDList
SHCreateItemWithParent
SHBindToObject
Ord(660)
SHGetSpecialFolderPathW
Ord(19)
Ord(181)
SHAddToRecentDocs
SHGetNameFromIDList
ShellExecuteW
Ord(21)
Ord(899)
Ord(894)
Ord(60)
Ord(790)
Ord(91)
Ord(134)
Ord(733)
Ord(241)
Ord(85)
Ord(68)
Ord(645)
Ord(28)
Ord(201)
Ord(896)
Ord(753)
Ord(61)
Ord(64)
SHCreateShellItem
SHBindToFolderIDListParentEx
Ord(137)
Ord(2)
Ord(747)
Ord(723)
Ord(193)
Ord(23)
Ord(644)
ExtractIconExW
SHGetSpecialFolderLocation
Ord(200)
Ord(156)
Ord(217)
SHRegGetUSValueW
PathIsRootW
Ord(510)
PathIsDirectoryW
SHRegGetValueW
SHRegGetBoolUSValueW
Ord(484)
Ord(168)
Ord(184)
Ord(630)
Ord(237)
SHDeleteValueW
Ord(476)
StrCmpIW
StrToIntW
Ord(176)
PathFindFileNameW
Ord(164)
SHCreateThreadRef
Ord(487)
Ord(631)
PathQuoteSpacesW
Ord(460)
PathRemoveBlanksW
Ord(199)
SHSetValueW
Ord(388)
Ord(154)
Ord(548)
Ord(219)
Ord(178)
StrRetToBufW
Ord(437)
PathParseIconLocationW
PathFindExtensionW
PathRemoveArgsW
Ord(204)
SHGetValueW
Ord(292)
Ord(24)
SHCreateStreamOnFileW
Ord(165)
Ord(571)
Ord(467)
SHDeleteKeyW
PathIsFileSpecW
Ord(478)
PathRemoveFileSpecW
PathAppendW
Ord(163)
Ord(256)
StrCmpW
StrCmpNW
Ord(635)
Ord(197)
Ord(16)
Ord(212)
PathGetArgsW
Ord(509)
Ord(270)
Ord(479)
PathIsPrefixW
Ord(629)
Ord(278)
Ord(618)
PathGetDriveNumberW
Ord(213)
PathStripToRootW
PathCombineW
Ord(439)
Ord(9)
AssocQueryKeyW
Ord(413)
PathCommonPrefixW
StrStrIW
Ord(175)
AssocQueryStringW
PathIsNetworkPathW
Ord(10)
SHSetThreadRef
AssocCreate
Ord(172)
Ord(8)
StrCmpNIW
Ord(560)
PathStripPathW
SHOpenRegStream2W
SHStrDupA
Ord(225)
SHStrDupW
Ord(174)
Ord(433)
Ord(279)
StrChrW
StrTrimW
PathFileExistsW
StrChrIW
Ord(215)
PathRemoveExtensionW
Ord(157)
SHQueryInfoKeyW
ChrCmpIW
Ord(559)
Ord(240)
Ord(177)
Ord(12)
Ord(193)
Ord(158)
Ord(236)
Ord(632)
StrRetToStrW
GetUserNameExW
RedrawWindow
GetForegroundWindow
SetWindowRgn
UnregisterHotKey
DrawTextW
SetRectEmpty
DestroyMenu
PostQuitMessage
GetMessagePos
LockSetForegroundWindow
SetWindowPos
GetNextDlgTabItem
IsWindow
EndPaint
ScreenToClient
WindowFromPoint
AppendMenuW
RegisterShellHookWindow
SetMenuItemInfoW
SetActiveWindow
DispatchMessageW
GetCursorPos
ReleaseDC
GetDlgCtrlID
HungWindowFromGhostWindow
LockWorkStation
SendMessageW
GhostWindowFromHungWindow
UnregisterClassW
GetClassInfoW
GetMenuItemInfoW
AllowSetForegroundWindow
SetMenuDefaultItem
LoadImageW
SetScrollPos
GetThreadDesktop
CallNextHookEx
GetSysColor
GetClientRect
GetActiveWindow
RegisterHotKey
GetWindowTextW
RegisterClipboardFormatW
LoadAcceleratorsW
SetWindowCompositionAttribute
DeregisterShellHookWindow
DestroyWindow
DrawEdge
GetUserObjectInformationW
GetClassInfoExW
UpdateWindow
GetPropW
IsProcessDPIAware
SetClassLongW
EnumWindows
UpdateLayeredWindowIndirect
GetMessageW
ShowWindow
FlashWindowEx
GetNextDlgGroupItem
SetPropW
GetDesktopWindow
PeekMessageW
InsertMenuItemW
SetWindowPlacement
CharUpperW
ShowWindowAsync
GetSystemMenu
ChildWindowFromPoint
TranslateMessage
SetThreadDesktop
GetWindow
GetMenuDefaultItem
ActivateKeyboardLayout
RegisterClassW
InternalGetWindowText
GetIconInfo
MsgWaitForMultipleObjects
GetMenuStringW
IsZoomed
GetWindowPlacement
SendNotifyMessageW
LoadStringW
CalculatePopupWindowPosition
DrawFocusRect
IsHungAppWindow
EnableMenuItem
TrackPopupMenuEx
TileWindows
SetTimer
GetKeyboardLayout
FillRect
MonitorFromPoint
CopyRect
DeferWindowPos
EqualRect
CreateWindowExW
GetWindowLongW
GetUpdateRect
GetWindowInfo
PtInRect
IsChild
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
OpenInputDesktop
IsIconic
BeginPaint
OffsetRect
DefWindowProcW
CopyIcon
GetGUIThreadInfo
KillTimer
TrackMouseEvent
CharPrevW
ChangeWindowMessageFilterEx
GetParent
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
GetMessageExtraInfo
SendDlgItemMessageW
GetProcessWindowStation
MonitorFromRect
EndDialog
IsWindowEnabled
WaitMessage
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetClassLongW
GetLastActivePopup
DrawIconEx
SetWindowTextW
GetDlgItem
RemovePropW
BringWindowToTop
ClientToScreen
PostMessageW
SetGestureConfig
GetLayeredWindowAttributes
TrackPopupMenu
GetMenuItemCount
IsDlgButtonChecked
CheckDlgButton
GetMenuState
SetWindowsHookExW
LoadCursorW
LoadIconW
RemoveMenu
GetDC
InsertMenuW
SwitchToThisWindow
SetForegroundWindow
NotifyWinEvent
ExitWindowsEx
WindowFromDC
GetAsyncKeyState
GetCaretBlinkTime
IsWinEventHookInstalled
ChildWindowFromPointEx
IntersectRect
SetLayeredWindowAttributes
GetScrollInfo
GetDlgItemInt
FindWindowW
GetCapture
SetWinEventHook
EndTask
GetShellWindow
MessageBeep
LoadMenuW
SetFocus
GetWindowThreadProcessId
GetSysColorBrush
BeginDeferWindowPos
GetLastInputInfo
RegisterClassExW
UnhookWindowsHookEx
MoveWindow
DialogBoxParamW
CascadeWindows
GetWindowDC
AdjustWindowRectEx
GetFocus
MsgWaitForMultipleObjectsEx
SendMessageCallbackW
SetScrollInfo
GetKeyState
EndDeferWindowPos
UpdateLayeredWindow
GetDoubleClickTime
DestroyIcon
EnumDisplayMonitors
GetWindowRgnBox
IsWindowVisible
ShutdownBlockReasonCreate
SubtractRect
SetCursorPos
SystemParametersInfoW
UnionRect
MonitorFromWindow
FrameRect
SetRect
DeleteMenu
InvalidateRect
CharNextW
CallWindowProcW
GetClassNameW
AdjustWindowRect
ModifyMenuW
CloseDesktop
IsRectEmpty
SendMessageTimeoutW
EnableWindow
TranslateAcceleratorW
GetAncestor
SetDlgItemInt
SetCursor
IsAppThemed
DrawThemeTextEx
DrawThemeIcon
GetThemeMetric
IsThemePartDefined
BufferedPaintInit
GetThemeMargins
IsThemeActive
GetThemeBackgroundRegion
GetThemeBackgroundContentRect
GetThemeTextExtent
DrawThemeText
DrawThemeBackground
DrawThemeParentBackground
GetThemePartSize
SetWindowTheme
Ord(86)
GetWindowTheme
GetThemeBool
EndBufferedPaint
CloseThemeData
BufferedPaintUnInit
BufferedPaintClear
GetThemeRect
IsCompositionActive
GetThemeColor
GetThemeBackgroundExtent
BeginBufferedPaint
OpenThemeData
GetBufferedPaintBits
Ord(105)
DwmQueryThumbnailSourceSize
Ord(113)
Ord(127)
Ord(124)
DwmUnregisterThumbnail
DwmEnableBlurBehindWindow
DwmIsCompositionEnabled
DwmUpdateThumbnailProperties
Ord(114)
DwmSetWindowAttribute
GdipSetInterpolationMode
GdiplusShutdown
GdipCreateFromHDC
GdipSetCompositingMode
GdipFree
GdipGetImageWidth
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipGetImageHeight
GdipDrawImageRectI
GdipDeleteGraphics
__p__fmode
malloc
__wgetmainargs
realloc
memset
_wcsnicmp
__dllonexit
_ftol2
_vsnwprintf
_amsg_exit
?terminate@@YAXXZ
_lock
_onexit
_ftol2_sse
exit
_XcptFilter
iswalpha
__setusermatherr
_wcmdln
_cexit
_wcsicmp
_unlock
_exit
__p__commode
_CIsin
_CIsqrt
ceil
_except_handler4_common
wcsncmp
free
_CIcos
memcpy
memmove
wcschr
bsearch
wcsstr
_initterm
_controlfp
__set_app_type
_wtoi
EtwEventEnabled
WinSqmSetString
WinSqmEventEnabled
WinSqmSetDWORD
RtlGetProductInfo
NtSetSystemInformation
NtSetInformationProcess
NtOpenProcessToken
NtOpenThreadToken
NtQueryInformationToken
NtClose
WinSqmAddToStream
EtwEventWrite
WinSqmAddToStreamEx
NtQueryInformationProcess
WinSqmIsOptedIn
OleUninitialize
CoUninitialize
CoMarshalInterThreadInterfaceInStream
StringFromGUID2
CreateStreamOnHGlobal
ReleaseStgMedium
RegisterDragDrop
CoGetInterfaceAndReleaseStream
RevokeDragDrop
CoRegisterMessageFilter
CLSIDFromString
CoRegisterClassObject
CoInitialize
OleInitialize
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoTaskMemAlloc
CoRevokeClassObject
CoFreeUnusedLibraries
CreateBindCtx
CoGetMalloc
PropVariantClear
CoTaskMemFree
SLGetWindowsInformationDWORD
Number of PE resources by type
RT_ICON 193
RT_GROUP_ICON 23
RT_BITMAP 16
RT_MANIFEST 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 235
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.1

LinkerVersion
9.0

ImageVersion
6.1

FileSubtype
0

FileVersionNumber
6.1.7601.17567

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
1897472

EntryPoint
0x30f02

OriginalFileName
EXPLORER.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17567 (win7sp1_gdr.110224-1502)

TimeStamp
2011:02:25 04:53:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
explorer

ProductVersion
6.1.7601.17567

FileDescription
Windows Explorer

OSVersion
6.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
718336

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17567

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 8b88ebbb05a0e56b7dcc708498c02b3e
SHA1 cea0890d4b99bae3f635a16dae71f69d137027b9
SHA256 9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad
ssdeep
49152:IzgnSGNltHozKeCwQvYYYYYYYYYYYRYYYYYYYYYYE3iA7/eFUJN9ojoso2xnoq2:OqltHozK1vYYYYYYYYYYYRYYYYYYYYYL

authentihash 56b5bcbdf4670f77c21b2412d8e71f3393f63ee233880373747a8f531ea108de
imphash 81027c5d956184ef9651e7eb932c69ab
File size 2.5 MB ( 2616320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe signed trusted via-tor

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with explorer.exe as its name.
VirusTotal metadata
First submission 2011-04-27 13:48:07 UTC ( 6 years, 6 months ago )
Last submission 2017-10-23 00:44:54 UTC ( 1 day, 1 hour ago )
File names _explorer.exe
778d1c1b6ce6ec4e861cfb1610df30ec.tmp
59902258d15a584690fa4819b40ed33f.tmp
explorer(231).exe
6d6f896deec80c4d8650db8b655453b6.tmp
c2b4c13d5b2b784bb1455b2056beb79a.tmp
EXPLORER.EXE.MUI
581416908febab418eebec9f524a78be.tmp
e20239717344415853467b0168e6dca5cdbb8ee1.exe
50f4865fe0571d42b358574e453645c9.tmp
43c9ab9c0565cd48ae72943706698e39.tmp
explorer1.exe
6dbcfc7464381f48a3ba0f07d20d58e8.tmp
f50720b69cba0c4ba2bd03fbfc5cd3e4.tmp
explorer.exe.vi
1ac0fbc5a4cfda4abdc2277ccd12eab9.tmp
9e1ec8b43a88e687_explorer.exe
8549cf7b5b5705df85e41a0be0d15995._gstmp
c312a156bd4b514a8b2f4e752bf433ad.tmp
Explorer.EXE
e1f3.tmpscan
8aa0eb8186af9b40ac2b5650c124c40f.tmp
315ff1115d508a4094172ae5f8310bef.tmp
pexplorer.exe
59b16f76f8d4aa41a06be9b278e080b0.tmp
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
keylogger
webcam-capture

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!