home

explorateur.exe

Internet Explorer

Personal

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable explorateur.exe has been detected as malware by 8 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Microsoft Security Essentials’. According to AVG, this software downloads additional adware offers during setup.
Publisher:
Microsoft Corporation  (signed by Personal)

Product:
Internet Explorer

Version:
11.00.9600.16521 (winblue_gdr_escrow.140228-1503)

MD5:
47f1b9a1c727d3179c085c2399db2fd4

SHA-1:
504c7ebf54b361f23736c72ef5d9ee5939031722

SHA-256:
582845cdb3e5b6024c1c496b0e9c0a7a85d6dd639a674f6fbd755ca856d44842

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
5/7/2024 6:03:30 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.W32.Gen
2.1.4+

avast!
Malware-gen
141025-0

AVG
Trojan horse Downloader.MSIL.JLG
2014.0.4040

Dr.Web
Trojan.DownLoader11.24323
9.0.1.05190

ESET NOD32
MSIL/TrojanDownloader.Agent.GJ trojan
7.0.302.0

Kaspersky
Trojan-Dropper.Win32.Sysn
15.0.0.494

Trend Micro House Call
TROJ_FORUCON.BMC
7.2.298

Trend Micro
TROJ_FORUCON.BMC
10.465.25

File size:
373.3 KB (382,208 bytes)

Product version:
11.00.9600.16521

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
IEXPLORE.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\explorateur.exe

Digital Signature
Signed by:
Personal

Authority:
Gujarat Narmada Valley Fertilizers Company Ltd.

Valid from:
9/25/2013 12:51:18 AM

Valid to:
9/24/2015 2:30:00 PM

Subject:
CN=SANJAY SAGARMAL AGGARWAL, SERIALNUMBER=b49939cb561cd886dadaabd55641a408ec39d47a84bb3bf6cab0a5834350b4a8, S=Tamil Nadu, PostalCode=600010, OU=CID - 2754624, O=Personal, C=IN

Issuer:
CN=(n)Code Solutions CA 2011-1, OID.2.5.4.51="301, GNFC Infotower", STREET="Bodakdev, S G Road, Ahmedabad", S=Gujarat, PostalCode=380054, OU=Certifying Authority, O=Gujarat Narmada Valley Fertilizers Company Ltd., C=IN

Serial number:
4DBA1C33

File PE Metadata
Compilation timestamp:
9/22/2012 4:29:53 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:KB4VZjNdLgVG2G1Ec3X+pd1bEz2s7ETRhEgzJB:KBwZjNdkVQ1r3X+pd167QhEUB

Entry address:
0x444CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.2031

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
265.5 KB (271,872 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Microsoft Security Essentials

Command:
C:\users\{user}\appdata\roaming\explorateur\explorateur.exe


Remove explorateur.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.