» explorer.exe
Overview
Analysis
File Details
Behaviors (1)

explorer.exe

Win

The executable explorer.exe has been detected as malware by 11 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Explorer’. Although this file uses the name explorer.exe, this is NOT the File Explorer program distributed with the Windows OS that is found in C:\Windows.

File name:

explorer.exe

Publisher:

Microsoft* (Invalid match)

Product:

Win

Version:

1.00

MD5:

b781673b51b01995399f243b0c06eb4f

SHA-1:

311c7a81f71e5c52e0c7aa4adc43ea4a656a0888

SHA-256:

ff123ec93d3d38eafeb2db09b58aeaab0aaa6c99bed1b496c0859a606e83bcba

Scanner detections:

11 / 68

Status:

Malware

Analysis date:

4/26/2024 11:04:58 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:VB-OJQ [Wrm]

160214-1

Dr.Web

Trojan.Siggen6.54687

9.0.1.05190

Emsisoft Anti-Malware

Trojan.Generic.6753864

10.0.0.5366

ESET NOD32

Win32/VB.OSK trojan

7.0.302.0

F-Prot

W32/VB.AD.gen

4.6.5.141

F-Secure

Trojan.Generic.6753864

5.15.21

Kaspersky

Trojan.Win32.Swisyn

15.0.0.562

McAfee

Virus.W32/Swisyn.ag

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.6208.0

Norman

Trojan.Generic.6753864

08.02.2016 04:24:12

Sophos

Virus 'W32/Mofksys-B'

5.23

File size:

206.8 KB (211,774 bytes)

Product version:

1.00

Original file name:

Win.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\windows\system\explorer.exe

File PE Metadata

Compilation timestamp:

6/14/2011 4:01:16 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:zvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6und:zvEN2U+T6i5LirrllHy4HUcMQY6I

Entry address:

0x3670

Entry point:

68, D4, 3E, 40, 00, E8, F0, FF, FF, FF, 00, 00, 40, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 91, 83, A8, 05, 80, 67, 13, 47, B1, 52, 93, 58, 73, 8B, 90, 04, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 40, 00, F4, A8, F6, 00, 57, 69, 6E, 00, 00, 00, 00, 00, 00, A5, F6, 00, 19, 00, 00, 00, 00, 00, 00, 00, 88, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 07, 00, 00, 00, 85, 4E, F1, 7E, B1, 9C, 9A, 4B, 98, C2, C9, F7, 1A, 70, A9, 38, 01, 00, 00, 00, 98, 00, 00, 00, A8, 00, 00, 00, 01, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

172 KB (176,128 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Explorer

Command:

C:\windows\system\explorer.exe ru

Remove explorer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.