» explorer.exe
Overview
Analysis
File Details

explorer.exe

Baidu

The executable explorer.exe has been detected as malware by 29 anti-virus scanners. Although this file uses the name explorer.exe, this is NOT the File Explorer program distributed with the Windows OS that is found in C:\Windows.

File name:

explorer.exe

Product:

Baidu

Version:

1.00

MD5:

8217610cde51b998795d28d84882b9ee

SHA-1:

b7846fb6a4a82dfa65ff9658568d5705339b6186

SHA-256:

b18c1fff38084fae394a9f6c76d7cfc5286998fad94a9d0c929fd40311a86b8d

Scanner detections:

29 / 68

Status:

Malware

Analysis date:

4/20/2024 1:27:03 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1649197

1018

Agnitum Outpost

Packed/Pec1

7.1.1

Avira AntiVirus

TR/Rogue.715776

7.11.144.202

avast!

Win32:Malware-gen

2014.9-140423

AVG

BackDoor.PoisonIvy

2015.0.3496

Baidu Antivirus

Trojan.Win32.Fynloski

4.0.3.14423

Bitdefender

Trojan.GenericKD.1649197

1.0.20.565

Dr.Web

BackDoor.Comet.963

9.0.1.0113

Emsisoft Anti-Malware

Trojan.GenericKD.1649197

8.14.04.23.03

ESET NOD32

Win32/Fynloski.AA

8.9709

Fortinet FortiGate

W32/Bublik.CLBY!tr

4/23/2014

F-Secure

Trojan.GenericKD.1649197

11.2014-23-04_4

G Data

Trojan.GenericKD.1649197

14.4.24

IKARUS anti.virus

Trojan.Backdoor.PoisonIvy

t3scan.1.6.1.0

K7 AntiVirus

Riskware

13.176.11847

Kaspersky

Trojan.Win32.Bublik

14.0.0.3974

Malwarebytes

Spyware.Password

v2014.04.23.03

McAfee

Artemis!8217610CDE51

5600.7152

Microsoft Security Essentials

Backdoor:Win32/Fynloski.A

1.10502

MicroWorld eScan

Trojan.GenericKD.1649197

15.0.0.339

Norman

Suspicious_Gen4.GFSJS

11.20140423

nProtect

Trojan.GenericKD.1649197

14.04.22.01

Panda Antivirus

Suspicious file

14.04.23.03

Qihoo 360 Security

HEUR/Malware.QVM17.Gen

1.0.0.1015

Rising Antivirus

PE:Backdoor.Pontoeb!1.6637

23.00.65.14421

Sophos

Mal/Generic-S

4.98

Total Defense

Win32/Bublik.BAMIeKD

37.0.10893

Trend Micro House Call

TROJ_GEN.R047H07DK14

7.2.113

VIPRE Antivirus

Trojan.Win32.Generic

28526

File size:

699 KB (715,776 bytes)

Product version:

1.00

Original file name:

éÕÃÄÌõ§ÍÇ´.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

File PE Metadata

Compilation timestamp:

4/16/2014 3:11:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:A9gUnY8l0eLTTlLfkmMi7Ku8ongHyLMDVLC8ZY:A9jY8ltdkQWMngvRLDZY

Entry address:

0x18600

Entry point:

EB, 06, 68, 24, 15, 00, 00, C3, 9C, 60, E8, 02, 00, 00, 00, 33, C0, 8B, C4, 83, C0, 04, 93, 8B, E3, 8B, 5B, FC, 81, EB, 0F, 90, 40, 00, 87, DD, 8B, 85, A2, 90, 40, 00, 01, 85, 03, 90, 40, 00, 66, C7, 85, 00, 90, 40, 00, 90, 90, 01, 85, 9E, 90, 40, 00, BB, 2D, 12, 00, 00, 03, 9D, A6, 90, 40, 00, 03, 9D, A2, 90, 40, 00, 53, 8B, C3, 8B, FB, 2D, 70, 90, 40, 00, 89, 85, 71, 90, 40, 00, 8D, B5, 70, 90, 40, 00, B9, 70, 04, 00, 00, F3, A5, 8B, FB, C3, BD, 00, 00, 00, 00, 8B, F7, 83, C6, 40, 81, C7, BD, 11, 00, 00... 
[+]

Entropy:

7.2472

Packer / compiler:

PECompact v1.4x+

Code size:

80 KB (81,920 bytes)

Remove explorer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.