» explorer.exe
Overview
Analysis
File Details

explorer.exe

The executable explorer.exe has been detected as malware by 30 anti-virus scanners. Although this file uses the name explorer.exe, this is NOT the File Explorer program distributed with the Windows OS that is found in C:\Windows.

File name:

explorer.exe

MD5:

5ba1c8c86eeb4c43028997d47b4e3ae4

SHA-1:

b7e65900705e7404194580797f5739d2b54992a9

SHA-256:

e5a3b42370ad72b6d4b2ae78e67fb41343a84509d261b16a4055ea7ccc4bd4bb

Scanner detections:

30 / 68

Status:

Malware

Analysis date:

4/26/2024 10:47:33 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Worm.AutoRun

7.1.1

AhnLab V3 Security

Win32/Autorun.worm.124928.B

2013.03.11

avast!

Win32:AutoRun-VC [Wrm]

2014.9-170316

AVG

Worm/AutoRun.X

2018.0.2438

Bitdefender

Gen:Variant.Strictor.22627

1.0.20.375

Clam AntiVirus

Win.Worm.Autorun-1146

0.98/18155

Comodo Security

Worm.Win32.AutoRun.HM

15518

Dr.Web

Trojan.Proxy.3000

9.0.1.075

Emsisoft Anti-Malware

Gen:Variant.Graftor.Elzob.14411

8.17.03.16.10

ESET NOD32

Win32/AutoRun.HM

11.8100

Fortinet FortiGate

W32/Autorun.HM!worm

3/16/2017

F-Secure

Gen:Variant.Strictor.22627

11.2017-16-03_5

G Data

Gen:Variant.Strictor.22627

17.3.22

IKARUS anti.virus

Worm.Win32.AutoRun

t3scan.2.0.0.0

K7 AntiVirus

EmailWorm

13.163.8328

Kaspersky

Worm.Win32.AutoRun

14.0.0.-1317

McAfee

W32/Autorun.worm.ae

5600.6094

Microsoft Security Essentials

Worm:Win32/Autorun.gen!BL

1.163.1557.0

MicroWorld eScan

Gen:Variant.Strictor.22627

18.0.0.225

NANO AntiVirus

Trojan.Win32.AutoRun.bvztu

0.22.8.50837

Norman

Malware

11.20170316

Panda Antivirus

W32/Autorun.VF.worm

17.03.16.10

Quick Heal

Worm.AutoRun.cys.n5

3.17.12.00

Sophos

W32/AutoRun-ASD

4.86

Total Defense

Win32/SillyAutorun.AE

37.0.10327

Trend Micro House Call

WORM_OTORUN.SMS

7.2.75

Trend Micro

WORM_OTORUN.SMS

10.465.16

Vba32 AntiVirus

Worm.Win32.AutoRun.cys

3.12.20.2

VIPRE Antivirus

Virus.Win32.Sality.at!dam

15960

ViRobot

Worm.Win32.A.AutoRun.178688.A

2011.4.7.4223

File size:

242.5 KB (248,320 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Documents and Settings\{user}\Application data\explorer.exe

File PE Metadata

Compilation timestamp:

11/4/2007 5:51:35 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

Entry address:

0x6BE5

Entry point:

E8, 9E, 81, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, 51, EE, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, B8, 3D, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 08, D1, 41, 00, 74, 12, 8B, 0D, 20, D0, 41, 00, 85, 48, 70, 75, 07, E8, 55, 14, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 28, CF, 41, 00, 74, 16, 8B, 46, 08, 8B, 0D, 20, D0, 41, 00... 
[+]

Entropy:

6.0677

Code size:

139.5 KB (142,848 bytes)

Remove explorer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.