» explorer_1.exe
Overview
Analysis
File Details
Network (1)

explorer_1.exe

The executable explorer_1.exe has been detected as malware by 5 anti-virus scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. While running, it connects to the Internet address ypool.net on port 10034.

File name:

explorer_1.exe

MD5:

70491264f0245e46f0ea68d1eb714e23

SHA-1:

05a5d761b2a96e9e61dc1f6c6ffb8e6cdc2bf56e

SHA-256:

e9b6205e39f97ac42eb4183e30f802c0e06b225ecfb63f1125cd1c6ab61e7542

Scanner detections:

5 / 68

Status:

Malware

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

4/26/2024 10:36:16 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win64.BitCoinMiner

2014.01.10

Baidu Antivirus

Trojan.Win64.BitCoinMiner

4.0.3.14110

ESET NOD32

Win64/BitCoinMiner (variant)

8.9273

McAfee

Artemis!70491264F024

5600.7255

Trend Micro House Call

TROJ_GEN.F47V0109

7.2.10

File size:

397 KB (406,528 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\windows\explorer_1.exe

File PE Metadata

Compilation timestamp:

1/10/2014 12:44:40 AM

OS version:

6.0

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

11.0

CTPH (ssdeep):

6144:2UWVbjBdx9FmjzzhfY3vHbLCRSTBQSQSo+Kw00Ob1sVRdJJcWYkocbb:iVbjBdvFmjzdfY/lQAo3w003fJc

Entry address:

0x17ED0

Entry point:

48, 83, EC, 28, E8, 03, 94, 00, 00, 48, 83, C4, 28, E9, 42, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 83, EC, 10, 4C, 89, 14, 24, 4C, 89, 5C, 24, 08, 4D, 33, DB, 4C, 8D, 54, 24, 18, 4C, 2B, D0, 4D, 0F, 42, D3, 65, 4C, 8B, 1C, 25, 10, 00, 00, 00, 4D, 3B, D3, 73, 16, 66, 41, 81, E2, 00, F0, 4D, 8D, 9B, 00, F0, FF, FF, 41, C6, 03, 00, 4D, 3B, D3, 75, F0, 4C, 8B, 14, 24, 4C, 8B, 5C, 24, 08, 48, 83, C4, 10, C3, CC, CC... 
[+]

Entropy:

6.0235

Code size:

196.5 KB (201,216 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP:

Connects to ypool.net (213.208.129.126:10034)

Remove explorer_1.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.