» explorer_image.exe
Overview
Analysis
File Details
Downloads (1)

explorer_image.exe

The executable explorer_image.exe has been detected as malware by 16 anti-virus scanners. The file has been seen being downloaded from doiop.com.

File name:

explorer_image.exe

MD5:

569121215f1f5d9cfad71a9959b6ee44

SHA-1:

54fceb5c774ae062235c9a0eb8a891be14ec1124

SHA-256:

37327fc13ea9f8145c59967f3ae930a21f1ff10f345b11d34d2ab70124256d7e

Scanner detections:

16 / 68

Status:

Malware

Analysis date:

5/14/2024 4:10:13 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Dropper.MSIL.170701

8.3.1.6

avast!

Win32:Malware-gen

2014.9-160328

AVG

Luhe.Fiha.B

2017.0.2790

Baidu Antivirus

Backdoor.Win32.Androm

4.0.3.16328

Dr.Web

Trojan.Inject1.61504

9.0.1.088

ESET NOD32

MSIL/Injector.KVM (variant)

10.11991

Fortinet FortiGate

MSIL/Injector.KVM!tr

3/28/2016

K7 AntiVirus

Riskware

13.207.16673

Kaspersky

Backdoor.Win32.Androm

14.0.0.445

McAfee

Artemis!569121215F1F

5600.6446

Microsoft Security Essentials

Worm:Win32/Kasidet

1.1.11903.0

NANO AntiVirus

Trojan.Win32.Androm.duetqh

0.30.24.2668

Panda Antivirus

Trj/CI.A

16.03.28.09

Qihoo 360 Security

Win32/Trojan.Dropper.574

1.0.0.1015

Sophos

Mal/Generic-S

4.98

VIPRE Antivirus

Trojan.Win32.Generic

42288

File size:

160 KB (163,840 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\explorer_image.exe

File PE Metadata

Compilation timestamp:

7/18/2015 2:43:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:BBatUl0Y+rc9QMDpwrS/cSC9WxAPBP12WF2Wk98S7U6Yis6tmYys8eEpYjymCNs0:BItm0OxDpPPxAPBKLqubn1t8ezlIMYb

Entry address:

0x2669E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.3727

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

148 KB (151,552 bytes)

The file explorer_image.exe has been seen being distributed by the following URL.

http://doiop.com/image00689-9884.jpg

Remove explorer_image.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.