ieframe.dll

Internet Explorer

Microsoft Corporation

IEFrame contains the user interface and window for Internet Explorer. It is installed within the context of Internet Explore as a URL search hook with the name ‘Microsoft Url Search Hook’. The file has been seen being downloaded from 172.16.7.125.
Publisher:
Microsoft Corporation

Product:
Internet Explorer

Description:
Internet Browser

 
Part of the Windows Operating System

Version:
11.00.9600.16428 (winblue_gdr.131013-1700)

MD5:
688227d38a6ff6403b293d0c50b454b9

SHA-1:
2610223017fa2951a067970814bec8041051ec4b

SHA-256:
b0947c0707007fe5bdd0b6bf2fcb3afb99712519ed82a7475204db37e69cf08a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
12/11/2016 11:15:54 AM UTC  (today)

File size:
11.2 MB (11,725,312 bytes)

Product version:
11.00.9600.16428

Copyright:
© Microsoft Corporation. Alle Rechte vorbehalten.

Original file name:
IEFRAME.DLL.MUI

File type:
Dynamic link library (Win32 DLL)

Language:
German (Germany)

Common path:
C:\Windows\System32\ieframe.dll

Registration
CLSIDs:
{05BDC38E-5493-487a-A7FF-8CF2246ABC13}, {06EEE834-461C-42c2-8DCF-1502B527B1F9}, {07C45BB1-4A8C-4642-A1F5-237E7215FF66}, {098870b6-39ea-480b-b8b5-dd0167c4db59}, {10BCEB99-FAAC-4080-B2FA-D07CD671EEF2}, {11016101-E366-4D22-BC06-4ADA335C892B}

ProgIDs:
htmlfile, xmlfile, ShellNameSpace.ShellNameSpace.1, Shell.UIHelper.1, Shell.Explorer.2, Shell.Explorer.1, IEPH.HistoryHandler, InternetShortcut

COM registered:
Yes

File PE Metadata
Compilation timestamp:
5/30/2014 9:39:05 AM

OS version:
6.3

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
196608:n+uac91C9ODO7cxYwHE4NXomuc5CahwTbLnmID8:7ac91lBYwHEOoK5CSwTfmI

Entry address:
0x10B5

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 0F, 84, 55, EF, 14, 00, 5D, 90, 90, 90, 90, 90, 6A, 2C, 68, 90, 11, 00, 10, E8, 2A, FF, FF, FF, C7, 45, E4, 01, 00, 00, 00, 33, F6, 89, 75, FC, 8B, 45, 0C, 83, F8, 01, 0F, 86, 92, 0F, 15, 00, 83, 7D, 0C, 00, 0F, 84, 2C, D3, 15, 00, 8B, 45, 0C, 83, F8, 01, 74, 05, 83, F8, 02, 75, 34, A1, 04, FF, 55, 10, 85, C0, 0F, 85, D7, 79, 1C, 00, 83, 7D, E4, 00, 74, 5A, C7, 45, FC, 02, 00, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 31, FF, FF, FF, 89, 45, E4, 89, 75, FC, 83, 7D...
 
[+]

Code size:
5.3 MB (5,605,376 bytes)

Internet Explorer ActiveX Object
CLSID:
{7057e952-bd1b-11d1-8919-00c04fc2c836}

CLSID name:
Microsoft DocHost User Interface Handler


Internet Explorer URL Search Hook
CLSID:
{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

CLSID name:
Microsoft Url Search Hook


Internet Explorer Web Browser
Name:
{F2CF5485-4E02-4F68-819C-B92DE9277049}


Shell Execute Hook
Name:
{FBF23B40-E3F0-101B-8488-00AA003E56F8}


Shell Open Command
Open type:
InternetShortcut

Command:
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",openurl %l


The file ieframe.dll has been seen being distributed by the following URL.

ftp://172.16.7.125/ieframe.dll