home

iexplore.exe

Windows Internet Explorer

Microsoft Corporation

This is the primary executable and GUI (graphical user interface) for the Internet Explorer web browser. This is a setup program which is used to install the application. It is included with Windows 7. The file has been seen being downloaded from email.t-online.de.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Windows® Internet Explorer

Description:
Internet Explorer

 
Part of the Windows 7 (for Internet Explorer 9) Operating System

Version:
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

MD5:
2d53c5f71653ef94e7829846405d4ed2

SHA-1:
6908f45714d56ca4d4040079992a01239a8d3946

SHA-256:
6dc5c704697cd1ad185b05290c68f89d25fdd6e8c3d2d0404bc80611c74aef83

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/16/2024 10:58:32 AM UTC  (today)

File size:
737.1 KB (754,824 bytes)

Product version:
9.00.8112.16421

Copyright:
© Microsoft Corporation. Todos os direitos reservados.

Original file name:
IEXPLORE.EXE.MUI

File type:
Executable application (Win64 EXE)

Language:
Portuguese (Portugal)

Common path:
C:\Program Files\internet explorer\iexplore.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
7/26/2012 9:50:41 PM

Valid to:
10/26/2013 9:50:41 PM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
3300000088590E3C511FE26A67000100000088

File PE Metadata
Compilation timestamp:
8/24/2012 11:18:23 AM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:pd9G6DMzHMMHMMMyMMMZMMMVcR9bzOXmMMMiMMMz8JMMHMMM6MMZMMMeXNMMzMMt:pnGLbMMHMMMvMMZMMMKzb6XmMMMiMMMO

Entry address:
0x2CE8

Entry point:
48, 83, EC, 28, E8, 13, 00, 00, 00, 48, 83, C4, 28, E9, 0E, EB, FF, FF, 00, 90, 90, 90, 90, 90, 90, 90, 90, 90, 48, 89, 5C, 24, 18, 57, 48, 83, EC, 20, 48, 8B, 05, FB, 7B, 00, 00, 48, 83, 64, 24, 30, 00, 48, BF, 32, A2, DF, 2D, 99, 2B, 00, 00, 48, 3B, C7, 74, 0C, 48, F7, D0, 48, 89, 05, 8C, 7C, 00, 00, EB, 76, 48, 8D, 4C, 24, 30, FF, 15, 3F, 34, 00, 00, 48, 8B, 5C, 24, 30, FF, 15, 3C, 34, 00, 00, 44, 8B, D8, 49, 33, DB, FF, 15, 38, 34, 00, 00, 44, 8B, D8, 49, 33, DB, FF, 15, 34, 34, 00, 00, 48, 8D, 4C, 24...
 
[+]

Code size:
18.5 KB (18,944 bytes)

Shell Open Command
Open type:
ftp

Command:
"C:\Program Files\internet explorer\iexplore.exe" -nohome


The file iexplore.exe has been seen being distributed by the following URL.

https://email.t-online.de/.../index.php?ctl=download_attachment&p[msgid]=28224&p[folder]=INBOX&p[attachid]=2&p[hash]=&p[imapmimeid]=2&p[method]=view

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.