home

iexplore.exe

Internet Explorer

Microsoft Corporation

This is the primary executable and GUI (graphical user interface) for the Internet Explorer web browser. It runs as a scheduled task under the Windows Task Scheduler. This is installed with multiple programs including Windows Internet Explorer 8. The file has been seen being downloaded from sa5epq.by3301.livefilestore.com.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Internet Explorer

 
Part of the Windows Operating System

Version:
11.00.9600.16428 (winblue_gdr.131013-1700)

MD5:
c8a8321292a459b0a17fb39a782a5c74

SHA-1:
ef08e68af5b52c468a905a016ddbfb7c5b0a62e6

SHA-256:
a214e3b654bcb6e6142e101b0e89081d44a3a634afa94dc0a620467335b7beb2

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/16/2024 3:53:48 PM UTC  (today)

File size:
787.2 KB (806,096 bytes)

Product version:
11.00.9600.16428

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
IEXPLORE.EXE.MUI

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\internet explorer\iexplore.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
1/24/2013 5:33:39 PM

Valid to:
4/24/2014 6:33:39 PM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
33000000B011AF0A8BD03B9FDD0001000000B0

File PE Metadata
Compilation timestamp:
10/13/2013 11:34:36 PM

OS version:
6.3

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:sw0z6T6GLbMMHMMMvMMZMMMKzb6XmMMMiMMMz8JMMHMMM6MMZMMMeXNMMzMMMUMu:sMMMHMMMvMMZMMMlmMMMiMMMYJMMHMMH

Entry address:
0x1E65

Entry point:
E8, 0A, 00, 00, 00, E9, 59, FA, FF, FF, 90, 90, 90, 90, 90, 8B, FF, 55, 8B, EC, 83, EC, 14, 83, 65, F4, 00, 83, 65, F8, 00, A1, B8, 51, 40, 00, 56, 57, BF, 4E, E6, 40, BB, BE, 00, 00, FF, FF, 3B, C7, 0F, 84, 6E, 08, 00, 00, 85, C6, 0F, 84, 66, 08, 00, 00, F7, D0, A3, 84, 50, 40, 00, 5F, 5E, 8B, E5, 5D, C3, C7, 45, E0, 01, 00, 00, 00, 8D, 80, 02, 00, 40, 00, E9, 11, F7, FF, FF, 8B, CF, E8, F8, 26, 00, 00, E9, 63, F7, FF, FF, 90, 90, 90, 90, 90, 8B, C0, 51, 52, 50, 68, 10, 46, 40, 00, E8, 41, F6, FF, FF, 5A...
 
[+]

Entropy:
6.5051

Code size:
14.5 KB (14,848 bytes)

5 Scheduled Tasks
Task name:
0

Trigger:
Registration (Runs on registration)

Task name:
Task_ShellExecuteAs

Trigger:
Registration (Runs on registration)

Task name:
Apply Account Tickets

Path:
\GFB\Apply Account Tickets

Trigger:
Weekly (Runs weekly on Tuesdays at 4:10 PM)

Task name:
Push Marking FX Rates

Path:
\GFB\Push Marking FX Rates

Trigger:
Weekly (Runs weekly on Tuesdays at 4:04 PM)

Task name:
Push Marking Prices

Path:
\GFB\Push Marking Prices

Trigger:
Weekly (Runs weekly on Tuesdays at 4:05 PM)


10 Shell Open Commands
Open type:
xmlfile

Command:
"C:\Program Files\internet explorer\iexplore.exe" -nohome

Open type:
giffile

Command:
"C:\Program Files\internet explorer\iexplore.exe" %1

Open type:
htmlfile

Command:
"C:\Program Files\internet explorer\iexplore.exe" %1

Open type:
mhtmlfile

Command:
"C:\Program Files\internet explorer\iexplore.exe" %1

Open type:
ftp

Command:
"C:\Program Files\internet explorer\iexplore.exe" %1

Open type:
http

Command:
"C:\Program Files\internet explorer\iexplore.exe" %1


User Start Menu Item
Name:
iexplore.exe


Windows Firewall Allowed Program
Name:
C:\Program Files (x86)\Internet Explorer\iexplore.exe


The file iexplore.exe has been discovered within the following programs.

SpeedMon  by SpeedMon
Identified as a version of the CMI/ConvertAd family of malware ad-injectors, this adware which is typically bundled with third-party applications in unwanted software bundles will hijack the user's browser (Internet Explorer, Chrome and Firefox) and display unwanted ads.
83% remove it
Windows Internet Explorer 8  by Microsoft Corporation
Windows IE8 (Internet Explorer 8) is a web browser from Microsoft. IE8 contains many new features, including WebSlices and Accelerators (Accelerators are a form of selection-based search which allow a user to invoke an online service from any other page using only the mouse).
www.microsoft.com/ie
5% remove it
 
Powered by Should I Remove It?

The file iexplore.exe has been seen being distributed by the following URL.

https://sa5epq.by3301.livefilestore.com/.../iexplore.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.