home

m2bob.exe

Windows Explorer

Ymir Entertainment Co., Ltd

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable m2bob.exe has been detected as malware by 4 anti-virus scanners.
Publisher:
Microsoft Corporation  (signed by Ymir Entertainment Co., Ltd)

Product:
Microsoft® Windows® Operating System

Description:
Windows Explorer

Version:
6.3.9600.16384

MD5:
8567d9a5251d3be48ec0e8dfcefc7d9c

SHA-1:
6fd8c9ddf3ebe4c682d67896dcc49fd3d4258cbc

SHA-256:
d0ac3f5b24df6e39441e9927d1b90048ab07619986da375b38c07edf70af2b40

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
4/25/2024 5:28:03 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
2014.9-141008

F-Prot
W32/Veil-MSBP-based
v6.4.7.1.166

McAfee
Artemis!8567D9A5251D
5600.6984

Qihoo 360 Security
HEUR/Malware.QVM18.Gen
1.0.0.1015

File size:
2.5 MB (2,631,168 bytes)

Product version:
6.3.9600.16384

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
EXPLORER.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\m2bob - version 3.6.2\m2bob.exe

Digital Signature
Signed by:
Ymir Entertainment Co., Ltd

Authority:
Thawte, Inc.

Valid from:
6/6/2012 3:00:00 AM

Valid to:
8/6/2014 2:59:59 AM

Subject:
CN="Ymir Entertainment Co., Ltd", O="Ymir Entertainment Co., Ltd", L=GyangNam-Gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
40DB0889DC1AE4DCB8A753D60220CAB8

File PE Metadata
Compilation timestamp:
6/25/2014 9:52:21 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
49152:ValiZ9lfDJy1usSPIgt3ZSZ7HKUwqXjnJYf0nto2TmS/O3bL:jfDsu5Pd4Z7/wq+f0nL9O

Entry address:
0x1108FA

Entry point:
E8, 61, 00, 00, 00, E9, 79, FE, FF, FF, 68, 60, BB, 44, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, CC, 6E, 46, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, CC, CC, CC, 83, C4, 04, E9, EC, 3F, 6C, 00, 41, C8, 75, A5, E7, 7F, 9E, 25, 81, 76, 3A, 4A, E1, 51, DE, 00, C1, A6...
 
[+]

Code size:
3.6 MB (3,764,224 bytes)

Remove m2bob.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.