» df92e0263945bcc04b8eaaedc34925e0.pe
Overview
Analysis
File Details

df92e0263945bcc04b8eaaedc34925e0.pe

Windows Explorer

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The file df92e0263945bcc04b8eaaedc34925e0.pe has been detected as malware by 40 anti-virus scanners.

File name:

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Microsoft® Windows® Operating System

Description:

Windows Explorer

Version:

8.1.5353.17671 (win7sp1_rtm.101119-1850)

MD5:

df92e0263945bcc04b8eaaedc34925e0

SHA-1:

37ef0937c5c3f244e9c49ca2ce65d1539b84fcce

SHA-256:

0751fada610cfbe7a461179784cd548161cedf1a929d3ef91dda27ab8eda77a7

Scanner detections:

40 / 68

Status:

Malware

Analysis date:

4/25/2024 2:30:15 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Dropped:Generic.Malware.SFYd.3AEA267F

658

Agnitum Outpost

Trojan.Comrerop

7.1.1

AhnLab V3 Security

Win32/Tinfo

2015.04.18

Avira AntiVirus

TR/Downloader.Gen

3.6.1.96

avast!

Win32:Downloader-EMH [Trj]

2014.9-150418

AVG

Agent.7.T

2016.0.3136

Baidu Antivirus

Trojan.Win32.Agent2

4.0.3.15418

Bitdefender

Dropped:Generic.Malware.SFYd.3AEA267F

1.0.20.540

Bkav FE

HW32.Packed

1.3.0.6379

Comodo Security

TrojWare.Win32.Comrerop.A

21802

Dr.Web

Win32.HLLW.Autoruner1.26246

9.0.1.0108

Emsisoft Anti-Malware

Dropped:Generic.Malware.SFYd.3AEA267F

8.15.04.18.08

ESET NOD32

Win32/Comrerop

9.11492

Fortinet FortiGate

W32/Comrerop.AP!tr

4/18/2015

F-Prot

W32/Heuristic-KPP

v6.4.7.1.166

F-Secure

Dropped:Generic.Malware.SFYd.3AEA267F

11.2015-18-04_7

G Data

Dropped:Generic.Malware.SFYd.3AEA267F

15.4.25

herdProtect (fuzzy)

variant of iexplore.exe

2015.7.19.21

IKARUS anti.virus

Backdoor.Win32.Vercuser

t3scan.1.8.9.0

K7 AntiVirus

EmailWorm

13.202.15636

Kaspersky

Trojan.Win32.Agent2

14.0.0.2173

McAfee

Trojan-FEXI!DF92E0263945

5600.6792

Microsoft Security Essentials

Virus:Win32/Capsfin.A

1.1.11502.0

MicroWorld eScan

Dropped:Generic.Malware.SFYd.3AEA267F

16.0.0.324

NANO AntiVirus

Trojan.Win32.Autorunner.bemdrp

0.30.16.1110

Norman

Malware

11.20150418

nProtect

Trojan/W32.Agent.437760.CV

15.04.17.01

Panda Antivirus

Trj/Genetic.gen

15.04.18.08

Qihoo 360 Security

Win32/Trojan.588

1.0.0.1015

Quick Heal

W32.Swisyn.A

4.15.14.00

Reason Heuristics

Threat.Win.Reputation.IMP

15.4.18.4

Rising Antivirus

PE:Virus.Comrerop!1.6748

23.00.65.15416

Sophos

W32/Capsfin-A

4.98

Total Defense

Win32/Capsfin.A

37.0.11554

Trend Micro House Call

TROJ_SPNV.01GA14

7.2.108

Trend Micro

TROJ_SPNV.01GA14

10.465.18

Vba32 AntiVirus

Trojan.Genome.ag

3.12.26.3

VIPRE Antivirus

BehavesLike.Win32.Malware.bsf (vs)

39434

ViRobot

Win32.Capsfin.A[h]

2014.3.20.0

Zillya! Antivirus

Trojan.Agent2.Win32.31149

2.0.0.2142

File size:

427.5 KB (437,760 bytes)

Product version:

8.1.5353.17671

Original file name:

EXPLORER.EXE

Language:

English (United States)

Common path:

C:\users\{user}\downloads\df92e0263945bcc04b8eaaedc34925e0.pe

File PE Metadata

Compilation timestamp:

7/14/2012 5:35:16 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:4jDKwxpggbKJViqWyvCIe6s0sn7pP+d6yqGU3EHQTBWZqJ5jeCJCMS+z:WqgWJwZypeOK7pmtqGU6QTBSqJ59dP

Entry address:

0xD65F1

Entry point:

E8, 06, 2F, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 56, 6A, 01, 68, 74, 0C, 4E, 00, 8B, F1, E8, D9, 2F, 00, 00, C7, 06, 1C, E1, 4D, 00, 8B, C6, 5E, C3, C7, 01, 1C, E1, 4D, 00, E9, 3E, 30, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 1C, E1, 4D, 00, E8, 2B, 30, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, 8A, 00, 00, 00, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, AA, 2F, 00, 00, C7, 06, 1C, E1, 4D, 00, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 83, EC, 0C, EB, 0D, FF, 75... 
[+]

Entropy:

7.5255

Code size:

570.5 KB (584,192 bytes)

Remove df92e0263945bcc04b8eaaedc34925e0.pe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.