home

Windows Explorer.exe

Windows Explorer

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Windows Explorer’.
Product:
Windows Explorer

Version:
1.0.0.0

MD5:
e7a8a67c7f282c283e44ce57f39226ad

SHA-1:
cea931bface9c1c3891f3cbab7663a47470fa539

SHA-256:
3fcbccf6a61bdf3a9418bf1dd72778fb9fc6d63c0c51f95ac782101c8a5372d5

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/18/2024 7:10:39 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Win32.Trojan.WisdomEyes.16070401.9500
4.0.3.17123

ESET NOD32
MSIL/Flooder.Agent.CG (variant)
11.14807

Qihoo 360 Security
HEUR/QVM03.0.0000.Malware.Gen
1.0.0.1120

File size:
37 KB (37,888 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2017

Original file name:
Windows Explorer.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\windows explorer.exe

File PE Metadata
Compilation timestamp:
1/21/2017 7:38:45 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
80.0

.NET CLR dependent:
Yes

Entry address:
0xA9BA

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 38, 00, 00, 80, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
34.5 KB (35,328 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Windows Explorer

Command:
C:\windows\windows explorer.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to premium.webfundament.com  (149.56.18.183:80)

TCP (HTTP SSL):
Connects to server-54-230-130-188.ams50.r.cloudfront.net  (54.230.130.188:443)

TCP (HTTP):
Connects to ec2-52-17-249-178.eu-west-1.compute.amazonaws.com  (52.17.249.178:80)

TCP (HTTP):
Connects to 40.1e.2fa9.ip4.static.sl-reverse.com  (169.47.30.64:80)

TCP (HTTP):
Connects to ec2-54-207-34-156.sa-east-1.compute.amazonaws.com  (54.207.34.156:80)

TCP (HTTP):
Connects to 80.83.2ea9.ip4.static.sl-reverse.com  (169.46.131.128:80)

TCP (HTTP):
Connects to a23-44-187-108.deploy.static.akamaitechnologies.com  (23.44.187.108:80)

TCP (HTTP):
Connects to ec2-54-94-223-84.sa-east-1.compute.amazonaws.com  (54.94.223.84:80)

TCP (HTTP):
Connects to a104-105-138-218.deploy.static.akamaitechnologies.com  (104.105.138.218:80)

TCP (HTTP):
Connects to static.193.227.201.138.clients.your-server.de  (138.201.227.193:80)

TCP (HTTP):
Connects to ec2-54-207-99-192.sa-east-1.compute.amazonaws.com  (54.207.99.192:80)

TCP (HTTP):
Connects to d-sjc2.turn.com  (69.194.244.13:80)

TCP (HTTP SSL):
Connects to server-54-192-83-152.mia50.r.cloudfront.net  (54.192.83.152:443)

TCP (HTTP SSL):
Connects to server-54-192-192-173.iad53.r.cloudfront.net  (54.192.192.173:443)

TCP (HTTP SSL):
Connects to edge-atlas-shv-01-gru2.facebook.com  (31.13.85.1:443)

TCP (HTTP):
Connects to ec2-75-101-141-47.compute-1.amazonaws.com  (75.101.141.47:80)

TCP (HTTP):
Connects to ec2-54-236-184-244.compute-1.amazonaws.com  (54.236.184.244:80)

TCP (HTTP):
Connects to ec2-54-209-163-242.compute-1.amazonaws.com  (54.209.163.242:80)

TCP (HTTP):
Connects to ec2-54-144-64-111.compute-1.amazonaws.com  (54.144.64.111:80)

TCP (HTTP):
Connects to ec2-52-7-20-224.compute-1.amazonaws.com  (52.7.20.224:80)

Scan Windows Explorer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.