home

explorer.exe

The executable explorer.exe has been detected as malware by 36 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘08f4dc96bbb7af09d1a37fe35c75a42f’. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information. Although this file uses the name explorer.exe, this is NOT the File Explorer program distributed with the Windows OS that is found in C:\Windows.
MD5:
c7e1af1c61e60ab03509fd12850eeee4

SHA-1:
b6d30da78377f4e7ad9304385cdaadf65a711d4d

SHA-256:
391ef7d1290546397d1bd2be5fc38edafbaf5500c9763850cab4f39b11ca98b6

Scanner detections:
36 / 68

Status:
Malware

Analysis date:
4/28/2024 9:49:19 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.MSIL.Bladabindi.2
-40

AegisLab AV Signature
Troj.W32.Gen.lu1m
2.1.4+

AhnLab V3 Security
Win-Trojan/Bladabindi.Gen
2016.06.07

Avira AntiVirus
TR/Spy.Gen8
8.3.3.4

Arcabit
Trojan.MSIL.Bladabindi.2
1.0.0.696

avast!
MSIL:Agent-ANE [Trj]
2014.9-170315

AVG
MSIL
2018.0.2438

Baidu Antivirus
MSIL.Backdoor.Bladabindi
4.0.3.17315

Bitdefender
Gen:Variant.MSIL.Bladabindi.2
1.0.20.370

Clam AntiVirus
Win.Trojan.Jaktinier-1
0.98/21511

Comodo Security
TrojWare.MSIL.Bladabindi.O
25178

Dr.Web
Trojan.DownLoader15.61290
9.0.1.074

Emsisoft Anti-Malware
Gen:Variant.MSIL.Bladabindi
8.17.03.15.11

ESET NOD32
MSIL/Bladabindi.AH (variant)
11.13602

Fortinet FortiGate
MSIL/Agent.PPB!tr
3/15/2017

F-Prot
W32/MSIL_Troj.AP.gen
v6.4.7.1.166

F-Secure
Gen:Variant.MSIL.Bladabindi.2
11.2017-15-03_4

G Data
Gen:Variant.MSIL.Bladabindi
17.3.25

IKARUS anti.virus
Trojan.Agent
t3scan.2.0.9.0

K7 AntiVirus
Trojan
13.227.19827

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-1315

Malwarebytes
Backdoor.Bot.MSIL
v2017.03.15.11

McAfee
BackDoor-NJRat!C7E1AF1C61E6
5600.6094

Microsoft Security Essentials
Backdoor:MSIL/Bladabindi.AA
1.1.12805.0

MicroWorld eScan
Gen:Variant.MSIL.Bladabindi.2
18.0.0.222

NANO AntiVirus
Trojan.Win32.Bladabindi.dztryq
1.0.30.8482

Panda Antivirus
Trj/GdSda.A
17.03.15.11

Qihoo 360 Security
Win32/Trojan.Spy.155
1.0.0.1120

Quick Heal
Backdoor.Bladabindi.AA3
3.17.14.00

Rising Antivirus
Backdoor.MSIL.Bladabindi!1.9DE6
23.00.65.17313

Sophos
Mal/MSIL-FE
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-MSIL
8533

Trend Micro House Call
BKDR_BLADABI.SMB
7.2.74

Trend Micro
BKDR_BLADABI.SMB
10.465.15

VIPRE Antivirus
Trojan.MSIL.Bladabindi.be
49918

Zillya! Antivirus
Trojan.Bladabindi.Win32.826
2.0.0.2907

File size:
43.5 KB (44,544 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\explorer.exe

File PE Metadata
Compilation timestamp:
6/2/2016 9:25:29 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0xC47E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
41.5 KB (42,496 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
08f4dc96bbb7af09d1a37fe35c75a42f

Command:
"C:\users\{user}\appdata\local\temp\explorer.exe"..


Remove explorer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.