explorer.exe

RecA

The executable explorer.exe has been detected as malware by 1 anti-virus scanner. Although this file uses the name explorer.exe, this is NOT the File Explorer program distributed with the Windows OS that is found in C:\Windows.
Publisher:
RecA  (signed and verified)

MD5:
b603a46309ce86313c0289046687536f

SHA-1:
35adce0aa1300ab54eb177da1b58b13436163954

SHA-256:
e7138efee259048fb6d38ae64e721ebec8581940e87b2934116e68e44af12a08

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/26/2024 6:02:02 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.10.25.12

File size:
721.4 KB (738,752 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\explorer.exe

Digital Signature
Signed by:

Authority:
RecA

Valid from:
7/2/2016 11:12:39 PM

Valid to:
7/3/2026 11:12:39 PM

Subject:
E=owner@reca.net, CN=www.reca.net, OU=Support Dept, O=RecA, L=Cologne, S=Sortil, C=DE

Issuer:
E=owner@reca.net, CN=www.reca.net, OU=Support Dept, O=RecA, L=Cologne, S=Sortil, C=DE

Serial number:
008FE7E51E617A60CF

File PE Metadata
Compilation timestamp:
7/4/2016 9:46:25 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:YhhzwcW+QMOSo7268cMBi7aaDKKX7pyOl4NAdoNCUqsKV/NQR4pNY5A:4wx/+o7tMva2Or6PNjYQRn5A

Entry address:
0xB1E3E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8866

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
704 KB (720,896 bytes)

Remove explorer.exe - Powered by Reason Core Security