home

explorer.exe

Project1

The executable explorer.exe has been detected as malware by 1 anti-virus scanner. Although this file uses the name explorer.exe, this is NOT the File Explorer program distributed with the Windows OS that is found in C:\Windows. While running, it connects to the Internet address 213.202.229.103.static.rdns-uclo.net on port 80 using the HTTP protocol.
Product:
Project1

Version:
1.00

MD5:
b6d3b925cf5cea5cf70ea7d6726fb5bd

SHA-1:
dce03624cab270f2bd84a4d2062670986d4014b1

SHA-256:
8cb1f87a606de78c668e4d792c267f36df7197de631138ce3e3e74bcb54fda1e

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/27/2024 3:41:24 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Proxy.WEX (M)
17.2.25.7

File size:
220.5 KB (225,776 bytes)

Product version:
1.00

Original file name:
TJprojMain.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\resources\themes\explorer.exe

File PE Metadata
Compilation timestamp:
4/1/2013 2:08:22 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x290C

Entry point:
FE, C4, C6, C4, E0, 68, 36, 12, 34, 00, 8A, D1, 89, F0, 86, FB, FE, C7, FF, C5, F6, C0, 36, F6, C6, C7, 81, C2, 80, 10, 00, 00, F3, 87, C0, 08, E7, 68, 91, 69, 0D, 00, 8A, CE, 0F, AF, F9, 80, C4, 9B, 3A, D9, FE, CC, 4B, E8, 2D, 00, 00, 00, 85, DB, 77, 02, 84, C0, 81, E5, 1B, 33, 10, B1, 20, EF, 89, DB, 8D, 3D, 27, 94, FB, 28, 84, C0, 8B, FB, 87, DD, 85, D3, 8D, 33, 0F, BE, F9, C7, C5, 98, F5, FC, 0E, 40, 8B, CE, F3, 85, CA, 78, 0B, 8D, 15, 3A, 42, 99, A1, 85, FF, F6, C2, 47, 88, D7, 4A, 8D, 0D, 16, 3A, C9...
 
[+]

Entropy:
7.0439

Code size:
104 KB (106,496 bytes)

Startup File (All Users Run Once)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
Explorer

Command:
C:\windows\resources\themes\explorer.exe ro


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static-139-235-132-188.sadecehosting.net  (188.132.235.139:80)

TCP (HTTP):
Connects to fm.interiowo.pl  (217.74.66.160:80)

TCP (HTTP):
Connects to 213.202.229.103.static.rdns-uclo.net  (213.202.229.103:80)

Remove explorer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.