home

IEXPLORE.EXE

Windows Internet Explorer

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable IEXPLORE.EXE, “Internet Explorer” has been detected as malware by 2 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘ptrjfkqokyuy’.
Publisher:
Microsoft Corporation*  (Invalid match)

Product:
Windows® Internet Explorer

Description:
Internet Explorer

Version:
10.00.9200.17568 (win8_gdr.151106-1757)

MD5:
5e171c696d22ca6a3b724e0732ebd702

SHA-1:
06d103443cf09c83ef862ff645c7d24b54727e5f

SHA-256:
d3d70638e351a3ea6227ff1b111552cc655b33364381fa84749c43b4ac85a5c6

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
4/1/2025 8:24:06 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Agent.YRB trojan
6.3.12010.0

F-Secure
Variant.Graftor.350450
5.16.24

File size:
388 KB (397,312 bytes)

Product version:
10.00.9200.17568

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
IEXPLORE.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\luisalberto\ptrjfkqokyuy\iexplore.exe

File PE Metadata
Compilation timestamp:
3/14/2017 8:15:45 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x2416C

Entry point:
E8, 6D, 05, 00, 00, E9, 69, FE, FF, FF, 3B, 0D, 64, 1A, 46, 00, F2, 75, 02, F2, C3, F2, E9, FC, 06, 00, 00, FF, 25, A4, 73, 42, 00, 55, 8B, EC, 83, 61, 04, 00, 83, 61, 08, 00, 8B, 45, 08, 89, 41, 04, 8B, C1, C7, 01, A4, 7B, 42, 00, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 98, 48, FF, FF, C7, 06, A4, 7B, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, 83, 61, 04, 00, 8B, C1, 83, 61, 08, 00, C7, 41, 04, AC, 7B, 42, 00, C7, 01, A4, 7B, 42, 00, C3, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 65, 48, FF, FF, C7...
 
[+]

Entropy:
6.7787

Code size:
148.5 KB (152,064 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ptrjfkqokyuy

Command:
"C:\users\luisalberto\ptrjfkqokyuy\iexplore.exe" mlzoqeutiybxxn


Remove IEXPLORE.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.