» shadowexplorer-0.9-setup.exe
Overview
Analysis
File Details
Downloads (1)

shadowexplorer-0.9-setup.exe

ShadowExplorer

ShadowExplorer.com

The executable shadowexplorer-0.9-setup.exe, “ShadowExplorer Setup ” has been detected as malware by 39 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Infected by the Parite virus, a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives. The file has been seen being downloaded from www.shadowexplorer.com.

File name:

Publisher:

ShadowExplorer.com

Product:

ShadowExplorer

Description:

ShadowExplorer Setup

Version:

0.9.462.0

MD5:

f980fede6af08a0b5cf24f20f3dd2143

SHA-1:

c19b5a37e2bf4b80605c7d61fd31ef57d6071813

SHA-256:

daa3fbcda48dbafb65cfa76b59cc75816c4679b4f0c236dd1e2edadde6d39137

Scanner detections:

39 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/15/2024 3:10:33 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Parite.B

5736213

Agnitum Outpost

Win32.Parite.B

7.1.1

AhnLab V3 Security

Win32/Parite

2015.10.19

Avira AntiVirus

W32/Parite

8.3.2.2

Arcabit

Win32.Parite.B

1.0.0.582

avast!

Parite

150913-1

AVG

Win32/Parite

2015.0.4435

Baidu Antivirus

Virus.Win32.Parite.$b

4.0.3.151019

Bitdefender

Win32.Parite.B

1.0.20.1460

Bkav FE

W32.HfsAutoB

1.3.0.7237

Clam AntiVirus

Heuristics.W32.Parite.B

0.98/20995

Comodo Security

Virus.Win32.Parite.gen

23440

Dr.Web

Win32.Parite.2

9.0.1.05190

Emsisoft Anti-Malware

Win32.Parite

10.0.0.5366

ESET NOD32

Win32/Parite.B virus

7.0.302.0

Fortinet FortiGate

W32/Parite.B

10/19/2015

F-Prot

W32/Parite.B

4.6.5.141

F-Secure

Win32.Parite.B

5.14.151

G Data

Win32.Parite

15.10.25

IKARUS anti.virus

Virus.Parite

t3scan.1.9.5.0

K7 AntiVirus

Virus

13.211.17571

Kaspersky

Virus.Win32.Parite

15.0.0.543

McAfee

Virus.W32/Pate.b

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.207.3491.0

MicroWorld eScan

Win32.Parite.B

16.0.0.876

NANO AntiVirus

Virus.Win32.Parite.bgvo

0.30.26.3947

Norman

Win32.Parite.B

10.10.2015 03:41:45

nProtect

Virus/W32.Parite.C

15.10.16.01

Panda Antivirus

W32/Parite.B

15.10.19.12

Quick Heal

W32.Perite.A

10.15.14.00

Rising Antivirus

PE:Virus.Parite!1.9B80[F1]

23.00.65.151017

Sophos

Virus 'W32/Parite-B'

5.15

Total Defense

Win32/Pinfi.A

37.1.62.1

Trend Micro House Call

PE_PARITE.A

7.2.292

Trend Micro

PE_PARITE.A

10.465.19

Vba32 AntiVirus

Virus.Win32.Parite.b

3.12.26.4

VIPRE Antivirus

Threat.46249

43798

ViRobot

Win32.Parite.A[h]

2014.3.20.0

Zillya! Antivirus

Virus.Parite.Win32.9

2.0.0.2454

File size:

1.1 MB (1,147,862 bytes)

Product version:

0.9.462.0

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\shadowexplorer-0.9-setup.exe

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:S2Ur0y0WKVwBe22OAp+MP3Zu8+08NlE137GJzkwQI:S2vr+BleRnTm23QzkBI

Entry address:

0x55000

Entry point:

BB, F9, 42, 30, 00, 68, 1C, 50, 45, 00, 5A, 68, 98, 05, 00, 00, 5F, 90, 90, 31, 1C, 3A, 83, EF, 03, 4F, 90, 90, 75, F5, 90, 90, 11, 3F, 31, 00, F9, 42, 30, 00, F9, 42, 70, 00, A1, D8, 30, 00, 8C, 8E, 3E, 00, 2F, 91, 3E, 00, F9, F2, 32, 00, 06, BD, CF, FF, 4D, 92, 70, 00, 9D, 90, 70, 00, 85, 90, 70, 00, F9, 42, 30, 00, F9, 42, 30, 00, F9, 42, 30, 00, 4D, D8, 30, 00, 9B, 90, 30, 00, 83, 90, 30, 00, F9, 42, 30, 00, F9, 42, 30, 00, F9, 42, 30, 00, F9, 42, 30, 00, E5, 93, 70, 00, F9, 42, 30, 00, F9, 42, 30, 00... 
[+]

Code size:

36.5 KB (37,376 bytes)

The file shadowexplorer-0.9-setup.exe has been seen being distributed by the following URL.

http://www.shadowexplorer.com/.../ShadowExplorer-0.9-setup.exe

Remove shadowexplorer-0.9-setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.