GridinSoft Threat Intelligence
explorer.exe threat report
GridinSoft Anti-Malware detection
Detected by GridinSoft before you download
The current ThreatInfo record shows this exact file hash detected as SuspCPUMiner. Download GridinSoft Anti-Malware to scan the device, confirm whether this file is present, and remove the detected object if it is found.
- Detection name
- SuspCPUMiner
- Recommended action
- Scan and remove
- Last analysis
- 2026-05-23 20:00:45 (4 days ago)
- File hash
- c8d996f525347b9a25c617e355afe4ae
Why it matters
Why GridinSoft flags this file
GridinSoft identifies the sample as SuspCPUMiner, part of the Susp threat category.
Suspicious files with signals that require additional review before trust. Related Susp reports help compare this file with nearby detections, publishers, and hashes.
First seen 2026-05-16 20:00:15 (2 weeks ago); latest analysis 2026-05-23 20:00:45 (4 days ago).
Company metadata: Microsoft Corporation. Product metadata: Wine.
ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.
Recommended action
What to do next
- Compare the MD5 above with the file found on the device.
- Check whether the file appears in the observed locations or under one of the alternate names.
- Run GridinSoft Anti-Malware to confirm the detection and remove the file if it is present. Review the Susp category for related samples and common context.
File context
explorer.exe is a Windows file recorded in the ThreatInfo database. It is associated with Wine. The reported company name is Microsoft Corporation. The current detection status is SuspCPUMiner, based on the latest analysis from 2026-05-23 20:00:45 (4 days ago). ThreatInfo groups this verdict with Susp reports for broader family-level investigation.
If explorer.exe appears on your computer unexpectedly, treat it as suspicious. Check its location, digital signature, and recent system changes before allowing it to run. A full anti-malware scan is recommended when this file is detected as SuspCPUMiner.
File Details
| Product Name: | Wine |
| Company Name: | Microsoft Corporation |
| MD5: | c8d996f525347b9a25c617e355afe4ae |
| Size: | 947 KB |
| First Published: | 2026-05-16 20:00:15 (2 weeks ago) |
| Latest Published: | 2026-05-23 20:00:45 (4 days ago) |
| Status: | SuspCPUMiner (on last analysis) | |
| Analysis Date: | 2026-05-23 20:00:45 (4 days ago) |
Detection screenshot
The screenshot is a visual record of a GridinSoft Anti-Malware detection for this sample. Use the hash and metadata above as the primary identifiers when comparing the file on your system.
Common Places:
| %system% |
ThreatInfo has observed explorer.exe in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.
Geographic signal
Observed country distribution
ThreatInfo has seen explorer.exe across 1 countries. Use this signal to compare local evidence with where the sample is most often reported.
The strongest geographic signal for this file is Guadeloupe with 100.0% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.
OS Version:
The most common operating system signal for explorer.exe is Windows 10 with 100.0% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.
Analysis
explorer.exe is identified as pe for 64-bit systems. The subsystem is Windows GUI. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.
PE Sections:
Section layout highlights raw-size concentration, repeated names, packer markers, and hashes that can be compared across related samples.
5f0885cdefd2b19f644d3436fcb69424
70d015dbae65cc14e6462abdbf26a9a0
0da9b41f7990ef6f299789002d3005e1
53959b074af5222ce2b8a25a5427ea5f
8df00c32ee681bfdcf902801e8598b58
8d5ab24f531cea7295662aa977c61522
d41d8cd98f00b204e9800998ecf8427e
549c69564c9af0a1be9d8b32867c8058
0bab6fb87ff3f14b0848411f4310499c
c4a062060bcae65235141872a98e4524
d227f8da83825233b8fd98544b055b1d
356ac023a13dd3f26394c3f5eb0cb16d
0c42f5a892c8616a314373cdcd9bcc37
45f18d13cca11c7f02012f446a423858
c37bf3802a10031c4a48e225c93fe28b
029348722a52d6f47756ff078bdd45a8
3713ba892088d131a43c51395e4cfd47
04734d4d26f4f4446057a2100b3f25b5
PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.
Report conclusion
GridinSoft detects this file as SuspCPUMiner
This report identifies explorer.exe by MD5 c8d996f525347b9a25c617e355afe4ae. It is part of the Susp report group. If the same file is present on your device, scan the system and remove the detected object after confirming the hash and location.