How to remove explorer32.exe
- File Details
- Overview
- Analysis
explorer32.exe
The module explorer32.exe has been detected as Trojan.CoinMiner
File Details
MD5: |
3afeb8e9af02a33ff71bf2f6751cae3a |
Size: |
1 MB |
First Published: |
2017-05-21 03:01:57 (7 years ago) |
Latest Published: |
2024-09-07 23:01:53 (5 days ago) |
Status: |
Trojan.CoinMiner (on last analysis) |
|
Analysis Date: |
2024-09-07 23:01:53 (5 days ago) |
%appdata%\nscpucnminer |
%appdata%\nsminer |
%appdata%\images |
%appdata%\cnminer |
%localappdata%\temp |
%commonappdata%\kerish products\kerish doctor\backup\startupdisabled\18-m32.exe |
%temp%\m32.exe |
%profile%\дминистратор\application data\nscpucnminer |
%system%\config\systemprofile\appdata\roaming\nscpucnminer |
%sysdrive%\temp |
NsCpuCNMiner32.exe |
explorer32.exe |
trzE703.tmp |
trz427.tmp |
trzA8A.tmp |
trzC9D.tmp |
$RJXB3GE.exe |
$RKWEGUO.exe |
$RVABD34.exe |
$RA7AHXE.exe |
$RQO9Z4E.exe |
trz78E9.tmp |
trz368C.tmp |
trz76DC.tmp |
trz98A6.tmp |
trz91B3.tmp |
trzA813.tmp |
trz9DD4.tmp |
trz9992.tmp |
trzA796.tmp |
trzA69A.tmp |
$RZYB0P7.exe |
instsh_x86.exe |
|
36.1% |
|
|
19.5% |
|
|
5.7% |
|
|
4.0% |
|
|
3.6% |
|
|
3.3% |
|
|
3.3% |
|
|
2.5% |
|
|
1.9% |
|
|
1.8% |
|
|
1.5% |
|
|
1.5% |
|
|
1.2% |
|
|
1.2% |
|
|
1.1% |
|
|
1.0% |
|
|
0.6% |
|
|
0.6% |
|
|
0.6% |
|
|
0.6% |
|
|
0.5% |
|
|
0.5% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
Windows 7 |
62.3% |
|
Windows 10 |
11.5% |
|
Windows XP |
6.0% |
|
Windows 8.1 |
5.5% |
|
Windows Server 2012 R2 |
4.2% |
|
Windows Server 2003 |
3.7% |
|
Windows 8 |
3.2% |
|
Windows Server 2008 R2 |
2.5% |
|
Windows Vista |
0.6% |
|
Windows Server 2012 |
0.2% |
|
Windows MultiPoint Server 2011 |
0.1% |
|
Windows Embedded 8.1 |
0.1% |
|
Analysis
Subsystem: |
Windows CUI |
PE Type: |
pe |
OS Bitness: |
32 |
Image Base: |
0x00400000 |
Entry Address: |
0x0024f455 |
Name |
Size of data |
MD5 |
.text |
0 |
00000000000000000000000000000000 |
.rdata |
0 |
00000000000000000000000000000000 |
.data |
0 |
00000000000000000000000000000000 |
.tls |
512 |
bf619eac0cdf3f68d496ea9344137e8b |
.vmp0 |
0 |
00000000000000000000000000000000 |
.vmp1 |
1430528 |
9aba7267658e1a6c1d2226393624d5d5 |
.reloc |
512 |
5eebc6a8d4e8052230a730510e7f3ed7 |
.rsrc |
1024 |
459abb11772f115c47c1a2afc27e2802 |