GridinSoft Threat Intelligence
r2win.exe threat report
GridinSoft Anti-Malware detection
Detected by GridinSoft before you download
The current ThreatInfo record shows this exact file hash detected as Hijack.Explorer. Download GridinSoft Anti-Malware to scan the device, confirm whether this file is present, and remove the detected object if it is found.
- Detection name
- Hijack.Explorer
- Recommended action
- Scan and remove
- Last analysis
- 2024-04-17 23:01:06 (2 years ago)
- File hash
- d7e005233dc1ea901dbc8b01048e1896
Why it matters
Why GridinSoft flags this file
GridinSoft identifies the sample as Hijack.Explorer, part of the Hijack threat category.
Browser, shortcut, proxy, or system-setting changes that redirect user activity. Related Hijack reports help compare this file with nearby detections, publishers, and hashes.
First seen 2024-04-17 23:01:05 (2 years ago); latest analysis 2024-04-17 23:01:06 (2 years ago).
Company metadata: WRQ, Inc.. Product metadata: Reflection for UNIX and Digital.
ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.
Recommended action
What to do next
- Compare the MD5 above with the file found on the device.
- Check whether the file appears in the observed locations or under one of the alternate names.
- Run GridinSoft Anti-Malware to confirm the detection and remove the file if it is present. Review the Hijack category for related samples and common context.
File context
r2win.exe is a Windows file recorded in the ThreatInfo database. It is associated with Reflection for UNIX and Digital. The reported company name is WRQ, Inc.. The current detection status is Hijack.Explorer, based on the latest analysis from 2024-04-17 23:01:06 (2 years ago). ThreatInfo groups this verdict with Hijack reports for broader family-level investigation.
If r2win.exe appears on your computer unexpectedly, treat it as suspicious. Check its location, digital signature, and recent system changes before allowing it to run. A full anti-malware scan is recommended when this file is detected as Hijack.Explorer.
File Details
| Product Name: | Reflection for UNIX and Digital |
| Company Name: | WRQ, Inc. |
| MD5: | d7e005233dc1ea901dbc8b01048e1896 |
| Size: | 2 MB |
| First Published: | 2024-04-17 23:01:05 (2 years ago) |
| Latest Published: | 2024-04-17 23:01:06 (2 years ago) |
| Status: | Hijack.Explorer (on last analysis) | |
| Analysis Date: | 2024-04-17 23:01:06 (2 years ago) |
Detection screenshot
The screenshot is a visual record of a GridinSoft Anti-Malware detection for this sample. Use the hash and metadata above as the primary identifiers when comparing the file on your system.
Common Places:
| %programfiles% |
ThreatInfo has observed r2win.exe in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.
Geographic signal
Observed country distribution
ThreatInfo has seen r2win.exe across 1 countries. Use this signal to compare local evidence with where the sample is most often reported.
The strongest geographic signal for this file is Mexico with 100.0% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.
OS Version:
The most common operating system signal for r2win.exe is Windows 7 with 100.0% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.
Analysis
r2win.exe is identified as pe for 32-bit systems. The subsystem is Windows GUI. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.
PE Sections:
Section layout highlights raw-size concentration, repeated names, packer markers, and hashes that can be compared across related samples.
d73e6d6dcd8d966552ef4e7409d39133
fdb25f623c82574c82c294ddad74379a
beafbc5f49b90361c2cdcfbcd5a4e4bd
15a0bac623e2c50355150c4731278570
196b1f0d32fdd6cc028b01c236cfa8bd
57ce4ed62f73593390fe3bffd734fba6
7ee63c11e0af6f508c949d1e3bd5019f
833d93492f7084370f3685c7689cfb7c
23131b22ac1bf11e6cbe89d869b0d7e8
64b86f56423cf10177fc61109ae71056
edffc9bc5629da532a844aa50618f818
4c5334a73fe22f2592ee67b5374643c4
cdf08706d8505b32c38925256f8acb42
efb3e099337c5d8d83576f666b0fc287
c4461ea19a3d56a078d6ec5524b6d6c3
0332734b44a2047e06675147eb75994e
39d248305cc3ad44304c438f06cd6727
fbbdab9e76eb6a26138dbe06561d4f35
b174d37c26404688ba07f546499d0439
9efe24e563976113cafe7f524d3132e9
fa360effb3d4cec366388f48cafb88a9
3cdb1ee08f80b18ae6cc068377218703
10ba20ea248f08612ccaaa6cd70221c7
dc77e533570fd143ad3636aeb43e5c1c
1faf48be991cf7fc708c9506005bee56
002b92538fdeb70b585810ab16807f39
4db49fb16fbeac54027ff4c3aac63a8a
abd4e329094b7343ba1618aa4b915819
050a9f61204722afbe91cbc9e161ee9d
2c3a5dbe36a156486c9ee42df9934290
a6ea28089c22c49206940d01ded3c2a3
871ea89d162984b47ec1eee859dd4480
fe9afab57bc193d8de92f0496d59fdd1
064b7362aa8e4df61486a829166e6138
93e3d6df5b1919ba0305ff9af3e4ce51
dac257d5a2824770748560f2b522fb65
PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.
Report conclusion
GridinSoft detects this file as Hijack.Explorer
This report identifies r2win.exe by MD5 d7e005233dc1ea901dbc8b01048e1896. It is part of the Hijack report group. If the same file is present on your device, scan the system and remove the detected object after confirming the hash and location.