ie4uinit.exe
- File Path:
C:\Windows\system32\ie4uinit.exe - Description: IE Per-User Initialization Utility
Hashes
| Type | Hash |
|---|---|
| MD5 | A52B135E1865F98C90BF23B3807E51C0 |
| SHA1 | BF142E7FA17591BAF7D97E342781C8BCA8545C63 |
| SHA256 | 46A3D721ADB36114A5141E5795E4DFC02644FDF8F6C602BCCFDC057784F29DB0 |
| SHA384 | 5AA92BCDD9D69BC129DE2444F3CEDCBE9F9E548C0238A7112B83BC87EF120123F60A7BA228F9C5301D04AAF76617B6A5 |
| SHA512 | E97A8803B343677A15D2F84E161AA0A2C1C424FC973E933273768C5EB9F21C354F506AF396879C4B59145CFF83E28F0636446A11AB61A240AE36335DC47584E2 |
| SSDEEP | 6144:2wFUGsVC9US0r+ELOC2esAfxd4beLQ+V5h6X:2wuhVw01OCtfz4bexy |
| IMP | B898E7CB8AA65CE3FA6187EE093D7F6B |
| PESHA1 | 5F223F5350D78F32C311B521A04233DF8966A9D9 |
| PE256 | 12C51A253AD15B14BA64730360801B3A1D5DCF8DCB82C9C9ACA996852D2692DB |
Runtime Data
Open Handles:
| Path | Type |
|---|---|
| (R-D) C:\Windows\System32\en-US\ie4uinit.exe.mui | File |
| (RW-) C:\Users\user | File |
| (RW-) C:\Users\user\AppData\Local\Microsoft\Internet Explorer\ie4uinit–help.log | File |
| (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17763.1518_none_6d08fefc59f73326 | File |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000004.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro | Section |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 | Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 | Section |
| \Sessions\2\BaseNamedObjects\windows_shell_global_counters | Section |
Loaded Modules:
| Path |
|---|
| C:\Windows\System32\ADVAPI32.dll |
| C:\Windows\System32\bcrypt.dll |
| C:\Windows\System32\bcryptPrimitives.dll |
| C:\Windows\System32\cfgmgr32.dll |
| C:\Windows\System32\combase.dll |
| C:\Windows\System32\CRYPT32.dll |
| C:\Windows\system32\CRYPTBASE.DLL |
| C:\Windows\System32\cryptsp.dll |
| C:\Windows\System32\GDI32.dll |
| C:\Windows\System32\gdi32full.dll |
| C:\Windows\system32\ie4uinit.exe |
| C:\Windows\system32\IEADVPACK.dll |
| C:\Windows\system32\iedkcs32.dll |
| C:\Windows\system32\iertutil.dll |
| C:\Windows\System32\kernel.appcore.dll |
| C:\Windows\System32\KERNEL32.DLL |
| C:\Windows\System32\KERNELBASE.dll |
| C:\Windows\system32\MLANG.dll |
| C:\Windows\System32\MSASN1.dll |
| C:\Windows\System32\msvcp_win.dll |
| C:\Windows\System32\msvcrt.dll |
| C:\Windows\system32\NETAPI32.dll |
| C:\Windows\system32\netutils.dll |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\ole32.dll |
| C:\Windows\System32\OLEAUT32.dll |
| C:\Windows\System32\powrprof.dll |
| C:\Windows\System32\profapi.dll |
| C:\Windows\System32\RPCRT4.dll |
| C:\Windows\System32\sechost.dll |
| C:\Windows\System32\SETUPAPI.dll |
| C:\Windows\System32\shcore.dll |
| C:\Windows\System32\SHELL32.dll |
| C:\Windows\System32\shlwapi.dll |
| C:\Windows\System32\ucrtbase.dll |
| C:\Windows\system32\urlmon.dll |
| C:\Windows\System32\USER32.dll |
| C:\Windows\system32\VERSION.dll |
| C:\Windows\System32\win32u.dll |
| C:\Windows\System32\windows.storage.dll |
| C:\Windows\system32\WININET.dll |
| C:\Windows\system32\wkscli.dll |
| C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17763.1518_none_6d08fefc59f73326\COMCTL32.dll |
Signature
- Status: Signature verified.
- Serial:
3300000266BD1580EFA75CD6D3000000000266 - Thumbprint:
A4341B9FD50FB9964283220A36A1EF6F6FAA7840 - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: IE4UINIT.EXE.MUI
- Product Name: Internet Explorer
- Company Name: Microsoft Corporation
- File Version: 11.00.17763.1 (WinBuild.160101.0800)
- Product Version: 11.00.17763.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/70
- VirusTotal Link: https://www.virustotal.com/gui/file/46a3d721adb36114a5141e5795e4dfc02644fdf8f6c602bccfdc057784f29db0/detection/
Possible Misuse
The following table contains possible examples of ie4uinit.exe being misused. While ie4uinit.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| LOLBAS | Ie4uinit.yml | Name: Ie4uinit.exe |
|
| LOLBAS | Ie4uinit.yml | - Command: ie4uinit.exe -BaseSettings |
|
| LOLBAS | Ie4uinit.yml | Description: Executes commands from a specially prepared ie4uinit.inf file. |
|
| LOLBAS | Ie4uinit.yml | - Path: c:\windows\system32\ie4uinit.exe |
|
| LOLBAS | Ie4uinit.yml | - Path: c:\windows\sysWOW64\ie4uinit.exe |
|
| LOLBAS | Ie4uinit.yml | - IOC: ie4uinit.exe copied outside of %windir% |
|
| LOLBAS | Ie4uinit.yml | - IOC: ie4uinit.exe loading an inf file (ieuinit.inf) from outside %windir% |
|
| malware-ioc | nukesped_lazarus | .IE4UINIT.exe``{:.highlight .language-cmhg} |
© ESET 2014-2018 |
MIT License. Copyright (c) 2020-2021 Strontic.