ieinstal.exe

  • File Path: C:\Program Files (x86)\Internet Explorer\ieinstal.exe
  • Description: Internet Explorer Add-on Installer

Hashes

Type Hash
MD5 22B06EAB26C89C0AD59071593442716E
SHA1 1DFE3E2B0BDAC0E4B8C62652D1749E0190058268
SHA256 AD5DCBE9F92C6DA4CA09226C93B570F918014D7FB596A7AE402459AB32EA3658
SHA384 5876754005614D54FF17C94B490074CCB4265732221341383E5F7213D6F149689930BE909C744199E48704796D22D4A3
SHA512 B7525FC23EF95F7F509F2C0558747497D7542E7385B01641AD2D24D41183EA567880848D9B9FB6ED13AD2F027ED3751203B23A64B9DB63E6FD7C49930A0C3CB2
SSDEEP 6144:WkzBUBwEw1rOt9pdYamXnrdbMKw7w1rOt9pdYamXnrdbMKww:WkNdn5OLpdNIrd4Ds5OLpdNIrd4Dw
IMP 9F36C0AED915A5B7F4A6DB6667FCB4C6
PESHA1 AE23A867503593DE30E163B0A2F7A3ECCBA52A1D
PE256 D3E108BA141FB42BB59C6AEC4AE14B4CB924B1329CA8498088B6EBFABC2280B5

Runtime Data

Loaded Modules:

Path
C:\Program Files (x86)\Internet Explorer\ieinstal.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 33000001C422B2F79B793DACB20000000001C4
  • Thumbprint: AE9C1AE54763822EEC42474983D8B635116C8452
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: ieinstal.exe.mui
  • Product Name: Internet Explorer
  • Company Name: Microsoft Corporation
  • File Version: 11.00.17763.1 (WinBuild.160101.0800)
  • Product Version: 11.00.17763.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/ad5dcbe9f92c6da4ca09226c93b570f918014d7fb596a7ae402459ab32ea3658/detection/

File Similarity (ssdeep match)

File Score
C:\Program Files (x86)\Internet Explorer\ieinstal.exe 85
C:\Program Files (x86)\Internet Explorer\ielowutil.exe 60
C:\Program Files (x86)\Internet Explorer\ielowutil.exe 58
C:\Program Files\internet explorer\ieinstal.exe 82
C:\Program Files\Internet Explorer\ieinstal.exe 83
C:\Program Files\internet explorer\ielowutil.exe 57
C:\Program Files\Internet Explorer\ielowutil.exe 57

Possible Misuse

The following table contains possible examples of ieinstal.exe being misused. While ieinstal.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma file_event_win_uac_bypass_ieinstal.yml title: UAC Bypass Using IEInstal - File DRL 1.0
sigma file_event_win_uac_bypass_ieinstal.yml description: Detects the pattern of UAC Bypass using IEInstal.exe (UACMe 64) DRL 1.0
sigma file_event_win_uac_bypass_ieinstal.yml Image: 'C:\Program Files\Internet Explorer\IEInstal.exe' DRL 1.0
sigma proc_creation_win_uac_bypass_ieinstal.yml title: UAC Bypass Using IEInstal - Process DRL 1.0
sigma proc_creation_win_uac_bypass_ieinstal.yml description: Detects the pattern of UAC Bypass using IEInstal.exe (UACMe 64) DRL 1.0
sigma proc_creation_win_uac_bypass_ieinstal.yml ParentImage\|endswith: '\ieinstal.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.