ieinstal.exe

  • File Path: C:\Program Files\internet explorer\ieinstal.exe
  • Description: Internet Explorer Add-on Installer

Hashes

Type Hash
MD5 58646B0C0417C0E01BECB6C922C0C10A
SHA1 1B258676756A6594722C0C4F476A59F2E1B86646
SHA256 A57B027F6619281B920503C26A30FA3DAEFC874BE3FC31257F63106F7A434643
SHA384 D10D12BEED7FE277640B741A40C330182D1A2228B6A2B807C803090F1924AB8C46EB4BF34CFD5E2DC75C50A3D602B30D
SHA512 AA996AE19DA13FCDAA1F36D5B82A9A03AC793BE1726650D5771CD9319473C9FD0D2208A9AC42D19F23B1B12AB1604EF241ED4A6A7EEB4226075673C44E94BF93
SSDEEP 6144:ecaYwZJs+DsBwfw1rOt9pdYamXnrdbMKw7w1rOt9pdYamXnrdbMKw:ecaN6EFI5OLpdNIrd4Ds5OLpdNIrd4D
IMP C5AC1A1FE6C548914C7DBCC2BC5DB3A9
PESHA1 BFF30A00A8BABFFD75140CA3AA8B9B38AA7AC840
PE256 A077071369588656288A719F45ED975FD2821FA4F811A468D68F2291E56E76D5

Runtime Data

Loaded Modules:

Path
C:\Program Files\internet explorer\ieinstal.exe
C:\Windows\System32\ADVAPI32.dll
C:\Windows\SYSTEM32\AUTHZ.dll
C:\Windows\System32\bcryptPrimitives.dll
C:\Windows\System32\combase.dll
C:\Windows\System32\CRYPT32.dll
C:\Windows\SYSTEM32\CRYPTBASE.DLL
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\SYSTEM32\iertutil.dll
C:\Windows\System32\kernel.appcore.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\MSASN1.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\ole32.dll
C:\Windows\System32\OLEAUT32.dll
C:\Windows\System32\powrprof.dll
C:\Windows\System32\profapi.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\shcore.dll
C:\Windows\System32\shlwapi.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\SYSTEM32\urlmon.dll
C:\Windows\System32\USER32.dll
C:\Windows\System32\win32u.dll
C:\Windows\System32\windows.storage.dll
C:\Windows\System32\WINTRUST.dll

Signature

  • Status: Signature verified.
  • Serial: 33000001C422B2F79B793DACB20000000001C4
  • Thumbprint: AE9C1AE54763822EEC42474983D8B635116C8452
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: ieinstal.exe.mui
  • Product Name: Internet Explorer
  • Company Name: Microsoft Corporation
  • File Version: 11.00.17763.1 (WinBuild.160101.0800)
  • Product Version: 11.00.17763.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/68
  • VirusTotal Link: https://www.virustotal.com/gui/file/a57b027f6619281b920503c26a30fa3daefc874be3fc31257f63106f7a434643/detection/

File Similarity (ssdeep match)

File Score
C:\Program Files (x86)\Internet Explorer\ieinstal.exe 82
C:\Program Files (x86)\Internet Explorer\ieinstal.exe 82
C:\Program Files (x86)\Internet Explorer\ielowutil.exe 55
C:\Program Files (x86)\Internet Explorer\ielowutil.exe 55
C:\Program Files\Internet Explorer\ieinstal.exe 82
C:\Program Files\internet explorer\ielowutil.exe 54
C:\Program Files\Internet Explorer\ielowutil.exe 54

Possible Misuse

The following table contains possible examples of ieinstal.exe being misused. While ieinstal.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma file_event_win_uac_bypass_ieinstal.yml title: UAC Bypass Using IEInstal - File DRL 1.0
sigma file_event_win_uac_bypass_ieinstal.yml description: Detects the pattern of UAC Bypass using IEInstal.exe (UACMe 64) DRL 1.0
sigma file_event_win_uac_bypass_ieinstal.yml Image: 'C:\Program Files\Internet Explorer\IEInstal.exe' DRL 1.0
sigma proc_creation_win_uac_bypass_ieinstal.yml title: UAC Bypass Using IEInstal - Process DRL 1.0
sigma proc_creation_win_uac_bypass_ieinstal.yml description: Detects the pattern of UAC Bypass using IEInstal.exe (UACMe 64) DRL 1.0
sigma proc_creation_win_uac_bypass_ieinstal.yml ParentImage\|endswith: '\ieinstal.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.