ieinstal.exe

  • File Path: C:\Program Files\Internet Explorer\ieinstal.exe
  • Description: Internet Explorer Add-on Installer

Hashes

Type Hash
MD5 C9EDD394EB4D0996EE43CB67563DF50C
SHA1 6888A6B34A6B2BDAC0096A453C4E6F8D10E810F3
SHA256 CC57D54C0D17F5E786A75BC28CE2133499672FE378B6F62C8117F2F0C191E932
SHA384 90D1A7AD611EFE5AE0DD4859BD7C81B1E6CFDBC927726AA50B6C4674D31CA18898CFD2160DE0799ED678382347668A13
SHA512 EAABC79B810EDCB7EC0C99011EB0F87F8B45C7EA3CEA17A7C2BEE4BBB4C9E811040977415936CC45DE8ADFCEA1F2367B72AC17812D510172954641D5899B97D2
SSDEEP 6144:XXR616NN5sBwNw1rOt9pdYamXnrdbMKw7w1rOt9pdYamXnrdbMKw:XXRtRF+5OLpdNIrd4Ds5OLpdNIrd4D
IMP 43888707B850F333D1AE381CCB89FF5F
PESHA1 002381E229DFCBC3A0280480A42E4ECF46AD7342
PE256 6F3F8E56A3D1A2697247C2DEEDEDDA72FD68F6E114CA023B13F76558C29FE754

Runtime Data

Loaded Modules:

Path
C:\Program Files\Internet Explorer\ieinstal.exe
C:\Windows\System32\ADVAPI32.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\USER32.dll
C:\Windows\System32\win32u.dll

Signature

  • Status: Signature verified.
  • Serial: 330000026551AE1BBD005CBFBD000000000265
  • Thumbprint: E168609353F30FF2373157B4EB8CD519D07A2BFF
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: ieinstal.exe.mui
  • Product Name: Internet Explorer
  • Company Name: Microsoft Corporation
  • File Version: 11.00.19041.1 (WinBuild.160101.0800)
  • Product Version: 11.00.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/cc57d54c0d17f5e786a75bc28ce2133499672fe378b6f62c8117f2f0c191e932/detection/

File Similarity (ssdeep match)

File Score
C:\Program Files (x86)\Internet Explorer\ieinstal.exe 83
C:\Program Files (x86)\Internet Explorer\ieinstal.exe 80
C:\Program Files (x86)\Internet Explorer\ielowutil.exe 57
C:\Program Files (x86)\Internet Explorer\ielowutil.exe 55
C:\Program Files\internet explorer\ieinstal.exe 82
C:\Program Files\internet explorer\ielowutil.exe 54
C:\Program Files\Internet Explorer\ielowutil.exe 54

Possible Misuse

The following table contains possible examples of ieinstal.exe being misused. While ieinstal.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma file_event_win_uac_bypass_ieinstal.yml title: UAC Bypass Using IEInstal - File DRL 1.0
sigma file_event_win_uac_bypass_ieinstal.yml description: Detects the pattern of UAC Bypass using IEInstal.exe (UACMe 64) DRL 1.0
sigma file_event_win_uac_bypass_ieinstal.yml Image: 'C:\Program Files\Internet Explorer\IEInstal.exe' DRL 1.0
sigma proc_creation_win_uac_bypass_ieinstal.yml title: UAC Bypass Using IEInstal - Process DRL 1.0
sigma proc_creation_win_uac_bypass_ieinstal.yml description: Detects the pattern of UAC Bypass using IEInstal.exe (UACMe 64) DRL 1.0
sigma proc_creation_win_uac_bypass_ieinstal.yml ParentImage\|endswith: '\ieinstal.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.