Unless you have absolute certainty that this file came from a legitimate, internal, or legacy enterprise system (e.g., a custom corporate plugin for an old internal IE-only web app), do not execute it.
A: In the vast majority of cases found online today – yes. It is often a trojan or browser hijacker. No mainstream antivirus labels it as safe without a valid digital signature from a trusted publisher.
If the plugin is Microsoft-authored, you can find it on the Microsoft Update Catalog. Search for "KB" articles from 2012–2015 that include IE plugin updates.
A: No. These third-party download sites often wrap freeware in custom installers that bundle adware. Even if the original file was once legitimate, their repackaged version will likely include unwanted programs.