× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9e364c4e7a172cf53473696b525f1b0b56525397c3761a545d7a4b9dc181c6c9
File name: IPSSVC
Detection ratio: 0 / 67
Analysis date: 2018-09-11 00:34:30 UTC ( 2 weeks ago )
Antivirus Result Update
Ad-Aware 20180910
AegisLab 20180910
AhnLab-V3 20180910
Alibaba 20180713
ALYac 20180910
Antiy-AVL 20180911
Arcabit 20180910
Avast 20180910
Avast-Mobile 20180910
AVG 20180910
Avira (no cloud) 20180910
AVware 20180910
Babable 20180907
Baidu 20180910
BitDefender 20180910
Bkav 20180906
CAT-QuickHeal 20180909
ClamAV 20180910
CMC 20180910
Comodo 20180910
CrowdStrike Falcon (ML) 20180723
Cylance 20180911
Cyren 20180910
DrWeb 20180910
eGambit 20180911
Emsisoft 20180910
Endgame 20180730
ESET-NOD32 20180910
F-Prot 20180910
F-Secure 20180910
Fortinet 20180910
GData 20180910
Ikarus 20180910
Sophos ML 20180717
Jiangmin 20180910
K7AntiVirus 20180910
K7GW 20180910
Kaspersky 20180910
Kingsoft 20180911
Malwarebytes 20180910
MAX 20180911
McAfee 20180910
McAfee-GW-Edition 20180910
Microsoft 20180910
eScan 20180910
NANO-Antivirus 20180910
Palo Alto Networks (Known Signatures) 20180911
Panda 20180910
Qihoo-360 20180911
Rising 20180911
SentinelOne (Static ML) 20180830
Sophos AV 20180911
SUPERAntiSpyware 20180907
Symantec 20180910
Symantec Mobile Insight 20180905
TACHYON 20180910
Tencent 20180911
TheHacker 20180907
TotalDefense 20180910
TrendMicro 20180910
TrendMicro-HouseCall 20180910
Trustlook 20180911
VBA32 20180910
VIPRE 20180910
ViRobot 20180910
Webroot 20180911
Yandex 20180910
Zillya 20180910
ZoneAlarm by Check Point 20180910
Zoner 20180910
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Lenovo 2005

Product Away Manager
Original name IPSSVC.EXE
Internal name IPSSVC
File version 1, 0, 0, 0
Description IPS Core Service
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-11-15 09:19:30
Entry Point 0x0000399C
Number of sections 4
PE sections
PE imports
CloseServiceHandle
RegCloseKey
StartServiceCtrlDispatcherA
OpenServiceA
SetServiceStatus
CreateServiceA
QueryServiceStatus
RegQueryValueExA
DeregisterEventSource
ControlService
RegisterEventSourceA
DeleteService
RegOpenKeyExA
OpenSCManagerA
ReportEventA
RegisterServiceCtrlHandlerA
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
lstrlenA
WaitForSingleObject
FreeLibrary
LCMapStringA
HeapDestroy
HeapAlloc
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
GetFileType
SetConsoleCtrlHandler
LocalAlloc
lstrcatA
DeleteFileA
WideCharToMultiByte
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetProcessHeap
SetStdHandle
GetModuleHandleA
GetCPInfo
GetStringTypeA
SetFilePointer
ReadFile
WriteFile
GetCurrentProcess
ResetEvent
GetACP
HeapReAlloc
GetStringTypeW
WaitForMultipleObjects
SetEvent
LocalFree
MoveFileA
TerminateProcess
GetEnvironmentVariableA
HeapCreate
VirtualFree
CreateEventA
Sleep
FormatMessageA
SetEndOfFile
CreateFileA
ExitProcess
GetVersion
VirtualAlloc
GetOEMCP
CloseHandle
PH_DllInitialize
PH_GetOSVersion
PH_SetOptimizedProcess
PH_GetSystemUsage
PH_OpenOptimizedProcess
PH_AddPMonEventCallback
PH_InitializeThread
PH_SetActivityCheckParameters
PH_GetVersion
PH_GetDriverVersion
PH_CloseOptimizedProcess
PH_CleanupThread
PH_DelPMonEventCallback
PH_GetProcessUsage
PH_DllCleanup
PH_FindProcessID
RpcServerInqBindings
RpcMgmtStopServerListening
RpcServerRegisterAuthInfoA
RpcMgmtWaitServerListen
RpcEpRegisterA
RpcServerUseProtseqA
RpcServerRegisterIf
RpcServerListen
NdrServerCall2
RpcBindingVectorFree
RpcServerUnregisterIf
RpcEpUnregister
GetFileVersionInfoW
GetFileVersionInfoSizeW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
JAPANESE DEFAULT 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
IPS Core Service

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
32768

EntryPoint
0x399c

OriginalFileName
IPSSVC.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Lenovo 2005

FileVersion
1, 0, 0, 0

TimeStamp
2005:11:15 10:19:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
IPSSVC

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Lenovo Group Limited

CodeSize
40960

ProductName
Away Manager

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ebc8d84fea72bcd0421f029acb68189d
SHA1 b1845113767e5ee1cd3099b4ff59c9751436431d
SHA256 9e364c4e7a172cf53473696b525f1b0b56525397c3761a545d7a4b9dc181c6c9
ssdeep
768:NVIIibpB9RG6h8uTxOjBmNh0Jwe3pnZVWXgVgiB9HvsPBAfekH+wYWlUZp:diX9R/r4N3pvWWslwblU/

authentihash 1a56924ce1973161a07e085c7537628cf834ff152daa598f03aee882b5e1b69a
imphash 1cc8d65897ee57b043d2f660754e8c21
File size 72.0 KB ( 73728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2008-11-11 12:46:35 UTC ( 9 years, 10 months ago )
Last submission 2014-03-10 00:57:21 UTC ( 4 years, 6 months ago )
File names aa
IPSSVC.EXE
IPSSVC
IPSSVC.EXE
ipssvc.exe
flareFile
IPSSVC.EXE
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!