» iduserv.exe
Overview
Analysis
File Details
Behaviors (1)

iduserv.exe

Intel Desktop Utilities

Intel Corporation

The executable iduserv.exe, “Service application for Intel(R) Desktop Utilities” has been detected as malware by 11 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “Intel(R) Desktop Utilities Service”.

File name:

iduserv.exe

Publisher:

Intel Corporation (signed and verified)

Product:

Intel(R) Desktop Utilities

Description:

Service application for Intel(R) Desktop Utilities

Version:

3.2.8.89

MD5:

5f7aa449c4eb942695fb051ac089ead6

SHA-1:

67abe7b8130f2f30a662ae9bc61cf26e4f56ebae

SHA-256:

781e441b2e228826b56f77a23b08d8c55f27eae503223aa414a758c95d762ac0

Scanner detections:

11 / 68

Status:

Malware

Analysis date:

4/27/2024 12:52:35 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Pioneer-C

160414-2

AVG

Win32/Floxif

2015.0.4591

Dr.Web

Win32.FloodFix.7

9.0.1.05190

Emsisoft Anti-Malware

Win32.Floxif

9.0.0.4157

ESET NOD32

Win32/Floxif.H virus

8.0.319.0

F-Prot

W32/Floxif.B

4.6.5.141

F-Secure

Win32.Floxif.A

5.15.96

Kaspersky

Virus.Win32.Pioneer

15.0.0.562

McAfee

Trojan.Dropper-FIY!5F7AA449C4EB

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.223.755.0

Norman

Win32.Floxif.A

28.05.2016 15:32:18

File size:

707.7 KB (724,727 bytes)

Product version:

3.2.8.89

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\intel\intel desktop utilities\iduserv.exe

Digital Signature

Signed by:

Intel Corporation

Authority:

Intel Corporation

Valid from:

6/18/2013 4:55:52 PM

Valid to:

6/2/2016 4:55:52 PM

Subject:

CN=Channel Innovations and Solutions Division, OU=Software Development Org., O=Intel Corporation, L=Santa Clara, S=CA, C=US

Issuer:

CN=Intel External Basic Issuing CA 3A, O=Intel Corporation, L=Santa Clara, S=CA, C=US

Serial number:

3300009EFAFFD8163D6F29D4CB000300009EFA

File PE Metadata

Compilation timestamp:

6/19/1992 10:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:6q5Z3VbflImziHF1/4msFPQJVklVR9Gng3cDIh8gpllPBjvrEH7S:6+dKmziHv4FhQEbSg3dz9rEH7S

Entry address:

0x8190C

Entry point:

E9, 8B, 1D, FE, FF, EC, 53, 56, 57, 33, C0, 89, 45, EC, B8, AC, 15, 48, 00, E8, B4, 4C, F8, FF, 33, C0, 55, 68, C0, 19, 48, 00, 64, FF, 30, 64, 89, 20, A1, D8, 49, 48, 00, 8B, 00, 8B, 10, FF, 52, 34, 8B, 0D, D4, 46, 48, 00, A1, D8, 49, 48, 00, 8B, 00, 8B, 15, F8, F1, 47, 00, 8B, 18, FF, 53, 30, 33, C0, 55, 68, 7A, 19, 48, 00, 64, FF, 30, 64, 89, 20, A1, D8, 49, 48, 00, 8B, 00, 8B, 10, FF, 52, 38, 33, C0, 5A, 59, 59, 64, 89, 10, EB, 30, E9, 99, 22, F8, FF, 01, 00, 00, 00, 30, 9E, 40, 00, 8B, 19, 48, 00, 89... 
[+]

Entropy:

6.8592

Packer / compiler:

Xtreme-Protector v1.05

Code size:

514.5 KB (526,848 bytes)

Service

Display name:

Intel(R) Desktop Utilities Service

Service name:

IduService

Description:

Manages IDU component communication and alerts

Type:

Win32OwnProcess

Depends on:

Intel(R) Desktop Boards FSC Application Service

Remove iduserv.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.