home

ipscan.exe

Angryziber Software

The application ipscan.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.wles.chc.edu.tw.
Publisher:
Angryziber Software

Description:
Angry IP scanner

Version:
0, 0, 0, 0

MD5:
1bebf00affd04fc41539166820a10ac0

SHA-1:
937ea8b33b93c685fd5d91fc8df58883ca1d6113

SHA-256:
af730c7947f9aa7bf0d6e2940b7b41774c69bacaa41cf2e5d65fe11aca0c732a

Scanner detections:
16 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 1:08:22 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
HackTool.Portscan
7.1.1

AhnLab V3 Security
Win-Trojan/PortScan.109056
2014.01.30

Avira AntiVirus
SPR/Hacktool.AngryScan
7.11.128.0

avast!
Win32:PUP-gen [PUP]
2014.9-140212

Baidu Antivirus
Malware.Win32.HackTool
4.0.3.14212

ESET NOD32
Win32/NetTool.Portscan.AA (variant)
8.9355

F-Prot
W32/MalwareF.NLAQ
v6.4.7.1.166

IKARUS anti.virus
not-a-virus:NetTool.Win32.Portscan
t3scan.2.2.29

K7 AntiVirus
Riskware
13.175.11003

Kaspersky
not-a-virus:NetTool.Win32.Portscan
14.0.0.4320

NANO AntiVirus
Riskware.Win32.Portscan.bmonq
0.28.0.57473

Norman
Suspicious_Gen2.XGZX
11.20140212

Panda Antivirus
Hacktool/AngryScan
14.02.12.10

Rising Antivirus
PE:Trojan.Win32.Generic.122B05AB!304809387
23.00.65.14210

SUPERAntiSpyware
PUP.AngryIPScanner
10787

VIPRE Antivirus
Trojan.Win32.Generic
25954

File size:
106.5 KB (109,056 bytes)

Product version:
0, 0, 0, 0

Copyright:
Copyright (C) 2000

Original file name:
ipscan.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\ipscan.exe

File PE Metadata
Compilation timestamp:
2/19/2003 12:49:24 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:tlLZ/fWe9V7FTcPRwh1qy8GNfdXrqikN6:z1/fT9VxTcPidtBw3

Entry address:
0x45DB0

Entry point:
60, BE, 00, D0, 42, 00, 8D, BE, 00, 40, FD, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 19, 8B, 1E, 83, EE, FC, 11, DB, 72, 10, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 78, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11...
 
[+]

Entropy:
7.8002  (probably packed)

Code size:
100 KB (102,400 bytes)

The file ipscan.exe has been seen being distributed by the following URL.

http://www.wles.chc.edu.tw/download.php?up_link=5&file_id=11&act=down

Remove ipscan.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.