» IPSSVC.EXE
Overview
Analysis
File Details
Behaviors (1)

IPSSVC.EXE

Maintenance Manager

Lenovo (Japan) Ltd.

The executable IPSSVC.EXE has been detected as malware by 30 anti-virus scanners. It runs as a windows Service named “IPS Core Service”. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

IPSSVC.EXE

Publisher:

Lenovo Group Limited (signed by Lenovo (Japan) Ltd.)

Product:

Maintenance Manager

Description:

IPS Core Service

Version:

3, 0, 3, 0

MD5:

7b06cbf098f24071e221a9563e56797c

SHA-1:

7b66aeec08fa566632f37922cf07c1f1680b264b

Scanner detections:

30 / 68

Status:

Malware

Analysis date:

4/19/2024 2:49:35 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-Trojan/Patched.DD

2011.09.12

Avira AntiVirus

TR/Spy.ZBot.108080

7.11.14.189

avast!

Win32:Patched-WQ [Trj]

2014.9-170221

AVG

Win32/Katusha.A

2018.0.2460

Bitdefender

Trojan.Generic.6135727

1.0.20.260

Clam AntiVirus

Trojan.Patched-167

0.98/18011

Comodo Security

TrojWare.Win32.Patched.HN

10098

Dr.Web

Trojan.Starter.1695

9.0.1.052

Emsisoft Anti-Malware

Trojan-Spy.Win32.Zbot!IK

8.17.02.21.09

ESET NOD32

Win32/Patched.HN

11.6460

Fortinet FortiGate

W32/Zbot.W!tr

2/21/2017

F-Prot

W32/Patched.G

v6.4.6.2.117

F-Secure

Trojan.Generic.6135727

11.2017-21-02_3

G Data

Trojan.Generic.6135727

17.2.22

IKARUS anti.virus

Trojan-Spy.Win32.Zbot

t3scan.1.1.107.0

K7 AntiVirus

Trojan

13.112.5128

Kaspersky

Trojan.Win32.Patched

14.0.0.-1204

McAfee

W32/Katusha

5600.6116

Microsoft Security Essentials

Virus:Win32/Patchload.O

1.163.1557.0

Norman

W32/Patched.BH

11.20170221

nProtect

Trojan/W32.Agent.108080

11.09.13.01

Panda Antivirus

W32/Katusha.BN

17.02.21.09

Quick Heal

W32.Patchload.O

2.17.11.00

Rising Antivirus

Win32.Loader.li

23.00.65.17219

Sophos

W32/Patched-AK

4.69

Trend Micro House Call

PTCH_KATUSHA.W

7.2.52

Trend Micro

PTCH_KATUSHA.W

10.465.21

Vba32 AntiVirus

Trojan-Spy.Zbot.gen

3.12.16.4

VIPRE Antivirus

Virus.Win32.Agent.mpq

10464

ViRobot

Win32.Patched.BE

2011.9.10.4666

File size:

105.5 KB (108,080 bytes)

Original file name:

IPSSVC.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Windows\System32\ipssvc.exe

Digital Signature

Signed by:

Lenovo (Japan) Ltd.

Authority:

VeriSign, Inc.

Valid from:

11/7/2006 1:00:00 AM

Valid to:

11/8/2007 12:59:59 AM

Subject:

CN=Lenovo (Japan) Ltd., OU=Research & Development 1, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Lenovo (Japan) Ltd., L=Yamato-shi, S=Kanagawa, C=JP

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4D3F41B8F9DD4F74BEF0B262A06C34DB

File PE Metadata

Compilation timestamp:

1/30/2007 7:14:43 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

Entry address:

0x1A4CC

Entry point:

68, 0A, 58, 40, 00, E9, 34, 06, 00, 00, E8, 0F, 00, 00, 00, 43, 72, 65, 61, 74, 65, 50, 72, 6F, 63, 65, 73, 73, 57, 00, 58, C3, 90, E8, 18, 00, 00, 00, 5C, 00, 73, 00, 79, 00, 73, 00, 74, 00, 65, 00, 6D, 00, 72, 00, 6F, 00, 6F, 00, 74, 00, 00, 00, 58, C3, 90, E8, 1E, 00, 00, 00, 5C, 00, 5C, 00, 2E, 00, 5C, 00, 67, 00, 6C, 00, 6F, 00, 62, 00, 61, 00, 6C, 00, 72, 00, 6F, 00, 6F, 00, 74, 00, 00, 00, 58, C3, 90, E8, 12, 00, 00, 00, 6B, 00, 65, 00, 72, 00, 6E, 00, 65, 00, 6C, 00, 33, 00, 32, 00, 00, 00, 58, C3... 
[+]

Code size:

68 KB (69,632 bytes)

Service

Display name:

IPS Core Service

Service name:

IPSSVC

Type:

Win32OwnProcess, InteractiveProcess

Group:

Extended Base

Depends on:

RPCSS PROCDD

Remove IPSSVC.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.