» ipz.exe
Overview
Analysis
File Details
Behaviors (1)

ipz.exe

The executable ipz.exe has been detected as malware by 36 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “Integlligent P2P Zombie”.

File name:

ipz.exe

MD5:

8f4711cdaf09e6a070770e8335e70738

SHA-1:

607e804c87b33a6b0d16aa0e95d72ae289cfb8d8

SHA-256:

ba555ce8e306824c6815d65639dbd8bd50c1e1dd31ec29b46101b4e5e803c5e2

Scanner detections:

36 / 68

Status:

Malware

Analysis date:

4/24/2024 10:16:01 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Backdoor.XIR

-40

Agnitum Outpost

Worm.Zombaque

7.1.1

AhnLab V3 Security

Worm/Win32.Zombaque

2015.03.19

Avira AntiVirus

TR/Crypt.ULPM.Gen2

7.11.218.102

avast!

Win32:Malware-gen

2014.9-170316

AVG

Win32/Virut

2018.0.2438

Baidu Antivirus

Worm.Win32.Zombaque

4.0.3.17316

Bitdefender

Backdoor.XIR

1.0.20.375

Bkav FE

W32.SyitmXT

1.3.0.6379

Comodo Security

UnclassifiedMalware

21457

Dr.Web

Win32.HLLW.RAhack.3

9.0.1.075

Emsisoft Anti-Malware

Backdoor.XIR

8.17.03.16.05

ESET NOD32

Win32/Zombaque (variant)

11.11342

Fortinet FortiGate

W32/Zombaque.A!worm

3/16/2017

F-Secure

Backdoor.XIR

11.2017-16-03_5

G Data

Backdoor.XIR

17.3.25

IKARUS anti.virus

Worm.Win32.Zombaque

t3scan.1.8.6.0

K7 AntiVirus

Riskware

13.201.15304

Kaspersky

Worm.Win32.Zombaque

14.0.0.-1316

McAfee

Artemis!8F4711CDAF09

5600.6094

Microsoft Security Essentials

Worm:Win32/Zombaque

1.1.11400.0

MicroWorld eScan

Backdoor.XIR

18.0.0.225

NANO AntiVirus

Virus.Win32.Virut-Gen.bwpxnc

0.30.8.659

Norman

Troj_Generic.XZYFG

11.20170316

nProtect

Backdoor.XIR

15.03.18.01

Panda Antivirus

Generic Malware

17.03.16.05

Qihoo 360 Security

Malware.Radar01.Gen

1.0.0.1015

Quick Heal

Worm.Zombaque.A3

3.17.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.12D8B5B8!316192184

23.00.65.17314

Sophos

W32/Zombaque-A

4.98

Trend Micro House Call

Suspicious_GEN.F47V0109

7.2.75

Trend Micro

WORM_BIZOME.SMD

10.465.16

Vba32 AntiVirus

Worm.Zombaque

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

38552

ViRobot

Worm.Win32.Generic.320512[h]

2014.3.20.0

Zillya! Antivirus

Worm.Zombaque.Win32.4

2.0.0.2105

File size:

368 KB (376,832 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Windows\System32\ipz.exe

File PE Metadata

Compilation timestamp:

9/23/1996 6:57:55 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

7.10

Entry address:

0xA9CC0

Entry point:

60, BE, 00, D0, 45, 00, 8D, BE, 00, 40, FA, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Entropy:

7.3976

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

308 KB (315,392 bytes)

Service

Display name:

Integlligent P2P Zombie

Service name:

ipz

Type:

Win32OwnProcess

Remove ipz.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.