» PIconStartup.exe
Overview
Analysis
File Details
Behaviors (1)

PIconStartup.exe

Intel PIconStartup

The executable PIconStartup.exe, “PIcon startup utility” has been detected as malware by 14 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘IMSS’.

File name:

PIconStartup.exe

Publisher:

Intel Corporation* (Invalid match)

Product:

Intel(R) PIconStartup

Description:

PIcon startup utility

Version:

7.1.80.1213

MD5:

71e7c12a44cad7a7b29aeb5d0c3901bb

SHA-1:

d752848cadd88a00fc4f59c7e2947bf026d8d947

SHA-256:

cc7f9705b79ecb5ede1312eb982493dea519889902b12eee8869657ec3feb914

Scanner detections:

14 / 68

Status:

Malware

Analysis date:

6/3/2026 12:00:24 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Floxif.A

5813571

avast!

FloxLib-A [Trj]

151217-3

AVG

Win32/Floxif

2015.0.4489

Dr.Web

Win32.FloodFix.7

9.0.1.05190

Emsisoft Anti-Malware

Win32.Floxif

10.0.0.5366

ESET NOD32

Win32/Floxif.H virus

7.0.302.0

F-Prot

W32/Floxif.B

4.6.5.141

F-Secure

Win32.Floxif.A

5.15.21

McAfee

Trojan.Dropper-FIY!71E7C12A44CA

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.2081.0

Norman

Win32.Floxif.A

05.01.2016 09:44:05

Sophos

Virus 'W32/Floxif-C'

5.22

VIPRE Antivirus

Threat.4760052

46354

File size:

187.4 KB (191,935 bytes)

Product version:

7.1.80.1213

Original file name:

PIconStartup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\intel\intel(r) management engine components\imss\piconstartup.exe

File PE Metadata

Compilation timestamp:

7/3/2013 4:16:51 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:QQLB1p35VIplb2lQBV+UdE+rECWp7hKEc:1LB19IpRBV+UdvrEFp7hKEc

Entry address:

0x1468

Entry point:

E9, 62, 6B, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 18, E0, 40, 00, 89, 0D, 14, E0, 40, 00, 89, 15, 10, E0, 40, 00, 89, 1D, 0C, E0, 40, 00, 89, 35, 08, E0, 40, 00, 89, 3D, 04, E0, 40, 00, 66, 8C, 15, 30, E0, 40, 00, 66, 8C, 0D, 24, E0, 40, 00, 66, 8C, 1D, 00, E0, 40, 00, 66, 8C, 05, FC, DF, 40, 00, 66, 8C, 25, F8, DF, 40, 00, 66, 8C, 2D, F4, DF, 40, 00, 9C, 8F, 05, 28, E0, 40, 00, 8B, 45, 00, A3, 1C, E0, 40, 00, 8B, 45, 04, A3, 20, E0, 40, 00, 8D, 45, 08, A3, 2C, E0, 40... 
[+]

Entropy:

6.8820

Packer / compiler:

Xtreme-Protector v1.05

Code size:

37 KB (37,888 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

IMSS

Command:

"C:\Program Files\intel\intel(r) management engine components\imss\piconstartup.exe"

Remove PIconStartup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.