home

iedvutils.exe

Internet Explorer

Fengxia Cao

The application iedvutils.exe, “Internet Explorer assistant tool” by Fengxia Cao has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “ExplorerService”. While running, it connects to the Internet address server-54-192-203-232.fra50.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Fengxia Cao  (signed and verified)

Product:
Internet Explorer

Description:
Internet Explorer assistant tool

Version:
0.0.0.0

MD5:
7edd8227b3b11c7c1f778e3400cda09b

SHA-1:
d1fbde3af8c8b9884ca34f3825db6a9f60c13ace

SHA-256:
986d58b83bc16d87379855c4d487efea2969b25b240ff4bc6b9d6bc0b10a57aa

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 12:06:05 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Elex.FC (M)
17.3.15.11

File size:
87.2 KB (89,272 bytes)

Product version:
8.0.7600.16385

Copyright:
Microsoft Corporation. All rights reserved.

Original file name:
iedvutils.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\explorer\iedvutils.exe

Digital Signature
Signed by:
Fengxia Cao

Authority:
thawte, Inc.

Valid from:
1/9/2017 7:00:00 PM

Valid to:
10/13/2017 6:59:59 PM

Subject:
CN=Fengxia Cao, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
3B6536249C7E938DA013110B8048B326

File PE Metadata
Compilation timestamp:
3/14/2017 9:50:44 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x25F9

Entry point:
E8, 67, 24, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 7C, 22, 41, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, C8, 10, 41, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 7C, 22, 41, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00...
 
[+]

Code size:
35 KB (35,840 bytes)

Service
Display name:
ExplorerService

Service name:
iedvutils

Description:
System update service

Type:
Win32OwnProcess

Group:
SchedulerGroup


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-216-32.mrs50.r.cloudfront.net  (54.230.216.32:80)

TCP (HTTP):
Connects to server-54-192-36-131.jfk1.r.cloudfront.net  (54.192.36.131:80)

TCP (HTTP):
Connects to server-54-192-203-232.fra50.r.cloudfront.net  (54.192.203.232:80)

TCP (HTTP):
Connects to server-54-192-14-88.ams1.r.cloudfront.net  (54.192.14.88:80)

TCP (HTTP):
Connects to server-52-85-83-237.lax1.r.cloudfront.net  (52.85.83.237:80)

TCP (HTTP):
Connects to server-52-85-83-208.lax1.r.cloudfront.net  (52.85.83.208:80)

Remove iedvutils.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.