home

IOServer.exe

1y209PE37

The file IOServer.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from dl.cetaitlagrenouille.com.
Publisher:
1y209PE37

Product:
1y209PE37

Description:
1y209P

Version:
3.5.4.8

MD5:
43287e96c1314574661ab2a01fdd17b4

SHA-1:
881e895027ba9fa3331da2b58d5fbe066de99a5a

SHA-256:
52f72893e2b60df281b441f511159dccea33eee18b9d1df70c0e0525dffa4380

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/28/2024 1:51:19 AM UTC  (today)

Scan engine
Detection
Engine version

F-Secure
Riskware.Application.Bundler.Temonde
5.15.96

Reason Heuristics
Trojan.PPZ (M)
16.7.20.8

File size:
572 KB (585,728 bytes)

Product version:
3.5.4.8

Copyright:
1y209P2016

Trademarks:
1y20

Original file name:
IOServer.exe

Language:
Language Neutral

Common path:
C:\windows\temp\42c8.tmp

File PE Metadata
Compilation timestamp:
7/18/2016 7:23:31 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
48.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288://1VkoTAUmTdsg58rl2OzyH2QhZBMIBdsckgFNVZbo:/PkoG3852OzjQTBzdsckgFNzbo

Entry address:
0x5DE66

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.7272

Code size:
368 KB (376,832 bytes)

The file IOServer.exe has been seen being distributed by the following URL.

http://dl.cetaitlagrenouille.com/download/.../elansurfer-installer.exe

Remove IOServer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.