home

ip4600_service_tool.exe

IP4760468036801980MP198MX328MP245……通用维修程序

The executable ip4600_service_tool.exe has been detected as malware by 7 anti-virus scanners. The file has been seen being downloaded from sites.google.com and multiple other hosts.
Publisher:
Canon Inc.*  (Invalid match)

Product:
IP4760468036801980MP198MX328MP245……通用维修程序

Version:
1.050

MD5:
72b160a378071a08e75d6b7f6a5e0213

SHA-1:
498f0b6653f8d0c6fa70e02c8ddfa567c44b20f3

SHA-256:
bc0961889b7978f6b6748a3602f9a100950847a5c391115198656ace3a961967

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
12/28/2024 12:18:45 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Patched-ABE [Trj]
2014.9-140928

Bkav FE
W32.Clod56b.Trojan
1.3.0.4959

G Data
Win32.Trojan.Agent.3MD07V
14.9.24

IKARUS anti.virus
Win32.Patched.ABE
t3scan.1.7.5.0

McAfee
Artemis!72B160A37807
5600.6993

Qihoo 360 Security
Win32/Trojan.9ee
1.0.0.1015

ViRobot
Trojan.Win32.A.ShipUp.282624
2011.4.7.4223

File size:
276 KB (282,624 bytes)

Product version:
1.050

Copyright:
(C) Canon Inc. All rights reserved.

Original file name:
ServiceTool.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
3/24/2009 4:18:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:cROt9UPqh/M5J8c+T+0q1vgw7WEIzgA+SkEP:/tCPqh0v8c+TrIg3O7EP

Entry address:
0x112F7

Entry point:
6A, 60, 68, 30, F0, 42, 00, E8, 61, 0D, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 61, FE, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, E8, B2, 42, 00, 8B, 4E, 10, 89, 0D, 08, B5, 43, 00, 8B, 46, 04, A3, 14, B5, 43, 00, 8B, 56, 08, 89, 15, 18, B5, 43, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 0C, B5, 43, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 0C, B5, 43, 00, C1, E0, 08, 03, C2, A3, 10, B5, 43, 00, 33, F6, 56, 8B, 3D, 48, B2, 42, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Entropy:
6.1624

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
168 KB (172,032 bytes)

The file ip4600_service_tool.exe has been seen being distributed by the following 3 URLs.

https://sites.google.com/site/.../mx328_ServiceModeToolsVersion1.050.exe

http://dc624.4shared.com/download/.../Canon_MP198.exe

http://api.4shared.com/.../djpXPD-j?tsid=20150704-041313-680a24a6&dsid=c12kt.6f00b5f58234521cab72a75a1fb46399&sbsr=bfb3628efb154f00bec0221969c305c11373f1e8b6ae2f3e&forDownloadHelper=true&lgfp=8000&dsid=c12kt.6f00b5f58234521cab72a75a1fb46399

Remove ip4600_service_tool.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.