home

ppzoxy97cre2.exe

Windows Internet Explorer

Prof Assist

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable ppzoxy97cre2.exe, “Internet Low-Mic Utility Tool” has been detected as malware by 1 anti-virus scanner.
Publisher:
Microsoft Corporation  (signed by Prof Assist)

Product:
Windows® Internet Explorer

Description:
Internet Low-Mic Utility Tool

Version:
8.00.7600.16385 (win7_rtm.090713-1255)

MD5:
d6c8dea32721a8fdd995ab18753ac613

SHA-1:
8807ec746b88542b605c870605e41de952b1c2d4

SHA-256:
22b8a6785e99637481bee2c0b0b1e0e3c4232ab61ac0951f97ed2b6188ad682f

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
1/1/2025 1:11:46 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.13.15

File size:
673.5 KB (689,648 bytes)

Product version:
8.00.7600.16385

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
ielowutil.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\ppzoxy97cre2.exe

Digital Signature
Signed by:
Prof Assist

Authority:
COMODO CA Limited

Valid from:
6/16/2016 2:00:00 AM

Valid to:
6/17/2017 1:59:59 AM

Subject:
CN=Prof Assist, O=Prof Assist, STREET="d. 2 kv. 34, ul.Vozdushnaya", L=Kaliningrad, S=Kaliningrad, PostalCode=236010, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2834FB06F20CE3ED975A64A6A9DC2F35

File PE Metadata
Compilation timestamp:
7/2/2016 5:09:57 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x1030

Entry point:
55, 8B, EC, 81, EC, F0, 03, 00, 00, 8B, 45, E8, 2B, 45, F0, 89, 45, F0, 8B, 55, D4, 8B, 4D, F0, D3, E2, 89, 55, F8, FF, 15, F8, F0, 48, 00, 8B, 45, E0, C1, E0, 75, 89, 45, DC, 8B, 55, D4, 8B, 4D, CC, D3, EA, 89, 55, D0, 8B, 45, E4, 50, FF, 15, E0, F0, 48, 00, 8B, 4D, EC, 69, C9, FF, 92, 4C, 0A, 89, 4D, EC, 68, 4C, 00, 49, 00, FF, 15, C0, F0, 48, 00, 68, 58, 00, 49, 00, 8B, 55, D8, 52, FF, 15, E4, F0, 48, 00, 8B, 45, DC, 50, FF, 15, E0, F0, 48, 00, 8B, 4D, D4, 51, FF, 15, E8, F0, 48, 00, 68, 64, 00, 49, 00...
 
[+]

Entropy:
6.7009

Developed / compiled with:
Microsoft Visual C++

Code size:
566.5 KB (580,096 bytes)

Remove ppzoxy97cre2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.