• THAILAND on Sep 24 2007
• The UNITED STATES on Jun 20 2007
• SWEDEN on Jun 19 2007
• MALAYSIA on Sep 21 2007

The most common file size is 27,136 bytes. But the following file sizes have also been seen:

• 27,648 bytes
• 31,232 bytes

The filename is associated with the malware group Trojan.Zlob.Some files using the name IESMN.EXE are also associated with the malware group:

• Generic.Dropper.xCodec

IESMN.EXE has been seen to perform the following behavior(s):

• Executes a Process
• Enables an In Process Object/Server - Common with DLL Injections
• Creation and Registration of a Browser Helper Object in Internet Explorer
• This Process Creates Other Processes On Disk
• Modifies System Runtime Policies to limit system usability
• Changes the Internet Explorer Search Page
• The Process is packed and/or encrypted using a software packing process
• Registers a Dynamic Link Library File
• Changes the Internet Explorer Home Page Settings
• Writes to another Process's Virtual Memory (Process Hijacking)
• This Process Deletes Other Processes From Disk
• Adds Products to the system registry
• The process hooks code into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents

IESMN.EXE has been the subject of the following behavior(s):

• Executed as a Process
• Deleted as a process from disk
• Created as a process on disk
• Terminated as a Process
• Has code inserted into its Virtual Memory space by other programs

IESMN.EXE can also use the following file names:

• 88077767.EXE
• 50959257.EXE
• 04761633.EXE
• 31774241.EXE
• 24749095.EXE
• 74942218.EXE
• IESMN.EXE__DELETE_ON_REBOOT
• IESMN.EX
• 70686574.EXE
• 63896694.EXE
• 44180351.EXE
• PANCH/VIDEO ACTIVEX ACCESS/IESMN.EXE
• INFECTED.A0029441.EXE
• 42566259.EXE
• 25266327.EXE
• 04998496.EXE