File Investigation Report
IMAPD.EXE
SpywareIt is possible that your PC could be infected. The file name IMAPD.EXE is used by both safe and unsafe programs.
You should urgently check your PC to make sure it is not infected. The free version of Prevx will scan your PC in less than two minutes and check for millions of spyware and malware infections including IMAPD.EXE. Don't put your confidential data, or your identity at risk, check your PC now with Prevx.
Associated Malware Groups
The unsafe files using this name are associated with the malware group:
- Spyware
File Behavior
IMAPD.EXE has been seen to perform the following behavior:
- The Process is packed and/or encrypted using a software packing process
- Executes a Process
- The process hooks code into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents
- Can communicate with other computer systems using HTTP protocols
- Registers a Dynamic Link Library File
- Makes outbound connections to other computers using NETBIOSOUT protocols
- Adds products to the system registry
- Modifies System Runtime Policies to limit system usability
- This Process Deletes Other Processes From Disk
- Creates system tray popups, messages, errors and security warnings
- Found on infected systems and resists interrogation by security products
- Can Send email using SMTP protocols
- This Process sends MIME Email
- This Process Contains User Mode Rootkit Functionality and can hide itself from the running process list
- Adds a Registry Key (RUN) to auto start Programs on system start up
- Uses low level functions to hide itself from the user and from system/security processes
IMAPD.EXE has been the subject of the following behavior:
- Executed as a Process
- Created as a process on disk
- Has code inserted into its Virtual Memory space by other programs
- Deleted as a process from disk
- Terminated as a Process
- Copied to multiple locations on the system
- Registered as a Dynamic Link Library File
Country Of Origin
The filename IMAPD.EXE was first seen on Jun 7 2007 in the following geographical regions of the Prevx community:
- Europe on Jun 7 2007
- Spain on Jun 7 2007
- Nepal on Dec 26 2007
- India on Dec 26 2007
- on May 17 2008
File Name Aliases
IMAPD.EXE can also use the following file names:
- LXSASS.EXE
- WSKRNL.EXE
- SRVPRC.EXE
- SYSWIN.EXE
- VXDKRN.EXE
- 70997508.EX
- 30335981.EXE
- 17838983.SVD
Filesizes
The following file size has been seen:
- 550,400 bytes
- 620,032 bytes
- 958,464 bytes
File Type
The filename IMAPD.EXE is used by multiple object types including executable programs,objects.
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.