home

igfxext.exe

TRADE-VAN

The executable igfxext.exe has been detected as malware by 31 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘igfxext.exe’.
Publisher:
TRADE-VAN  (signed and verified)

MD5:
8e4ec3a336622d25dec1bea3106a725b

SHA-1:
924439934c70263a59dd0fd93e4db80954a0a27d

SHA-256:
53279ad39e63e67d5291bf217867357c6458a64306a574e3ec299058b54dd1de

Scanner detections:
31 / 68

Status:
Malware

Analysis date:
4/19/2024 2:15:34 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.7840876
181

Agnitum Outpost
Trojan.Injector
7.1.1

Avira AntiVirus
TR/Agent.60184.5
7.11.142.76

avast!
Win32:Malware-gen
2014.9-160807

AVG
Win32/DH{Exd+UIEHeVRPFVEcU3x9MCAiJQ}
2017.0.2659

Bitdefender
Trojan.Generic.7840876
1.0.20.1100

Bkav FE
W32.Clodfc4.Trojan
1.3.0.4959

Comodo Security
UnclassifiedMalware
18076

Dr.Web
Trojan.Click2.41018
9.0.1.0220

Emsisoft Anti-Malware
Trojan.Generic.7840876
8.16.08.07.07

ESET NOD32
Win32/Agent.SEL
10.9658

Fortinet FortiGate
W32/Inject.WKD!tr
8/7/2016

F-Prot
W32/Dropper.6!Generic
v6.4.7.1.166

F-Secure
Trojan.Generic.7840876
11.2016-07-08_1

G Data
Trojan.Generic.7840876
16.8.24

IKARUS anti.virus
Trojan.Win32.Webprefix
t3scan.1.6.1.0

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-212

McAfee
Generic Dropper.cx
5600.6315

Microsoft Security Essentials
TrojanDownloader:Win32/Nemim.gen!A
1.10401

MicroWorld eScan
Trojan.Generic.7840876
17.0.0.660

NANO AntiVirus
Trojan.Win32.Agent2.bcfrjh
0.28.0.59048

Norman
Malware
11.20160807

nProtect
Trojan.Generic.7840876
14.04.09.01

Panda Antivirus
Generic Malware
16.08.07.07

Qihoo 360 Security
HEUR/Malware.QVM07.Gen
1.0.0.1015

Quick Heal
TrojanDownloader.Nemim
8.16.12.00

Sophos
Mal/Behav-009
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Injector
8974

Trend Micro House Call
Cryp_Xin2
7.2.220

Trend Micro
Cryp_Xin2
10.465.07

VIPRE Antivirus
Trojan.Win32.Generic
28182

File size:
58.8 KB (60,184 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\microsoft\display\igfxext.exe

Digital Signature
Signed by:
TRADE-VAN

Authority:
TAIWAN-CA.COM Inc.

Valid from:
7/2/2010 12:04:05 PM

Valid to:
7/17/2011 9:29:59 PM

Subject:
CN=www.esupplychain.com.tw, OU=TRADE-VAN, O=TRADE-VAN, L=Taipei, S=Taipei, C=TW

Issuer:
CN=TaiCA Secure CA, OU=SSL Certification Service Provider, O=TAIWAN-CA.COM Inc., C=TW

Serial number:
65C80810

File PE Metadata
Compilation timestamp:
5/2/2012 1:30:01 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:ETLYWJHGLibjTkDTwxdXq1rhPb0lh6MIUYhqzUXAWfqTiEgYB:ETULibjTkD07oOlshURUQWfqTaYB

Entry address:
0x190B

Entry point:
55, 8B, EC, 6A, FF, 68, 00, 51, 40, 00, 68, 58, 2F, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 58, 50, 40, 00, 33, D2, 8A, D4, 89, 15, B4, D4, 40, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, B0, D4, 40, 00, C1, E1, 08, 03, CA, 89, 0D, AC, D4, 40, 00, C1, E8, 10, A3, A8, D4, 40, 00, 6A, 01, E8, C0, 02, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, 17, 14, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Entropy:
5.6476

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
16 KB (16,384 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
igfxext.exe

Command:
C:\users\{user}\appdata\roaming\microsoft\display\igfxext.exe \264


Remove igfxext.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.