» igfxext.exe
Overview
Analysis
File Details
Behaviors (1)

igfxext.exe

TRADE-VAN

The executable igfxext.exe has been detected as malware by 7 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘igfxext.exe’.

File name:

igfxext.exe

Publisher:

TRADE-VAN (signed and verified)

MD5:

6fa065cb47ec4100378b82a6d9bda729

SHA-1:

9925c1eb09590deacc735f83a1fe4e4ed5b2cf60

SHA-256:

978bd4c98d01a9fc541d7b751e0db10890f80d35a02fd8653da5804f3e2d2614

Scanner detections:

7 / 68

Status:

Malware

Analysis date:

4/26/2024 11:39:58 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

avast!

Win32:Malware-gen

160518-2

Dr.Web

Trojan.Click2.42623

9.0.1.05190

Emsisoft Anti-Malware

Gen:Heur.Jatif.43

11.5.0.6191

ESET NOD32

Win32/Agent.SEL trojan

8.0.319.0

F-Prot

W32/Dropper.6!Generic

4.6.5.141

Microsoft Security Essentials

Threat.Undefined

1.225.1489.0

Norman

Gen:Win32.ProcessHijack.dmX@ay6mOmn

28.05.2016 15:32:18

File size:

54.8 KB (56,088 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\microsoft\display\igfxext.exe

Digital Signature

Signed by:

TRADE-VAN

Authority:

TAIWAN-CA.COM Inc.

Valid from:

7/2/2010 12:04:05 PM

Valid to:

7/17/2011 9:29:59 PM

Subject:

CN=www.esupplychain.com.tw, OU=TRADE-VAN, O=TRADE-VAN, L=Taipei, S=Taipei, C=TW

Issuer:

CN=TaiCA Secure CA, OU=SSL Certification Service Provider, O=TAIWAN-CA.COM Inc., C=TW

Serial number:

65C80810

File PE Metadata

Compilation timestamp:

9/29/2010 7:21:07 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

768:JQwLYEx/UFrTgBDq5ELXq1rhPb0l4L2H/wz7gAWMVhOrkgYk:awN/UFrTaD+ELoOlU24zdWUOrzYk

Entry address:

0x190B

Entry point:

55, 8B, EC, 6A, FF, 68, 00, 51, 40, 00, 68, 58, 2F, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 58, 50, 40, 00, 33, D2, 8A, D4, 89, 15, A4, C9, 40, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, A0, C9, 40, 00, C1, E1, 08, 03, CA, 89, 0D, 9C, C9, 40, 00, C1, E8, 10, A3, 98, C9, 40, 00, 6A, 01, E8, C0, 02, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, 17, 14, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75... 
[+]

Entropy:

5.5502

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

16 KB (16,384 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

igfxext.exe

Command:

C:\users\{user}\appdata\roaming\microsoft\display\igfxext.exe \263

Remove igfxext.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.