» igfxext.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

igfxext.exe

TRADE-VAN

The executable igfxext.exe has been detected as malware by 35 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘igfxext.exe’. While running, it connects to the Internet address 58x158x177x102.ap58.ftth.ucom.ne.jp on port 80 using the HTTP protocol.

File name:

igfxext.exe

Publisher:

TRADE-VAN (signed and verified)

MD5:

fffc95fd31ee425dcbef8864b418bc00

SHA-1:

e0590525bcb4b2da5dd563822bb4f0b0e9eb9606

SHA-256:

1df398dd3fb6c0a447ab51c7173827c28eea17b473297a9621e860bf2954923c

Scanner detections:

35 / 68

Status:

Malware

Analysis date:

4/25/2024 3:11:55 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Heur.Jatif.43

380

Agnitum Outpost

Trojan.DR.Agent

7.1.1

AhnLab V3 Security

Trojan/Win32.Vundo

2016.01.06

Avira AntiVirus

TR/Agent.56088.5

8.3.2.4

Arcabit

Trojan.Jatif.43

1.0.0.642

avast!

Win32:Malware-gen

2014.9-160121

AVG

Agent4

2017.0.2858

Baidu Antivirus

Trojan.Win32.Agent

4.0.3.16121

Bitdefender

Gen:Heur.Jatif.43

1.0.20.105

Comodo Security

UnclassifiedMalware

23921

Dr.Web

Trojan.Click2.42623

9.0.1.021

Emsisoft Anti-Malware

Gen:Heur.Jatif.43

8.16.01.21.10

ESET NOD32

Win32/Agent.SEL

10.12825

Fortinet FortiGate

W32/Inject.WKD!tr

1/21/2016

F-Prot

W32/Dropper.6!Generic

v6.4.7.1.166

F-Secure

Gen:Heur.Jatif.43

11.2016-21-01_5

G Data

Gen:Heur.Jatif.43

16.1.25

IKARUS anti.virus

Trojan.Agent4

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.212.18331

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.783

McAfee

Generic Dropper.cx

5600.6514

Microsoft Security Essentials

TrojanDownloader:Win32/Nemim.gen!A

1.1.12400.0

MicroWorld eScan

Gen:Heur.Jatif.43

17.0.0.63

NANO AntiVirus

Trojan.Win32.Agent2.bcfrjh

1.0.14.5380

Panda Antivirus

Generic Malware

16.01.21.10

Qihoo 360 Security

Win32/Trojan.646

1.0.0.1077

Quick Heal

TrojanDownloader.Nemim.r3

1.16.14.00

Sophos

Mal/Behav-009

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Injector

9372

Total Defense

Win32/Remex.ZAZY!suspicious

37.1.62.1

Trend Micro House Call

Cryp_Xin2

7.2.21

Trend Micro

Cryp_Xin2

10.465.21

VIPRE Antivirus

Trojan.Win32.Generic

46298

ViRobot

Trojan.Win32.S.Agent.56088.B[h]

2014.3.20.0

Zillya! Antivirus

Trojan.Injector.Win32.156777

2.0.0.2595

File size:

54.8 KB (56,088 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\microsoft\display\igfxext.exe

Digital Signature

Signed by:

TRADE-VAN

Authority:

TAIWAN-CA.COM Inc.

Valid from:

7/1/2010 11:34:05 PM

Valid to:

7/17/2011 8:59:59 AM

Subject:

CN=www.esupplychain.com.tw, OU=TRADE-VAN, O=TRADE-VAN, L=Taipei, S=Taipei, C=TW

Issuer:

CN=TaiCA Secure CA, OU=SSL Certification Service Provider, O=TAIWAN-CA.COM Inc., C=TW

Serial number:

65C80810

File PE Metadata

Compilation timestamp:

9/28/2010 6:51:07 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

768:JWYLYEx/UFrTgBDq5ELXq1rhPb0l4L2H/wz7gAWMVhOrkgYk:kYN/UFrTaD+ELoOlU24zdWUOrzYk

Entry address:

0x190B

Entry point:

55, 8B, EC, 6A, FF, 68, 00, 51, 40, 00, 68, 58, 2F, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 58, 50, 40, 00, 33, D2, 8A, D4, 89, 15, A4, C9, 40, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, A0, C9, 40, 00, C1, E1, 08, 03, CA, 89, 0D, 9C, C9, 40, 00, C1, E8, 10, A3, 98, C9, 40, 00, 6A, 01, E8, C0, 02, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, 17, 14, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75... 
[+]

Entropy:

5.5501

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

16 KB (16,384 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

igfxext.exe

Command:

C:\users\{user}\appdata\roaming\microsoft\display\igfxext.exe \263

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 58x158x177x102.ap58.ftth.ucom.ne.jp (58.158.177.102:80)

Remove igfxext.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.