» igfxupdate.exe
Overview
Analysis
File Details
Network (2)

igfxupdate.exe

Intel Graphics Properties

The executable igfxupdate.exe has been detected as malware by 24 anti-virus scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. While running, it connects to the Internet address mail.wonderpatch.org on port 8332.

File name:

igfxupdate.exe

Publisher:

Intel Corporation* (Invalid match)

Product:

Intel Graphics Properties

Description:

Updater service

Version:

8.15.10.2622

MD5:

4c2b0369b42a7e4b0e1e3077956da98b

SHA-1:

20360c1e7d0a1f3e283124f87a1536793b85db1e

SHA-256:

7c558047df7337a545abc1fabb6d845447f5608d3eaddbe9a61077e1a028a020

Scanner detections:

24 / 68

Status:

Malware

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

7/14/2025 5:26:11 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Agent.AYXG

1020

Agnitum Outpost

Trojan.Agent

7.1.1

avast!

Win32:Crypt-OSV [Trj]

2014.9-140421

Baidu Antivirus

Trojan.Win32.Agent

4.0.3.14421

Bitdefender

Trojan.Agent.AYXG

1.0.20.555

Comodo Security

UnclassifiedMalware

17798

Emsisoft Anti-Malware

Trojan.Agent.AYXG

8.14.04.21.02

ESET NOD32

Win32/BitCoinMiner

8.9431

Fortinet FortiGate

W32/BitCoinMiner.O

4/21/2014

F-Secure

Trojan.Agent.AYXG

11.2014-21-04_2

G Data

Trojan.Agent.AYXG

14.4.24

IKARUS anti.virus

Trojan-Dropper.Agent

t3scan.2.2.29

K7 AntiVirus

Trojan

13.175.11177

McAfee

RDN/Generic PUP.x!bc3

5600.7154

MicroWorld eScan

Trojan.Agent.AYXG

15.0.0.333

nProtect

Trojan.Agent.AYXG

14.02.16.01

Panda Antivirus

Trj/CI.A

14.04.21.02

Qihoo 360 Security

Win32/Trojan.8c5

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

15.8.2.9

Rising Antivirus

PE:Trojan.Win32.Generic.14C6ADBE!348564926

23.00.65.14419

Sophos

Mal/Generic-S

4.97

Trend Micro House Call

TROJ_GEN.R0CBC0OFK13

7.2.111

Trend Micro

TROJ_GEN.R0CBC0OFK13

10.465.21

VIPRE Antivirus

Trojan.Win32.Generic

26538

File size:

263.5 KB (269,824 bytes)

Product version:

8.15.10.2622

Trademarks:

Intel

Original file name:

igfxupdate.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\windows\syswow64\igfxupdate.exe

File PE Metadata

Compilation timestamp:

11/14/2012 10:26:30 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

6144:g1hgI83rLrJ4THj0OANIXNAZ/19UPBSK:a27L8Hj0rNIds/1N

Entry address:

0x12A0

Entry point:

83, EC, 1C, C7, 04, 24, 02, 00, 00, 00, FF, 15, 34, 42, 44, 00, E8, 4B, FD, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, A1, 4C, 42, 44, 00, FF, E0, 89, F6, 8D, BC, 27, 00, 00, 00, 00, A1, 40, 42, 44, 00, FF, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, 60, 43, 00, E8, 06, 45, 02, 00, 52, 85, C0, 74, 65, C7, 44, 24, 04, 13, 60, 43, 00, 89, 04, 24, E8, F9, 44, 02, 00, 83, EC, 08, 85, C0, 74, 11, C7, 44, 24, 04, 08, 30, 44, 00, C7, 04, 24, B8, A0, 43, 00, FF, D0, 8B... 
[+]

Code size:

189 KB (193,536 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to static.45.38.9.5.clients.your-server.de (5.9.38.45:8332)

TCP:

Connects to mail.wonderpatch.org (144.76.102.176:8332)

Remove igfxupdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.