» igfxupdate.exe
Overview
Analysis
File Details
Network (2)

igfxupdate.exe

Intel Graphics Properties

The application igfxupdate.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. While running, it connects to the Internet address static.176.102.76.144.clients.your-server.de on port 8332.

File name:

igfxupdate.exe

Publisher:

Intel Corporation* (Invalid match)

Product:

Intel Graphics Properties

Description:

Updater service

Version:

8.15.10.2622

MD5:

f5830e8d8a81e83c59b497e660fb5827

SHA-1:

3183ee1b1409d09253f7f147d20e0295cd54d281

SHA-256:

08454ff5800e6d9fd6ef868f27d7123981b909d61e896d7934b6988dac6d5e79

Scanner detections:

19 / 68

Status:

Potentially unwanted

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

7/14/2025 4:56:47 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.BitCoinMiner

7.1.1

Avira AntiVirus

TR/Dldr.Agent.269312

7.11.113.214

avast!

Win32:Downloader-RIF [Trj]

2014.9-131228

Baidu Antivirus

BitCoinMiner.Win32.O potentially unsafe

4.0.3.131228

Bitdefender

Gen:Variant.Kazy.134753

1.0.20.1810

Comodo Security

UnclassifiedMalware

17276

Emsisoft Anti-Malware

Gen:Variant.Kazy.134753

8.13.12.28.06

ESET NOD32

Win32/BitCoinMiner (variant)

7.9053

Fortinet FortiGate

W32/BitCoinMiner.O

12/28/2013

F-Secure

Gen:Variant.Kazy.134753

11.2013-28-12_7

G Data

Gen:Variant.Kazy.134753

13.12.22

IKARUS anti.virus

Win32.SuspectCrc

t3scan.2.2.29

McAfee

RDN/Generic PUP.x!b2r

5600.7267

MicroWorld eScan

Gen:Variant.Kazy.134753

14.0.0.1086

Norman

Troj_Generic.GRNVY

11.20131228

Panda Antivirus

Trj/Genetic.gen

13.12.28.06

Trend Micro House Call

TROJ_GEN.R0CBC0PK813

7.2.362

Trend Micro

TROJ_GEN.R0CBC0PK813

10.465.28

VIPRE Antivirus

Trojan.Win32.Generic

23390

File size:

263 KB (269,312 bytes)

Product version:

8.15.10.2622

Trademarks:

Intel

Original file name:

igfxupdate.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Windows\System32\igfxupdate.exe

File PE Metadata

Compilation timestamp:

10/9/2012 11:40:55 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

6144:fhoQOF0VwzV7DJ4THj0fxlB9IdpHS8pQUPBJ:fKQOF3F8Hj0ZlB9kpy8pd

Entry address:

0x12A0

Entry point:

83, EC, 1C, C7, 04, 24, 02, 00, 00, 00, FF, 15, 2C, 42, 44, 00, E8, 4B, FD, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, A1, 44, 42, 44, 00, FF, E0, 89, F6, 8D, BC, 27, 00, 00, 00, 00, A1, 38, 42, 44, 00, FF, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, 60, 43, 00, E8, E6, 46, 02, 00, 52, 85, C0, 74, 65, C7, 44, 24, 04, 13, 60, 43, 00, 89, 04, 24, E8, D9, 46, 02, 00, 83, EC, 08, 85, C0, 74, 11, C7, 44, 24, 04, 08, 30, 44, 00, C7, 04, 24, B8, A0, 43, 00, FF, D0, 8B... 
[+]

Code size:

189 KB (193,536 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to static.45.38.9.5.clients.your-server.de (5.9.38.45:8332)

TCP:

Connects to static.176.102.76.144.clients.your-server.de (144.76.102.176:8332)

Remove igfxupdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.