home

nvidia-physx_setup.exe

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from www.windows8downloads.com.
MD5:
d2926e4c0ba0c4f07f3df06856a94238

SHA-1:
afbd9adfec110ae656ba8f86de00c3884a9e763f

SHA-256:
082f09a7e2bf4a5f6ab1adda82b1ab2db4ee7335ad7ce83a83f10831b831b81d

Scanner detections:
27 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/26/2024 2:27:46 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.9863035
743

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
ADWARE/InstallCore.Gen7
7.11.109.134

Bitdefender
Trojan.Generic.9863035
1.0.20.115

Bkav FE
W32.Clod4ec.Trojan
1.3.0.4261

Comodo Security
Application.Win32.InstallCore.H
18076

Dr.Web
Trojan.Packed.24524
9.0.1.023

Emsisoft Anti-Malware
Trojan.Generic.9863035
8.15.01.23.05

ESET NOD32
Win32/InstallCore.CH (variant)
9.8968

F-Prot
W32/InstallCore.R.gen
v6.4.7.1.166

F-Secure
Trojan.Generic.9863035
11.2015-23-01_6

G Data
Trojan.Generic.9863035
15.1.24

IKARUS anti.virus
Backdoor.Hupigon
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.173.9994

Malwarebytes
PUP.Optional.Freemium.A
v2015.01.23.05

McAfee
Artemis!40367B34B471
5600.6877

MicroWorld eScan
Trojan.Generic.9863035
16.0.0.69

NANO AntiVirus
Riskware.Win32.InstallCore.dcnbcn
0.28.2.61349

Norman
InstallCore.RBUR
11.20150123

nProtect
Trojan.Generic.9863035
14.04.09.01

Panda Antivirus
PUP/MultiToolbar.A
15.01.23.05

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.15121

Sophos
Install Core Click run software
4.94

Trend Micro House Call
TROJ_GEN.F47V0913
7.2.23

Trend Micro
TROJ_GEN.R0CBC0EJP13
10.465.23

Vba32 AntiVirus
Downware.InstallCore
3.12.26.0

VIPRE Antivirus
InstallCore
22738

File size:
601.2 KB (615,608 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\nvidia-physx_setup.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:LMJfsGDae337Kq9Y7x4jCso64ImAdCYb5AMNdUKAPkQ8NpcyG7xgEzQzOF4UBEE:LMJfseacrKq9C4jCs2HECg5AMLnvG7uM

Entry address:
0x98CC

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8...
 
[+]

Entropy:
7.7535

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36 KB (36,864 bytes)

The file nvidia-physx_setup.exe has been seen being distributed by the following URL.

http://www.windows8downloads.com/.../windows8downloads_installer.exe

Scan nvidia-physx_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.