home

nWiz.exe

NVIDIA nView Wizard, Version 140.84

NVIDIA Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘nwiz’.
Publisher:
NVIDIA Corporation  (signed and verified)

Product:
NVIDIA nView Wizard, Version 140.84

Version:
6.14.10.14084

MD5:
01a6164b547454e57f9ae37994b15bcb

SHA-1:
8fdeaeab32aec3405f7ea0b7512e587af349e76f

SHA-256:
27c64ed6ed8236fc7348a159e9dd322018256e32be74a0045c48195a36e5d741

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 2:17:39 AM UTC  (today)

File size:
2.5 MB (2,623,264 bytes)

Product version:
6.14.10.14084

Copyright:
(C) NVIDIA Corporation. All rights reserved.

Original file name:
nWiz.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\nvidia corporation\nview\nwiz.exe

Digital Signature
Signed by:
NVIDIA Corporation

Authority:
VeriSign, Inc.

Valid from:
9/2/2011 12:00:00 AM

Valid to:
9/1/2014 11:59:59 PM

Subject:
CN=NVIDIA Corporation, OU=Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=NVIDIA Corporation, L=Santa Clara, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
43BB437D609866286DD839E1D00309F5

File PE Metadata
Compilation timestamp:
10/10/2013 10:01:35 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:T8id/3gvOgyOAeamptksq/vuuDqQ6a32WgJhjJHTrmhBeN:oyYtaGJPYBeN

Entry address:
0x3E980

Entry point:
E8, 6F, BE, 00, 00, E9, 78, FE, FF, FF, 8B, C1, 83, 60, 04, 00, 83, 60, 08, 00, C7, 00, 94, 66, 47, 00, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 56, 57, 8B, F9, C7, 07, 94, 66, 47, 00, 8B, 03, 85, C0, 74, 26, 50, E8, 46, BF, 00, 00, 8B, F0, 46, 56, E8, E0, DC, FF, FF, 59, 59, 89, 47, 04, 85, C0, 74, 12, FF, 33, 56, 50, E8, B5, BE, 00, 00, 83, C4, 0C, EB, 04, 83, 67, 04, 00, C7, 47, 08, 01, 00, 00, 00, 8B, C7, 5F, 5E, 5B, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, C1, 8B, 4D, 08, C7, 00, 94, 66, 47, 00, 8B, 09...
 
[+]

Code size:
448.5 KB (459,264 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
nwiz

Command:
C:\Program Files\nvidia corporation\nview\nwiz.exe \installquiet


Scan nWiz.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.