home

ravcpl64.exe

Gerenciador de áudio HD Realtek

Realtek Semiconductor Corp

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘RTHDVCPL’.
Publisher:
Realtek Semiconductor  (signed by Realtek Semiconductor Corp)

Product:
Gerenciador de áudio HD Realtek

Version:
1, 0, 0, 927

MD5:
23bfe9f1a871eb2520fb0978509e63ff

SHA-1:
30b5d202136924e67221333eea624fa6009d7c94

SHA-256:
0a47806d115400ee7a5e34de8ac3e61844f8d15dbe5801b898b4a52c29f2b7c4

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 12:01:25 PM UTC  (today)

File size:
13 MB (13,672,152 bytes)

Product version:
1, 0, 0, 927

Copyright:
2013 (c) Realtek Semiconductor. All rights reserved.

Original file name:
RtHDVCpl.exe

File type:
Executable application (Win64 EXE)

Language:
Brazilian Portuguese

Common path:
C:\Program Files\realtek\audio\hda\ravcpl64.exe

Digital Signature
Signed by:
Realtek Semiconductor Corp

Authority:
VeriSign, Inc.

Valid from:
5/12/2013 9:00:00 PM

Valid to:
7/11/2016 8:59:59 PM

Subject:
CN=Realtek Semiconductor Corp, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Realtek Semiconductor Corp, L=Hsinchu, S=Taiwan, C=TW

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
13222A5DCCF716DF5AF9C87084412DD9

File PE Metadata
Compilation timestamp:
5/9/2014 6:07:25 AM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
98304:2TdFyXeVA8LsKv2ZwmIRrWmtslQ7OMCToaLGJxBRPIp2zocB9IwfCcaYREyiN:MyeFT3Ymt2yOHTHaxRWcUSaT

Entry address:
0x20E380

Entry point:
48, 83, EC, 28, E8, 87, 72, 00, 00, 48, 83, C4, 28, E9, 0E, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8D, 05, 7F, FD, 03, 00, 8B, DA, 48, 8B, F9, 48, 89, 01, E8, 12, 73, 00, 00, F6, C3, 01, 74, 08, 48, 8B, CF, E8, D5, 4D, FC, FF, 48, 8B, C7, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, C3, CC, CC, CC, CC, CC, CC, CC, 4C, 8D, 41, 11, 48, 83, C2, 11, 4C, 2B, C2, 66, 90, 66, 66, 90, 0F, B6, 0A, 42, 0F, B6, 04, 02, 2B, C8, 75, 08, 48, 83, C2, 01...
 
[+]

Code size:
2.3 MB (2,361,344 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
RTHDVCPL

Command:
"C:\Program Files\realtek\audio\hda\ravcpl64.exe" -s


Scan ravcpl64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.