home

ravcpl64.exe

Диспетчер Realtek HD

Realtek Semiconductor Corp

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘RTHDVCPL’.
Publisher:
Realtek Semiconductor  (signed by Realtek Semiconductor Corp)

Product:
Диспетчер Realtek HD

Version:
1, 0, 0, 910

MD5:
85e997b71f03c6855cda828149ee8ec3

SHA-1:
980ffefe54eefcc03c80f27b8f101c61d5a897b2

SHA-256:
8697df62f8a5b0dbf1def01770a3aa7a34102de5b4c0b724494d71929a0da8f3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 4:21:03 AM UTC  (today)

File size:
13 MB (13,662,936 bytes)

Product version:
1, 0, 0, 910

Copyright:
2013 (c) Realtek Semiconductor. All rights reserved.

Original file name:
RtHDVCpl.exe

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\realtek\audio\hda\ravcpl64.exe

Digital Signature
Signed by:
Realtek Semiconductor Corp

Authority:
VeriSign, Inc.

Valid from:
5/13/2013 11:00:00 AM

Valid to:
7/12/2016 10:59:59 AM

Subject:
CN=Realtek Semiconductor Corp, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Realtek Semiconductor Corp, L=Hsinchu, S=Taiwan, C=TW

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
13222A5DCCF716DF5AF9C87084412DD9

File PE Metadata
Compilation timestamp:
10/24/2013 4:53:41 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
98304:0ber6q8zEUMCwjeVA8LsKv2ZwmIRrWmtslQ7OMCToaLGJxBRPIp2zocB9ewfCcaT:Aq8zhwjeFT3Ymt2yOHTHaxRWcKSaT

Entry address:
0x20CD70

Entry point:
48, 83, EC, 28, E8, 87, 72, 00, 00, 48, 83, C4, 28, E9, 0E, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8D, 05, 7F, 03, 04, 00, 8B, DA, 48, 8B, F9, 48, 89, 01, E8, 12, 73, 00, 00, F6, C3, 01, 74, 08, 48, 8B, CF, E8, E9, 4D, FC, FF, 48, 8B, C7, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, C3, CC, CC, CC, CC, CC, CC, CC, 4C, 8D, 41, 11, 48, 83, C2, 11, 4C, 2B, C2, 66, 90, 66, 66, 90, 0F, B6, 0A, 42, 0F, B6, 04, 02, 2B, C8, 75, 08, 48, 83, C2, 01...
 
[+]

Code size:
2.2 MB (2,355,712 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
RTHDVCPL

Command:
"C:\Program Files\realtek\audio\hda\ravcpl64.exe" -s


Scan ravcpl64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.