» RtHDVCpl.exe
Overview
Analysis
File Details

RtHDVCpl.exe

Microsoft Windows Operating System

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable RtHDVCpl.exe has been detected as malware by 23 anti-virus scanners.

File name:

RtHDVCpl.exe

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Microsoft® Windows® Operating System

Version:

6.1.0

MD5:

ba5bcc150494b05e4cffa173c272c7f5

SHA-1:

541dd8e30d4fc662cb5d4d2c9db87c5caab8415a

SHA-256:

7c8088412693e4da64131071f2de58f94721b085e3a47864aefc942a7374ca64

Scanner detections:

23 / 68

Status:

Malware

Analysis date:

4/25/2024 7:09:49 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1920524

838

AegisLab AV Signature

Troj.W32.Gen

2.1.4+

Agnitum Outpost

Trojan.Injector

7.1.1

Avira AntiVirus

TR/Injector.ezg.50

7.11.179.140

avast!

Win32:Malware-gen

2014.9-141019

AVG

MSIL5

2015.0.3316

Baidu Antivirus

Trojan.MSIL.Injector

4.0.3.141019

Bitdefender

Trojan.GenericKD.1920524

1.0.20.1460

Dr.Web

Trojan.DownLoader9.28526

9.0.1.0292

Emsisoft Anti-Malware

Trojan.GenericKD.1920524

8.14.10.19.10

ESET NOD32

MSIL/Injector.EZG (variant)

8.10586

Fortinet FortiGate

MSIL/EZG!tr

10/19/2014

F-Secure

Trojan.GenericKD.1920524

11.2014-19-10_1

G Data

Trojan.GenericKD.1920524

14.10.24

IKARUS anti.virus

Trojan.MSIL.BitMiner

t3scan.1.7.8.0

Kaspersky

Trojan.MSIL.BitMiner

14.0.0.3075

McAfee

RDN/Generic.dx!dgf

5600.6972

MicroWorld eScan

Trojan.GenericKD.1920524

15.0.0.876

NANO AntiVirus

Trojan.Win32.Injector.dgurob

0.28.2.62671

nProtect

Trojan.GenericKD.1920524

14.10.19.01

Qihoo 360 Security

HEUR/Malware.QVM03.Gen

1.0.0.1015

Rising Antivirus

PE:Trojan.Win32.Generic.176B114F!392892751

23.00.65.141017

Sophos

Mal/Generic-S

4.98

File size:

346 KB (354,304 bytes)

Product version:

6.1.0

Original file name:

RtHDVCpl.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\tv8p6d6g\rthdvcpl.exe

File PE Metadata

Compilation timestamp:

10/12/2014 12:27:33 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:GCD7NL5QQ1iy6OeWPa4MTBSx4z82zN+b1/yYeJP1s0GCM0R3vtP2jUs1eUBPtLEp:7ZL5QSiyvCXVSx4zu1aPMhCM0JvtejFZ

Entry address:

0x57A46

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.9478

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

343 KB (351,232 bytes)

Remove RtHDVCpl.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.