home

IGFXPERS.EXE

Intel Common User Interface

Intel Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Persistence’.
Publisher:
Intel Corporation

Product:
Intel(R) Common User Interface

Description:
persistence Module

Version:
8.15.10.1986

MD5:
ef09a457090ead765e3382cbc8ca8fec

SHA-1:
8e1012973b1cee810d7c640b35b426b10f109961

SHA-256:
449e1d53843c62f225d3daf53ee7cecceb137a19863f40d060ec20537b8b8035

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
5/6/2024 11:39:17 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Boost by Reason
Optional.IntelCorporation.Startup
188838

File size:
3.4 MB (3,591,192 bytes)

Product version:
8.15.10.1986

Copyright:
Copyright 1999-2006, Intel Corporation

Original file name:
IGFXPERS.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\igfxpers.exe

File PE Metadata
Compilation timestamp:
10/30/2009 11:44:31 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:N6rRtbnfGFAWMCiMZGSUTM7/QMURjkjc/IL/3GGzrtDjoNje2yEzttN:krRtbeFAlMZGnTy9UdkjhTntXoSy

Entry address:
0x1219C

Entry point:
60, 89, F8, 76, 0B, C7, C0, C8, 58, 7A, B5, 2D, E1, CD, E1, 68, 0C, 82, 69, D9, B8, A6, AB, 54, F6, C6, E4, 72, 09, 0F, AF, F8, 81, FB, D3, 4A, 18, 9A, 84, F9, 81, FE, DE, DD, 00, 00, F7, C7, C7, 4E, DF, C7, 2B, C0, 68, 6A, D0, 89, 00, 51, 0F, AF, D2, 8A, E8, 8B, C8, EB, 07, 8D, 2D, 93, 10, D1, 21, 4F, F6, C7, DD, 84, F4, E8, 1F, 00, 00, 00, 69, FF, 0F, 28, 4F, 1E, C7, C6, 9C, 68, B3, 45, C6, C1, 5E, 34, B8, 8D, 15, EC, AC, 00, 00, 8B, C6, 81, F2, F6, 00, 00, 00, 5B, 3B, F3, 78, 09, 0F, BF, C0, 8D, 3D, DE...
 
[+]

Entropy:
0.7596

Code size:
125 KB (128,000 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Persistence

Command:
C:\Windows\System32\igfxpers.exe


Scan IGFXPERS.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.