× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 644694b0bf85fdea8affb8cb00acda647d173319bd8d82c97921203b825c8c90
File name: 644694b0bf85fdea8affb8cb00acda647d173319bd8d82c97921203b825c8c90
Detection ratio: 26 / 52
Analysis date: 2017-09-14 21:22:55 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.5983324 20170914
AegisLab Ml.Attribute.Gen!c 20170914
Avira (no cloud) TR/Crypt.ZPACK.wahyx 20170914
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170914
BitDefender Trojan.GenericKD.5983324 20170914
Comodo UnclassifiedMalware 20170914
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20170914
Cyren W32/Trojan.BBRO-7101 20170914
Emsisoft Trojan.GenericKD.5983324 (B) 20170914
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/GenKryptik.AVYE 20170914
Fortinet W32/GenKryptik.AVYE!tr 20170914
GData Win32.Trojan-Spy.Emotet.BV 20170914
Ikarus Trojan.Win32.Krypt 20170914
Sophos ML heuristic 20170914
Kaspersky Trojan.Win32.Dovs.qx 20170914
Malwarebytes Trojan.Emotet 20170914
MAX malware (ai score=100) 20170914
eScan Trojan.GenericKD.5983324 20170914
Panda Trj/GdSda.A 20170914
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Generic-S 20170914
Symantec Trojan.Gen.2 20170914
TrendMicro-HouseCall TROJ_GEN.R002C0WIE17 20170914
ZoneAlarm by Check Point Trojan.Win32.Dovs.qx 20170914
AhnLab-V3 20170914
Alibaba 20170911
ALYac 20170914
Antiy-AVL 20170914
Arcabit 20170914
Avast-Mobile 20170829
CAT-QuickHeal 20170914
ClamAV 20170914
CMC 20170914
DrWeb 20170914
Jiangmin 20170914
K7AntiVirus 20170914
K7GW 20170914
Kingsoft 20170914
NANO-Antivirus 20170914
nProtect 20170914
Palo Alto Networks (Known Signatures) 20170914
Qihoo-360 20170914
SUPERAntiSpyware 20170914
Symantec Mobile Insight 20170914
Tencent 20170914
TheHacker 20170911
TotalDefense 20170914
Trustlook 20170914
VBA32 20170914
ViRobot 20170914
WhiteArmor 20170829
Yandex 20170908
Zoner 20170914
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) NVIDIA Corporation. All rights reserved.

Product NVIDIA GeForce Experience
Original name nvspcap.dll
Internal name nvspcap
File version 2.11.4.1
Description NVIDIA Capture Server Proxy
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-13 16:21:26
Entry Point 0x0000101E
Number of sections 9
PE sections
PE imports
RegDeleteKeyW
PrintDlgW
ImmGetConversionStatus
GetFileTime
MoveFileExW
lstrlenA
VirtualQuery
lstrcpyA
ExitProcess
GetCommandLineA
GetProcessHeap
VarUI1FromStr
SysStringByteLen
NdrAllocate
PathIsUNCW
GetClipboardViewer
GetUserObjectInformationW
LoadAcceleratorsW
InternetQueryOptionW
waveOutGetErrorTextA
WTHelperCertIsSelfSigned
inet_addr
Number of PE resources by type
RT_BITMAP 15
RT_VERSION 1
Number of PE resources by language
ENGLISH US 16
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.11.4.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x101e

OriginalFileName
nvspcap.dll

MIMEType
application/octet-stream

LegalCopyright
(C) NVIDIA Corporation. All rights reserved.

FileVersion
2.11.4.1

TimeStamp
2017:09:13 17:21:26+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
nvspcap

ProductVersion
2.11.4.1

FileDescription
NVIDIA Capture Server Proxy

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
NVIDIA Corporation

CodeSize
122368

ProductName
NVIDIA GeForce Experience

ProductVersionNumber
2.11.4.1

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 e44d870530fcea89d212fc2ed3fe74bc
SHA1 1abe4cc5d3f69c570407bbf77c05ee65ce4f1b82
SHA256 644694b0bf85fdea8affb8cb00acda647d173319bd8d82c97921203b825c8c90
ssdeep
3072:ZTlNnEDxBKJek8/K74d8GBRAykSQ1w1O6wyzI:BlNEDxQJek8/KMd8GBRAytQa1O6wyz

authentihash be4f81eeaf72776021f0e4110d97bc1dddb880d2d81ccedd67eca88631886127
imphash 362a17b9bcb2fe55c3aa2a20d91789bf
File size 262.0 KB ( 268288 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-13 17:33:01 UTC ( 1 year, 3 months ago )
Last submission 2018-05-21 22:56:33 UTC ( 6 months, 4 weeks ago )
File names nvspcap
e44d870530fcea89d212fc2ed3fe74bc.vir
db56YNsC.exe
nvspcap.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!