× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 87f6bfad66a50eb98b61c6021a0edcd943fcb0d98fb35273468f7623d220b48c
File name: nvDaemon
Detection ratio: 0 / 65
Analysis date: 2018-04-12 05:24:21 UTC ( 11 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware 20180412
AegisLab 20180412
AhnLab-V3 20180411
Alibaba 20180411
ALYac 20180412
Arcabit 20180412
Avast 20180412
Avast-Mobile 20180411
AVG 20180412
Avira (no cloud) 20180411
AVware 20180412
Baidu 20180411
BitDefender 20180412
Bkav 20180410
CAT-QuickHeal 20180411
ClamAV 20180412
CMC 20180411
Comodo 20180412
CrowdStrike Falcon (ML) 20170201
Cybereason None
Cylance 20180412
Cyren 20180412
DrWeb 20180412
eGambit 20180412
Emsisoft 20180412
Endgame 20180403
ESET-NOD32 20180412
F-Prot 20180412
F-Secure 20180412
Fortinet 20180412
GData 20180412
Sophos ML 20180121
Jiangmin 20180411
K7AntiVirus 20180411
K7GW 20180411
Kaspersky 20180411
Kingsoft 20180412
Malwarebytes 20180411
MAX 20180412
McAfee 20180411
McAfee-GW-Edition 20180411
Microsoft 20180411
eScan 20180411
NANO-Antivirus 20180412
nProtect 20180411
Palo Alto Networks (Known Signatures) 20180412
Panda 20180411
Qihoo-360 20180412
Rising 20180412
SentinelOne (Static ML) 20180225
Sophos AV 20180412
SUPERAntiSpyware 20180412
Symantec 20180412
Symantec Mobile Insight 20180412
Tencent 20180412
TheHacker 20180410
TotalDefense 20180412
TrendMicro 20180412
TrendMicro-HouseCall 20180412
Trustlook 20180412
VBA32 20180411
VIPRE 20180412
ViRobot 20180412
Webroot 20180412
WhiteArmor 20180408
Yandex 20180411
Zillya 20180411
ZoneAlarm by Check Point 20180412
Zoner 20180412
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
(C) NVIDIA Corporation. All rights reserved.

Product NVIDIA Update Components
Original name daemonu.exe
Internal name nvDaemon
File version 1.5.20.0
Description NVIDIA Settings Update Manager
Signature verification Signed file, verified signature
Signing date 6:04 PM 9/22/2011
Signers
[+] NVIDIA Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 9/2/2011
Valid to 12:59 AM 9/2/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 579AEC4489A2CA8A2A09DF5DC0323634BD8B16B7
Serial number 43 BB 43 7D 60 98 66 28 6D D8 39 E1 D0 03 09 F5
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-09-22 17:01:52
Entry Point 0x00060288
Number of sections 4
PE sections
Overlays
MD5 e391a8117e933bb5c74501319720b9ab
File type data
Offset 2244608
Size 8512
Entropy 7.33
PE imports
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
ExitProcess
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
SetEvent
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
OutputDebugStringW
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
SetLastError
GetSystemTime
ReadConsoleInputA
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
LoadLibraryA
RaiseException
EnumSystemLocalesA
SetConsoleCtrlHandler
GetVolumeInformationW
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
FormatMessageA
CreateEventW
CreateThread
SetEnvironmentVariableW
CreateSemaphoreW
CreateMutexW
GetSystemDirectoryA
SetEnvironmentVariableA
GlobalMemoryStatus
SetUnhandledExceptionFilter
WriteConsoleA
GetModuleHandleExW
SetEndOfFile
GetVersion
GetProcAddress
SleepEx
WriteConsoleW
HeapFree
EnterCriticalSection
PeekNamedPipe
SetHandleCount
SetConsoleMode
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
ExitThread
FreeLibrary
GetStartupInfoA
SystemTimeToFileTime
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
CreateFileMappingW
CompareStringW
RemoveDirectoryW
GetFileInformationByHandle
FindNextFileW
GetModuleHandleA
InterlockedIncrement
CompareStringA
FindFirstFileW
IsValidLocale
lstrcmpW
WaitForMultipleObjects
ExpandEnvironmentStringsA
GetTimeZoneInformation
CreateFileW
GetNumberOfConsoleInputEvents
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GetLastError
FlushConsoleInputBuffer
LCMapStringW
HeapCreate
lstrlenA
GetConsoleCP
LCMapStringA
GetProcessTimes
GetThreadLocale
GetEnvironmentStringsW
lstrlenW
GetCPInfo
VirtualFree
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
SetFileTime
GetCurrentDirectoryA
HeapSize
GetCommandLineA
InterlockedCompareExchange
GetCurrentThread
QueryPerformanceFrequency
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
FindFirstFileA
CloseHandle
OpenMutexW
PeekConsoleInputA
GetACP
GetModuleHandleW
GetFileAttributesExW
IsValidCodePage
UnmapViewOfFile
WriteFile
CreateProcessW
Sleep
TerminateProcess
SetThreadPriority
VirtualAlloc
GetOEMCP
ResetEvent
GetModuleBaseNameA
GetDesktopWindow
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
WinHttpSetOption
WinHttpConnect
WinHttpQueryHeaders
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpSendRequest
CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitialize
StringFromGUID2
Number of PE resources by type
RT_ICON 11
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 14
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.5.20.0

UninitializedDataSize
0

LanguageCode
Unknown (0009)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
622592

EntryPoint
0x60288

OriginalFileName
daemonu.exe

MIMEType
application/octet-stream

LegalCopyright
(C) NVIDIA Corporation. All rights reserved.

FileVersion
1.5.20.0

TimeStamp
2011:09:22 18:01:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
nvDaemon

ProductVersion
1.5.20.0

FileDescription
NVIDIA Settings Update Manager

OSVersion
4.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
NVIDIA Corporation

CodeSize
1617920

ProductName
NVIDIA Update Components

ProductVersionNumber
1.5.20.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 03fac29eed869029d5b000805de2de57
SHA1 77d4f5443916b096eb45fc11eb3a4fc7a6cccc5f
SHA256 87f6bfad66a50eb98b61c6021a0edcd943fcb0d98fb35273468f7623d220b48c
ssdeep
49152:u5YDGm/ROPUSCl84EGRXuUjXnXqbA3UXf0DTtpnbDFKBeR:u5YDGm/ROPXuBlXuULn6pXMbNKBeR

authentihash cfb845d1a5065c07fd8f262d6f8b2248841c64082876006d1cb08a54a84082ed
imphash d2a82ff9ef11ee91bf435655bbb630e6
File size 2.1 MB ( 2253120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (37.8%)
Win64 Executable (generic) (33.4%)
Windows screen saver (15.8%)
Win32 Executable (generic) (5.4%)
OS/2 Executable (generic) (2.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2011-10-12 15:05:53 UTC ( 7 years, 5 months ago )
Last submission 2014-03-28 11:55:41 UTC ( 4 years, 12 months ago )
File names nvDaemon
vt-upload-sYmAQZ
file-2931828_exe
daemonu.exe
daemonu.exe
daemonu.exe
daemonu.exe
daemonu.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs