× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b1b63696c4a99f6dbb1eaaa751d635ad5cdbfa792981c40365b77399f3632662
File name: svchost.exe1
Detection ratio: 13 / 70
Analysis date: 2019-02-24 21:48:07 UTC ( 3 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190222
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20181023
Cybereason malicious.e5f5f0 20190109
Cylance Unsafe 20190224
eGambit PE.Heur.InvalidSig 20190224
Endgame malicious (high confidence) 20190215
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 700000121 ) 20190224
K7GW Trojan ( 700000121 ) 20190224
Qihoo-360 HEUR/QVM03.0.735B.Malware.Gen 20190224
SentinelOne (Static ML) static engine - malicious 20190203
Symantec ML.Attribute.HighConfidence 20190223
Trapmine malicious.high.ml.score 20190123
Ad-Aware 20190224
AegisLab 20190224
AhnLab-V3 20190224
Alibaba 20180921
ALYac 20190224
Antiy-AVL 20190224
Arcabit 20190224
Avast 20190224
Avast-Mobile 20190224
AVG 20190224
Avira (no cloud) 20190224
Babable 20180918
Baidu 20190215
BitDefender 20190224
Bkav 20190222
CAT-QuickHeal 20190224
ClamAV 20190224
CMC 20190224
Comodo 20190224
Cyren 20190224
DrWeb 20190224
Emsisoft 20190224
ESET-NOD32 20190224
F-Prot 20190224
F-Secure 20190224
Fortinet 20190224
GData 20190224
Ikarus 20190224
Jiangmin 20190224
Kaspersky 20190224
Kingsoft 20190224
Malwarebytes 20190224
MAX 20190224
McAfee 20190224
McAfee-GW-Edition 20190224
Microsoft 20190224
eScan 20190224
NANO-Antivirus 20190224
Palo Alto Networks (Known Signatures) 20190224
Panda 20190224
Rising 20190224
Sophos AV 20190224
SUPERAntiSpyware 20190220
Symantec Mobile Insight 20190220
TACHYON 20190224
Tencent 20190224
TheHacker 20190217
TrendMicro 20190226
TrendMicro-HouseCall 20190226
Trustlook 20190224
VBA32 20190222
VIPRE 20190224
ViRobot 20190224
Webroot 20190224
Yandex 20190222
Zillya 20190222
ZoneAlarm by Check Point 20190224
Zoner 20190224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2014 NVIDIA Corporation. All rights reserved.

Product NVIDIA-SMI 340.52
File version 8.17.13.4052
Description NVIDIA-SMI 340.52
Signature verification The digital signature of the object did not verify.
Signing date 4:39 AM 3/5/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-13 23:38:05
Entry Point 0x00046A6E
Number of sections 3
.NET details
Module Version ID 9f3663e9-ef05-151b-04ee-6dde102ed7a0
PE sections
Overlays
MD5 f809df1da82fc92b1e468c3ce79c70b5
File type data
Offset 283648
Size 8024
Entropy 7.36
PE imports
_CorExeMain
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
4

FileVersionNumber
8.17.13.4052

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
NVIDIA-SMI 340.52

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
1536

EntryPoint
0x46a6e

MIMEType
application/octet-stream

LegalCopyright
(C) 2014 NVIDIA Corporation. All rights reserved.

FileVersion
8.17.13.4052

TimeStamp
2019:02:14 00:38:05+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
8.17.13.4052

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
NVIDIA Corporation

CodeSize
281600

ProductName
NVIDIA-SMI 340.52

ProductVersionNumber
5.2.3790.1830

FileTypeExtension
exe

ObjectFileType
Driver

File identification
MD5 85cd885014547939553f8b502a30ec78
SHA1 f912319e5f5f0d02c1c12a2401a6fceef1455372
SHA256 b1b63696c4a99f6dbb1eaaa751d635ad5cdbfa792981c40365b77399f3632662
ssdeep
6144:SQXwLN5UtmCqK4jl9BJkyq2tW2whDWMBLNDhmMGTI6W6WP:ZX6N5Rj9ByMwhDWMrDhmTTdW6WP

authentihash 2e91af1af2ea42e7ae341f2cda1a17fe222e3afb4fd3502370259c1279e4b736
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 284.8 KB ( 291672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2019-02-24 21:48:07 UTC ( 3 months ago )
Last submission 2019-02-26 23:31:21 UTC ( 2 months, 4 weeks ago )
File names svchost.exe1
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!