igfxme.exe

Cydippid

9-Lab

The executable igfxme.exe has been detected as malware by 6 anti-virus scanners.
Publisher:
Stellar Information System Ltd  (signed by 9-Lab)

Product:
Cydippid

Version:
1.00

MD5:
d9489f9882b7bd4e0a99564cca541442

SHA-1:
1b8f9bcec8262ef7905c20a047c0ebe451b28c91

SHA-256:
a32d51eff4d55246cab8dcd72540419ded49b34c4edcbe177eab9536d0c047e1

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
12/25/2024 6:08:43 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.VB.52994
8.3.3.2

avast!
Win32:Malware-gen
2014.9-160322

AVG
Inject3
2017.0.2797

Bkav FE
HW32.Packed
1.3.0.7744

ESET NOD32
Win32/Injector.CUWD (variant)
10.13210

Qihoo 360 Security
QVM03.0.Malware.Gen
1.0.0.1120

File size:
1.3 MB (1,329,088 bytes)

Product version:
1.00

Original file name:
Emumu7.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Traditional, Taiwan)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\igfxme.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
12/24/2014 2:00:00 AM

Valid to:
1/23/2017 1:59:59 AM

Subject:
CN=9-Lab, O=9-Lab, L=Kiev, S=Ukraine, C=UA

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
1848D0B7BE06C62579E9C2A728671D49

File PE Metadata
Compilation timestamp:
3/19/2016 11:20:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:9okD1SHbIArJN+CEVwFDUCJ6LPCcB+ADgqaGfm+yqBGHvTkE:ahHkWyCEoP2149qaN+yNvoE

Entry address:
0x1068

Entry point:
68, C4, DC, 52, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 3A, B6, DA, DD, DD, 57, ED, 43, 88, E4, D1, 5F, 33, 79, 59, F4, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 20, 3D, 20, 22, 45, 70, 59, 61, 6D, 73, 74, 63, 68, 69, 6B, 37, 00, 0A, 43, 6C, 69, 65, 00, 00, 00, 00, FF, CC, 31, 00, 01, C1, 01, 7B, 8C, 93, A4, 14, 4F, 8B, DA, C7, 94, 44, BA, 96, 4A, 1E, 77, 67, 5E, 71, 68, 8D, 4C, 89, D7, E0, 8A, 0A, 5A, BF, 15, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
7.9514

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
1.2 MB (1,294,336 bytes)

Remove igfxme.exe - Powered by Reason Core Security