» IGFXPERS.EXE
Overview
Analysis
File Details
Behaviors (1)

IGFXPERS.EXE

Intel Common User Interface

Intel Corporation

The executable IGFXPERS.EXE, “persistence Module” has been detected as malware by 36 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Persistence’. This virus which infects .exe files stops various security software and prevents some core Windows utilities from running. It also tries to download other files from a remote server, including other malware.

File name:

IGFXPERS.EXE

Publisher:

Intel Corporation

Product:

Intel(R) Common User Interface

Description:

persistence Module

Version:

8.15.10.2993

MD5:

a85986e16d83208d35453ee382db9dd7

SHA-1:

eaece3a176e34d3f323d9febfdb4d13b370ed6db

SHA-256:

76bbdf7711fd7d781da826b8ad593c744c1bfe80cb43619f6e7d199ca14d56ce

Scanner detections:

36 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/1/2025 8:22:30 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.3

-40

AhnLab V3 Security

Win32/Kashu.E

3.8.3.16

Avira AntiVirus

W32/Sality.AG

8.3.3.4

Arcabit

Win32.Sality.3

1.0.0.802

avast!

Win32:Kukacka

2014.9-170315

AVG

Win32/Sality

2018.0.2438

Baidu Antivirus

Win32.Virus.Sality

4.0.3.17315

Bitdefender

Win32.Sality.3

1.0.20.370

Bkav FE

W32.Sality.PE

1.3.0.8876

Comodo Security

Virus.Win32.Sality.gen

26759

Dr.Web

Win32.Sector.30

9.0.1.074

Emsisoft Anti-Malware

Win32.Sality

8.17.03.15.05

ESET NOD32

Win32/Sality.NBA

11.15092

F-Prot

W32/Sality.E.gen

v6.4.7.1.166

F-Secure

Win32.Sality.3

11.2017-15-03_4

G Data

Win32.Virus.Sality

17.3.A:25.11192B:25.9090

IKARUS anti.virus

Virus.Win32.Sality

0.2.1.2

K7 AntiVirus

Virus

13.10.6.22727

Kaspersky

Virus.Win32.Sality

14.0.0.-1314

McAfee

W32/Sality.gen.z

5600.6094

Microsoft Security Essentials

Virus:Win32/Sality.AT

1.1.13504.0

MicroWorld eScan

Win32.Sality.3

18.0.0.222

NANO AntiVirus

Virus.Win32.Sality.yusp

1.0.70.15657

nProtect

Virus/W32.Sality.D

17.03.15.02

Panda Antivirus

W32/Sality.AA

17.03.15.05

Qihoo 360 Security

Virus.Win32.Sality.I

1.0.0.1120

Quick Heal

W32.Sality.U

3.17.14.00

Rising Antivirus

Virus.Sality!1.A5BD (classic)

23.00.65.17313

Sophos

Mal/Sality-D

4.98

Total Defense

Win32/Sality.AA

37.1.62.1

Trend Micro House Call

PE_SALITY.RL

7.2.74

Trend Micro

PE_SALITY.RL

10.465.15

Vba32 AntiVirus

Virus.Win32.Sality.bakb

3.12.26.4

VIPRE Antivirus

Virus.Win32.Sality.at

56666

ViRobot

Win32.Sality.Gen.A[h]

2014.3.20.0

Zillya! Antivirus

Virus.Sality.Win32.25

2.0.0.3232

File size:

251 KB (257,008 bytes)

Product version:

8.15.10.2993

Original file name:

IGFXPERS.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Windows\System32\igfxpers.exe

File PE Metadata

Compilation timestamp:

1/31/2013 1:17:52 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

Entry address:

0x1440E

Entry point:

60, FE, C1, 85, D9, 89, C2, 84, F1, 33, C2, BE, AF, D1, 54, B2, 89, D8, 81, DF, 0E, 9F, 9F, E7, 30, EC, F2, 8D, 15, 01, F2, D5, BE, 14, F8, 80, CB, 39, E8, 20, 00, 00, 00, 38, CF, 14, 4D, FE, CF, 8B, F7, FE, CD, 69, DE, 54, 3D, 90, D9, 69, CF, 55, C2, 7C, 5B, 03, D6, FE, C9, 8D, 2D, 95, 4B, C7, F0, F7, C3, 1D, 4B, AB, 9E, F6, C1, A3, 88, C0, 45, 8A, D5, 80, CE, E5, 0F, B7, D3, 8D, 3D, 94, 33, CE, 5E, 81, C9, A7, 4D, 8D, F0, F7, C2, 6F, 03, 01, 25, 03, CF, 89, C9, 69, C8, FE, F3, B6, A5, F3, 8B, FA, FE, CD... 
[+]

Entropy:

7.2085

Code size:

134 KB (137,216 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Persistence

Command:

C:\Windows\System32\igfxpers.exe

Remove IGFXPERS.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.