» IGFXTRAY.EXE
Overview
Analysis
File Details
Behaviors (1)
Network (1)

IGFXTRAY.EXE

Intel Common User Interface

Intel Corporation

The executable IGFXTRAY.EXE has been detected as malware by 35 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘IgfxTray’. This virus which infects .exe files stops various security software and prevents some core Windows utilities from running. It also tries to download other files from a remote server, including other malware. While running, it connects to the Internet address 85-159-66-62.cizgi.net.tr on port 80 using the HTTP protocol.

File name:

IGFXTRAY.EXE

Publisher:

Intel Corporation

Product:

Intel(R) Common User Interface

Description:

igfxTray Module

Version:

8.14.10.1930

MD5:

852f5e7d6827e48149f17837720d125f

SHA-1:

2c78beee2b1c65aab3ba12be2d189d1d2d7301b3

SHA-256:

e10389c8717bd1aa149f80fd18b65aa7e8cbaf789bcd5fdeb0029a38be9f464d

Scanner detections:

35 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/22/2025 9:18:50 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.3

17.01.27

AhnLab V3 Security

Win32/Kashu.E

3.8.3.16

Avira AntiVirus

W32/Sality.AT

8.3.3.4

Arcabit

Win32.Sality.3

1.0.0.793

avast!

Win32:SaliCode

2014.9-170127

AVG

Win32/Sality

2018.0.2485

Baidu Antivirus

Win32.Virus.Sality

4.0.3.17127

Bitdefender

Win32.Sality.3

1.0.20.135

Comodo Security

Virus.Win32.Sality.gen

26474

Dr.Web

Win32.Sector.30

9.0.1.027

Emsisoft Anti-Malware

Win32.Sality

8.17.01.27.12

ESET NOD32

Win32/Sality.NBA

11.14808

F-Prot

W32/Sality.E.gen

v6.4.7.1.166

F-Secure

Win32.Sality.3

11.2017-27-01_6

G Data

Win32.Sality

17.1.25

IKARUS anti.virus

Trojan.Patched

0.1.3.4

K7 AntiVirus

Virus

13.248.22174

Kaspersky

Virus.Win32.Sality

14.0.0.-1078

McAfee

W32/Sality.gen.z

5600.6141

Microsoft Security Essentials

Virus:Win32/Sality.AT

1.1.13407.0

MicroWorld eScan

Win32.Sality.3

18.0.0.81

NANO AntiVirus

Trojan.Win32.Menti.vtwzl

1.0.70.14475

nProtect

Virus/W32.Sality.D

17.01.22.01

Panda Antivirus

W32/Sality.AA

17.01.27.12

Qihoo 360 Security

Virus.Win32.Sality.I

1.0.0.1120

Quick Heal

W32.Sality.U

1.17.14.00

Rising Antivirus

Virus.Sality!1.A5BD (classic)

23.00.65.17125

Sophos

Mal/Sality-D

4.98

Total Defense

Win32/Sality.AA

37.1.62.1

Trend Micro House Call

PE_SALITY.RL

7.2.27

Trend Micro

PE_SALITY.RL

10.465.27

Vba32 AntiVirus

Virus.Win32.Sality.bakc

3.12.26.4

VIPRE Antivirus

Virus.Win32.Sality.at

55410

ViRobot

Win32.Sality.Gen.A[h]

2014.3.20.0

Zillya! Antivirus

Virus.Sality.Win32.25

2.0.0.3179

File size:

218.5 KB (223,768 bytes)

Product version:

8.14.10.1930

Original file name:

IGFXTRAY.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Windows\System32\igfxtray.exe

File PE Metadata

Compilation timestamp:

9/23/2009 8:49:49 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

Entry address:

0xC83C

Entry point:

F2, 69, F7, 8A, 8F, 61, 13, 1C, D9, 2A, FE, EB, 0A, B4, C7, FF, C2, F7, C5, 3E, C4, FB, 8C, EB, 09, 0F, B7, C6, 8D, 35, A7, 0B, A7, 91, 89, DD, C7, C5, 11, 94, F1, 42, C6, C3, F0, FE, C1, E8, 6D, 00, 00, 00, 35, 93, D2, 4D, 6B, 20, E2, EB, 01, F2, 0F, BF, DB, 89, CA, BF, A2, 6A, 6D, 50, 3B, F5, 6A, 00, 5A, 81, F7, 3A, 14, B9, 46, F3, 8A, E6, 71, 03, 43, 14, 42, 85, CD, 74, 05, 0F, AF, CD, 86, FF, 68, A0, 34, 04, 00, 80, C8, 0A, FE, C8, 5D, F2, 13, C6, 81, ED, 9F, 34, 04, 00, F3, 0F, C1, EA, 8A, CA, 8D, 0D... 
[+]

Code size:

95 KB (97,280 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

IgfxTray

Command:

C:\Windows\System32\igfxtray.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 85-159-66-62.cizgi.net.tr (85.159.66.62:80)

Remove IGFXTRAY.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.