nxqhziwdy.exe

TV Wizard

Small Island Development

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The application nxqhziwdy.exe by Small Island Development has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Small Island Development  (signed and verified)

Product:
TV Wizard

Description:
TVWizard

Version:
1.0.0.0

MD5:
e802a771a5f3c1e83f04f6894d123169

SHA-1:
7830271adb825c36ce354833ff2632570bcb5784

SHA-256:
3b267fb6cd4a8882f617f9ccca32754cc146edd4c82ea061a98ec2f6f0a8953f

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
11/15/2024 12:08:13 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt (M)
17.2.19.7

File size:
48.5 KB (49,648 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Small Island Development 2015

Original file name:
TVWizard.exe

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\xpzpiqruwrw\dat\nxqhziwdy.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
12/24/2014 12:00:00 AM

Valid to:
2/22/2016 11:59:59 PM

Subject:
CN=Small Island Development, O=Small Island Development, L=St. James, S=St. James, C=BB

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
2ACB4CDCE993E485342ABFA2BCA95A17

File PE Metadata
Compilation timestamp:
1/31/2015 8:28:51 AM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0xBF5E

Entry point:
48, A1, 00, 20, 00, 40, 00, 00, 00, 00, FF, E0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.6491

Code size:
40 KB (40,960 bytes)

Remove nxqhziwdy.exe - Powered by Reason Core Security