home

rtkngui64.exe

Realtek HD Audio Manager

Realtek Semiconductor Corp

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘RTHDVCPL’.
Publisher:
Realtek Semiconductor  (signed by Realtek Semiconductor Corp)

Product:
Realtek HD Audio Manager

Version:
1.0.519.0

MD5:
3e1a56cc7c3477b7d44b1b3bb74721f1

SHA-1:
2bbaac850e0bd300735b5e9d1429e69294971c87

SHA-256:
7d16dc5848fd63629b9f749a71d127afd6e1c4ca19ffd87ab3274d37c25576e2

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 12:40:37 PM UTC  (today)

File size:
8.4 MB (8,844,032 bytes)

Product version:
1.0.519.0

Copyright:
2015 (c) Realtek Semiconductor. All rights reserved.

Original file name:
RtkNGui.exe

File type:
Executable application (Win64 EXE)

Language:
Kinesisk (tradisjonell, Taiwan)

Common path:
C:\Program Files\realtek\audio\hda\rtkngui64.exe

Digital Signature
Signed by:
Realtek Semiconductor Corp

Authority:
VeriSign, Inc.

Subject:
CN=Realtek Semiconductor Corp, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Realtek Semiconductor Corp, L=Hsinchu, S=Taiwan, C=TW

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
13222A5DCCF716DF5AF9C87084412DD9

File PE Metadata
Compilation timestamp:
1/18/2016 9:53:25 AM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

Entry address:
0x158A00

Entry point:
48, 83, EC, 28, E8, 47, 91, 00, 00, 48, 83, C4, 28, E9, 0E, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 66, 90, 66, 66, 66, 90, 66, 90, 48, 3B, 0D, F1, E8, 0A, 00, 75, 11, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 02, F3, C3, 48, C1, C9, 10, E9, C1, 91, 00, 00, CC, 48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8D, 05, F7, B8, 03, 00, 8B, DA, 48, 8B, F9, 48, 89, 01, E8, F2, 92, 00, 00, F6, C3, 01, 74, 08, 48, 8B, CF, E8, 21, 10, FE, FF, 48, 8B, C7, 48, 8B...
 
[+]

Code size:
1.5 MB (1,615,360 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
RTHDVCPL

Command:
"C:\Program Files\realtek\audio\hda\rtkngui64.exe" -s


Scan rtkngui64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.