home

SgfxConfig.exe

ViewSpan System Tray Application

SMSC

The executable SgfxConfig.exe has been detected as malware by 3 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SgfxConfig’.
Publisher:
SMSC  (signed and verified)

Product:
ViewSpan System Tray Application

Version:
5.3.0.0

MD5:
fba4c956edfa3a3312a17f2a35deaf86

SHA-1:
2901bca86b4196e61680a179942018bd35a3f387

SHA-256:
e5070b770d859b6dac3a4d890e36fef7577154f18584ced83fc684d22354d64f

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
11/24/2024 3:37:47 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Floxif.H virus
6.3.12010.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
was aborted [F-Secure Aquarius]
5.15.154

File size:
1.5 MB (1,617,599 bytes)

Product version:
5.3.0.0

Copyright:
Copyright © SMSC 2010 - 2013. All Rights Reserved.

Original file name:
SgfxConfig.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\sgfx\sgfxconfig.exe

Digital Signature
Signed by:
SMSC

Authority:
VeriSign, Inc.

Valid from:
10/11/2012 5:00:00 AM

Valid to:
11/1/2015 4:59:59 AM

Subject:
CN=SMSC, OU=SSG, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SMSC, L=Hauppauge, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6C83576EC5185F17BB0B7410DB264F3F

File PE Metadata
Compilation timestamp:
5/1/2013 8:15:10 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:CYzsyFcRmYxgdMdNzd+sAJeZ7BXlzKiYaSW5MqPlm2d4dA2LoU5kTp:CYURmYxFdNssAJeZ7BXlzKiYaS6Msn6Y

Entry address:
0xFC8A1

Entry point:
E9, 99, C3, F7, FF, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 43, C1, 00, 00, 83, C4, 14, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, 66, 8B, 08, 83, C0, 02, 66, 85, C9, 75, F5, 2B, 45, 08, D1, F8, 48, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 4D, 10, 85, C9, 74, 1B, 8B, 45, 0C, 0F, B7, D0, 8B, C2, C1, E2, 10, 57, 8B, 7D, 08, 0B, C2, D1, E9, F3, AB, 13, C9, 66, F3, AB, 5F, 8B, 45, 08, 5D, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 85, F6, 75, 04, 33, C0, EB, 64, 83...
 
[+]

Entropy:
6.5352

Packer / compiler:
Xtreme-Protector v1.05

Code size:
1.1 MB (1,178,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SgfxConfig

Command:
"C:\Program Files\sgfx\sgfxconfig.exe"


Remove SgfxConfig.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.