vdeck.exe

HDAudioCPL

VIA Technologies Inc.

This is a setup program which is used to install the application. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘HDAudDeck’. The file has been seen being downloaded from dc470.4shared.com.
Publisher:
VIA  (signed by VIA Technologies Inc.)

Product:
HDAudioCPL

Description:
VIA HD Audio CPL

Version:
9.1.00.32

MD5:
76af2b953788073e9ffdab55e1e64ea8

SHA-1:
8d01f0884df55a841fc9e57448e4d20ca9f71c4e

SHA-256:
7c6ace638c3a21ca6d5d9a02567e3f50f5d44fa2188ce82125776cf8190d1501

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 4:47:36 PM UTC  (today)

File size:
2 MB (2,047,088 bytes)

Product version:
9.1.00.32

Copyright:
(c) <VIA>. All rights reserved.

Trademarks:
20101222

Original file name:
HDAudioCPL.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\via\viaudioi\vdeck\vdeck.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/3/2010 9:00:00 PM

Valid to:
3/29/2013 8:59:59 PM

Subject:
CN=VIA Technologies Inc., OU=Taiwan Head Quarter, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=VIA Technologies Inc., L=Taipei, S=Taiwan, C=TW

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
397CB8DFD0E35A48DA040980F743C6AB

File PE Metadata
Compilation timestamp:
12/22/2010 5:51:24 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:tpO83JDnCGG6kHCN60rWPeFZ1m3YuDOxpQjdTgW/:XBr6i0vDOrQBh

Entry address:
0xB74EA

Entry point:
E8, 5B, 50, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, DC, 26, 51, 00, 75, 02, F3, C3, E9, DD, 50, 00, 00, 8B, FF, 51, C7, 01, CC, 3E, 4E, 00, E8, D5, 51, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 0B, 0E, FE, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, 17, 52, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D...
 
[+]

Code size:
886 KB (907,264 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
HDAudDeck

Command:
C:\Program Files\via\viaudioi\vdeck\vdeck.exe -r


The file vdeck.exe has been seen being distributed by the following URL.