home

nvbackend.exe

NVIDIA GeForce Experience

NVIDIA Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘NvBackend’.
Publisher:
NVIDIA Corporation  (signed and verified)

Product:
NVIDIA GeForce Experience

Description:
NVIDIA GeForce Experience Backend

Version:
10.11.15.0

MD5:
a0012c1d9b8648c20c00202418b9d02f

SHA-1:
f94c48586eda674be3333753bcb9da6d36460b1c

SHA-256:
833afb6bcabbf9991c811d6d1bf2c7b95a584f46d93c6b3f49ca2a8a6be5e657

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/1/2024 12:25:02 AM UTC  (today)

File size:
2.2 MB (2,279,712 bytes)

Product version:
10.11.15.0

Copyright:
(C) 2013 NVIDIA Corporation. All rights reserved.

Original file name:
backend.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\Program Files\nvidia corporation\update core\nvbackend.exe

Digital Signature
Signed by:
NVIDIA Corporation

Authority:
VeriSign, Inc.

Valid from:
9/2/2011 1:00:00 AM

Valid to:
9/2/2014 12:59:59 AM

Subject:
CN=NVIDIA Corporation, OU=Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=NVIDIA Corporation, L=Santa Clara, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
43BB437D609866286DD839E1D00309F5

File PE Metadata
Compilation timestamp:
12/10/2013 2:07:40 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:f/N5iZ4Brag3HDjyaBDpDxbPZFuLqS9Bghky62TkFNmh7Yw7ZQC4CHq:fV5yAr55FpDlhFAqSIkPiw

Entry address:
0x12CCF0

Entry point:
E8, 62, C0, 00, 00, E9, 89, FE, FF, FF, B8, B9, 98, 53, 00, A3, 80, 0D, 5E, 00, C7, 05, 84, 0D, 5E, 00, 92, 8F, 53, 00, C7, 05, 88, 0D, 5E, 00, 46, 8F, 53, 00, C7, 05, 8C, 0D, 5E, 00, 7F, 8F, 53, 00, C7, 05, 90, 0D, 5E, 00, E8, 8E, 53, 00, A3, 94, 0D, 5E, 00, C7, 05, 98, 0D, 5E, 00, 31, 98, 53, 00, C7, 05, 9C, 0D, 5E, 00, 04, 8F, 53, 00, C7, 05, A0, 0D, 5E, 00, 66, 8E, 53, 00, C7, 05, A4, 0D, 5E, 00, F2, 8D, 53, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, 83, 7D, 08, 00, 74, 05, E8, 90, CB, 00, 00, DB...
 
[+]

Entropy:
6.5054

Code size:
1.5 MB (1,581,056 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
NvBackend

Command:
"C:\Program Files\nvidia corporation\update core\nvbackend.exe"


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.