Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2019-May-22 20:42:02 |
Detected languages |
English - United States
|
Debug artifacts |
C:\dvs\p4\build\sw\rel\gpu_drv\r421\r430_81\drivers\ui\NvSmartMax\NvSmartMaxApp\bin\Release64\NvSmartMaxapp64.pdb
|
Company | NVIDIA Corporation |
FileDescription | NVIDIA Smart Maximise Helper Host |
FileVersion | 6.14.10.100.03 |
InternalName | NvSmartMaxapp64 |
LegalCopyright | (C) NVIDIA Corporation. All rights reserved. |
OriginalFilename | NvSmartMaxapp64.dll |
ProductName | NVIDIA Smart Maximise Helper Host version 100.03 |
ProductVersion | 6.14.10.100.03 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains obfuscated function names:
|
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Suspicious | The PE header may have been manually modified. |
The resource timestamps differ from the PE header:
|
Malicious | The PE's digital signature is invalid. |
Signer: NVIDIA Corporation
Issuer: VeriSign Class 3 Code Signing 2010 CA The file was modified after it was signed. |
Malicious | VirusTotal score: 5/68 (Scanned on 2021-07-28 16:57:55) |
ClamAV:
Win.Downloader.Upatre-9880459-0
Kaspersky: VHO:Trojan-Downloader.Win32.Upatre.izez Microsoft: Trojan:Win32/Wacatac.B!ml GData: Win64.Trojan.Agent.BBG eGambit: PE.Heur.InvalidSig |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x110 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 7 |
TimeDateStamp | 2019-May-22 20:42:02 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0xae00 |
SizeOfInitializedData | 0x31400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000000000002278 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x3f000 |
SizeOfHeaders | 0x400 |
Checksum | 0x41a99 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetCurrentProcess
Wow64DisableWow64FsRedirection GetEnvironmentVariableW CreateMutexW WaitForSingleObject GetCurrentThreadId OpenEventW GetLastError CloseHandle CreateThread SetCurrentDirectoryW SetDllDirectoryW IsWow64Process CreateFileW FlushFileBuffers SetFilePointerEx GetConsoleMode GetConsoleCP HeapReAlloc HeapSize GetProcessHeap LCMapStringW GetStringTypeW SetStdHandle FreeEnvironmentStringsW GetEnvironmentStringsW GetCommandLineW GetCommandLineA GetCPInfo GetOEMCP IsValidCodePage FindNextFileA FindFirstFileExA FindClose GetFileType RaiseException GetSystemInfo VirtualProtect VirtualQuery FreeLibrary GetModuleHandleW GetProcAddress LoadLibraryExA RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter TerminateProcess IsProcessorFeaturePresent QueryPerformanceCounter GetCurrentProcessId GetSystemTimeAsFileTime InitializeSListHead IsDebuggerPresent GetStartupInfoW RtlUnwindEx SetLastError EnterCriticalSection LeaveCriticalSection DeleteCriticalSection InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree LoadLibraryExW GetStdHandle WriteFile GetModuleFileNameA MultiByteToWideChar WideCharToMultiByte ExitProcess GetModuleHandleExW GetACP HeapFree HeapAlloc WriteConsoleW |
---|---|
USER32.dll |
GetMessageW
DefWindowProcW SubtractRect GetWindowRect GetDC SetWindowPos EqualRect MonitorFromRect EnumDisplayMonitors CreateWindowExW SendMessageW RegisterClassExW ShowWindow OffsetRect DispatchMessageW GetMonitorInfoW IsRectEmpty TranslateMessage FindWindowW LoadCursorW PostQuitMessage SystemParametersInfoW UpdateWindow InvalidateRect ReleaseDC |
NvSmartMax64.dll (delay-loaded) |
NvSmartMaxShutdown
NVUnHook NvSmartMaxNotifyAppHWND |
Attributes | 0x1 |
---|---|
Name | NvSmartMax64.dll |
ModuleHandle | 0x15d00 |
DelayImportAddressTable | 0x15cd8 |
DelayImportNameTable | 0x14470 |
BoundDelayImportTable | 0x144d0 |
UnloadDelayImportTable | 0 |
TimeStamp | 1970-Jan-01 00:00:00 |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 6.14.10.10003 |
ProductVersion | 6.14.10.10003 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language | English - United States |
Company | NVIDIA Corporation |
FileDescription | NVIDIA Smart Maximise Helper Host |
FileVersion (#2) | 6.14.10.100.03 |
InternalName | NvSmartMaxapp64 |
LegalCopyright | (C) NVIDIA Corporation. All rights reserved. |
OriginalFilename | NvSmartMaxapp64.dll |
ProductName | NVIDIA Smart Maximise Helper Host version 100.03 |
ProductVersion (#2) | 6.14.10.100.03 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-May-22 20:42:02 |
Version | 0.0 |
SizeofData | 138 |
AddressOfRawData | 0x13570 |
PointerToRawData | 0x12770 |
Referenced File | C:\dvs\p4\build\sw\rel\gpu_drv\r421\r430_81\drivers\ui\NvSmartMax\NvSmartMaxApp\bin\Release64\NvSmartMaxapp64.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-May-22 20:42:02 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x135fc |
PointerToRawData | 0x127fc |
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-May-22 20:42:02 |
Version | 0.0 |
SizeofData | 820 |
AddressOfRawData | 0x13610 |
PointerToRawData | 0x12810 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-May-22 20:42:02 |
Version | 0.0 |
SizeofData | 0 |
AddressOfRawData | 0 |
PointerToRawData | 0 |
Size | 0x94 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x140015000 |
XOR Key | 0x8eb276b7 |
---|---|
Unmarked objects | 0 |
ASM objects (24610) | 4 |
C objects (24610) | 10 |
C++ objects (24610) | 125 |
ASM objects (VS2015 UPD3 build 24123) | 7 |
C objects (VS2015 UPD3 build 24123) | 18 |
C++ objects (VS2015 UPD3 build 24123) | 31 |
Imports (24610) | 5 |
Total imports | 137 |
264 (VS2015 UPD3.1 build 24215) | 1 |
Resource objects (VS2015 UPD3 build 24210) | 1 |
151 | 1 |
Linker (VS2015 UPD3.1 build 24215) | 1 |