What is NvSHIM.exe?
NvSHIM.exe is part of SHIM Application and developed by NVIDIA Corporation according to the NvSHIM.exe version information.
NvSHIM.exe's description is "SHIM utility"
NvSHIM.exe is digitally signed by NVIDIA Corporation.
NvSHIM.exe is usually located in the 'C:\Program Files (x86)\NVIDIA Corporation\Update Core\' folder.
None of the anti-virus scanners at VirusTotal reports anything malicious about NvSHIM.exe.
If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.
Vendor and version information [?]
The following is the available information on NvSHIM.exe:
| Property | Value |
|---|---|
| Product name | SHIM Application |
| Company name | NVIDIA Corporation |
| File description | SHIM utility |
| Internal name | SHIM |
| Original filename | SHIM.exe |
| Comments | SHIM utility |
| Legal copyright | (C) 2018 NVIDIA Corporation. All rights reserved. |
| Product version | 36.0.0.0 |
| File version | 36.0.0.0 |
Here's a screenshot of the file properties when displayed by Windows Explorer:
| Product name | SHIM Application |
| Company name | NVIDIA Corporation |
| File description | SHIM utility |
| Internal name | SHIM |
| Original filename | SHIM.exe |
| Comments | SHIM utility |
| Legal copyright | (C) 2018 NVIDIA Corporation. All rig.. |
| Product version | 36.0.0.0 |
| File version | 36.0.0.0 |
Digital signatures [?]
NvSHIM.exe has a valid digital signature.
| Property | Value |
|---|---|
| Signer name | NVIDIA Corporation |
| Certificate issuer name | VeriSign Class 3 Code Signing 2010 CA |
| Certificate serial number | 4fbe0a02426ebd20c26244b5eca652a3 |
VirusTotal report
None of the 67 anti-virus programs at VirusTotal detected the NvSHIM.exe file.
Sandbox Report
The following information was gathered by executing the file inside Cuckoo Sandbox.
Summary
Successfully executed process in sandbox.
Summary
{
"dll_loaded": [
"C:\\Windows\\system32\\winbrand.dll",
"C:\\Windows\\system32\\dsound.dll",
"kernel32",
"C:\\Windows\\system32\\Advapi32.dll",
"WINTRUST.dll",
"kernel32.dll",
"OLEAUT32.dll",
"C:\\Windows\\system32\\kernel32.dll",
"C:\\Windows\\system32\\nvapi.dll",
"dsound.dll",
"ole32.dll",
"setupapi.dll",
"CRYPTSP.dll",
"psapi.dll"
],
"file_opened": [
"C:\\Windows\\Branding\\Basebrd\\basebrd.dll",
"\\??\\C:",
"C:\\Windows\\win.ini",
"C:\\",
"\\??\\PHYSICALDRIVE0"
],
"regkey_opened": [
"HKEY_CLASSES_ROOT\\CLSID\\{25E609E4-B259-11CF-BFC7-444553540000}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Debug\\quartz.dll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v3.0",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion",
"HKEY_CURRENT_USER\\Software\\Microsoft\\DirectX Diagnostic Tool",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum\\DISPLAY\\Default_Monitor",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\NVIDIA Corporation\\Global\\NVUpdatus",
"HKEY_CLASSES_ROOT\\CLSID\\{286F484D-375E-4458-A272-B138E2F80A6A}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32",
"HKEY_CURRENT_USER\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\NVIDIA Corporation\\Global\\NvBackend",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler",
"HKEY_CURRENT_USER\\Control Panel\\Desktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{027947E1-D731-11CE-A357-000000000001}\\ProxyStubClsid32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v3.5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\DirectX",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Direct3D",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\NVIDIA Corporation\\nForce",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\services\\RiftEnabler",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum\\DISPLAY\\Default_Monitor\\4&2abfaa30&0&12345678&00&02",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Client",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum\\DISPLAY\\Default_Monitor\\4&2abfaa30&0&12345678&00&02\\Device Parameters",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32",
"HKEY_LOCAL_MACHINE\\Software\\NVIDIA Corporation\\Global\\GFExperience",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\ComputerName\\ComputerName",
"HKEY_CURRENT_USER\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\crypt32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Enum\\Display",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Memory Management",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\msasn1",
"HKEY_CURRENT_CONFIG\\System\\CurrentControlSet\\Services\\MNMDD\\DEVICE0",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{78705f0d-e8db-4b2d-8193-982bdda15ecd}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\NET Framework Setup\\NDP\\v2.0.50727",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v1.1.4322",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Enum\\HID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Hardware Profiles\\Current\\Software\\Fonts",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Enum\\PCI",
"HKEY_LOCAL_MACHINE\\System\\Setup",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Enum\\USB",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}",
"HKEY_CLASSES_ROOT\\CLSID\\{480FF4B0-28B2-11D1-BEF7-00C04FBF8FEF}\\InProcServer32",
"HKEY_CURRENT_USER\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}",
"HKEY_CURRENT_USER\\Interface\\{027947E1-D731-11CE-A357-000000000001}"
],
"file_exists": [
"C:\\Windows\\System32\\d3d9d.dll",
"C:\\Windows\\System32\\dinput8d.dll",
"C:\\Windows\\System32\\dmusicd.dll",
"C:\\Windows\\System32\\Branding\\Basebrd\\Basebrd.dll"
],
"mutex": [
"Local\\DirectSound DllMain mutex (0x00000680)"
],
"wmi_query": [
"Select * From Win32_NetworkAdapter Where PhysicalAdapter=true",
"Select DeviceID,CurrentClockSpeed,MaxClockSpeed, ExtClock From Win32_Processor\n",
"Select * From Win32_ComputerSystemProduct",
"Select ChassisTypes From Win32_SystemEnclosure",
"Select * From MSSMBios_RawSMBiosTables",
"Select * From Win32_BIOS\n",
"Select Caption From Win32_LogicalDisk where MediaType=11 or MediaType=12\n",
"Select * From Win32_DiskDrive\n",
"ASSOCIATORS OF {Win32_LogicalDisk.DeviceID='C:'} WHERE AssocClass = Win32_LogicalDiskToPartition",
"Select AllocatedBaseSize From Win32_PageFileUsage",
"SELECT Caption FROM Win32_OperatingSystem",
"Associators of {Win32_DiskPartition.DeviceID='Disk #0, Partition #1'} where ResultClass=Win32_DiskDrive"
],
"guid": [
"{4590f811-1d3a-11d0-891f-00aa004b2e24}",
"{44aca674-e8fc-11d0-a07c-00c04fb68820}",
"{9c6b4cb0-23f8-49cc-a3ed-45a55000a6d2}",
"{674b6698-ee92-11d0-ad71-00c04fd8fdff}",
"{8bc3f05e-d86b-11d0-a075-00c04fb68820}",
"{7c857801-7381-11cf-884d-00aa004b2e24}",
"{d5f569d0-593b-101a-b569-08002b2dbf7a}",
"{f309ad18-d86a-11d0-a075-00c04fb68820}",
"{a65b8071-3bfe-4213-9a5b-491da4461ca7}",
"{dc12a687-737f-11cf-884d-00aa004b2e24}"
],
"file_read": [
"C:\\Windows\\win.ini"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Hardware Profiles\\0001\\Software\\Fonts\\LogPixels",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{25E609E4-B259-11CF-BFC7-444553540000}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\BuildLab",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{480FF4B0-28B2-11D1-BEF7-00C04FBF8FEF}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\MEMORY MANAGEMENT\\VerifyDriverLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{027947E1-D731-11CE-A357-000000000001}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum\\DISPLAY\\Default_Monitor\\4&2abfaa30&0&12345678&00&02\\Device Parameters\\EDID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Hostname",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\LogPixels",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Direct3D\\LoadDebugRuntime",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir (x86)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\CurrentBuildNumber",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Domain",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ComputerName\\ComputerName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\MEMORY MANAGEMENT\\PagingFiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugHeapFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\NET Framework Setup\\NDP\\v2.0.50727\\Version",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\NET Framework Setup\\NDP\\v3.5\\Version",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Version",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum\\DISPLAY\\Default_Monitor\\4&2abfaa30&0&12345678&00&02\\Driver",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectX\\Command",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\NET Framework Setup\\NDP\\v3.0\\Version",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{286F484D-375E-4458-A272-B138E2F80A6A}\\InProcServer32\\(Default)"
],
"directory_enumerated": [
"C:\\Windows\\Performance\\WinSAT\\DataStore\\*.*"
]
}Generic
[
{
"process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\9132713aca1e351d6e6ec8f2eaf29598098f5a7c2c690138c807a609a28f58ee.bin",
"process_name": "9132713aca1e351d6e6ec8f2eaf29598098f5a7c2c690138c807a609a28f58ee.bin",
"pid": 1664,
"summary": {
"dll_loaded": [
"C:\\Windows\\system32\\winbrand.dll",
"C:\\Windows\\system32\\dsound.dll",
"kernel32",
"C:\\Windows\\system32\\Advapi32.dll",
"WINTRUST.dll",
"kernel32.dll",
"OLEAUT32.dll",
"C:\\Windows\\system32\\kernel32.dll",
"C:\\Windows\\system32\\nvapi.dll",
"dsound.dll",
"ole32.dll",
"setupapi.dll",
"CRYPTSP.dll",
"psapi.dll"
],
"file_opened": [
"C:\\Windows\\Branding\\Basebrd\\basebrd.dll",
"\\??\\C:",
"C:\\Windows\\win.ini",
"C:\\",
"\\??\\PHYSICALDRIVE0"
],
"regkey_opened": [
"HKEY_CLASSES_ROOT\\CLSID\\{25E609E4-B259-11CF-BFC7-444553540000}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Debug\\quartz.dll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v3.0",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion",
"HKEY_CURRENT_USER\\Software\\Microsoft\\DirectX Diagnostic Tool",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum\\DISPLAY\\Default_Monitor",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\NVIDIA Corporation\\Global\\NVUpdatus",
"HKEY_CLASSES_ROOT\\CLSID\\{286F484D-375E-4458-A272-B138E2F80A6A}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32",
"HKEY_CURRENT_USER\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\NVIDIA Corporation\\Global\\NvBackend",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler",
"HKEY_CURRENT_USER\\Control Panel\\Desktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{027947E1-D731-11CE-A357-000000000001}\\ProxyStubClsid32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v3.5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\DirectX",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Direct3D",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\NVIDIA Corporation\\nForce",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\services\\RiftEnabler",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum\\DISPLAY\\Default_Monitor\\4&2abfaa30&0&12345678&00&02",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Client",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum\\DISPLAY\\Default_Monitor\\4&2abfaa30&0&12345678&00&02\\Device Parameters",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32",
"HKEY_LOCAL_MACHINE\\Software\\NVIDIA Corporation\\Global\\GFExperience",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\ComputerName\\ComputerName",
"HKEY_CURRENT_USER\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\crypt32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Enum\\Display",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Memory Management",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\msasn1",
"HKEY_CURRENT_CONFIG\\System\\CurrentControlSet\\Services\\MNMDD\\DEVICE0",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{78705f0d-e8db-4b2d-8193-982bdda15ecd}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\NET Framework Setup\\NDP\\v2.0.50727",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v1.1.4322",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Enum\\HID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Hardware Profiles\\Current\\Software\\Fonts",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Enum\\PCI",
"HKEY_LOCAL_MACHINE\\System\\Setup",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Enum\\USB",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}",
"HKEY_CLASSES_ROOT\\CLSID\\{480FF4B0-28B2-11D1-BEF7-00C04FBF8FEF}\\InProcServer32",
"HKEY_CURRENT_USER\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}",
"HKEY_CURRENT_USER\\Interface\\{027947E1-D731-11CE-A357-000000000001}"
],
"file_exists": [
"C:\\Windows\\System32\\d3d9d.dll",
"C:\\Windows\\System32\\dinput8d.dll",
"C:\\Windows\\System32\\dmusicd.dll",
"C:\\Windows\\System32\\Branding\\Basebrd\\Basebrd.dll"
],
"mutex": [
"Local\\DirectSound DllMain mutex (0x00000680)"
],
"wmi_query": [
"Select * From Win32_NetworkAdapter Where PhysicalAdapter=true",
"Select DeviceID,CurrentClockSpeed,MaxClockSpeed, ExtClock From Win32_Processor\n",
"Select * From Win32_ComputerSystemProduct",
"Select ChassisTypes From Win32_SystemEnclosure",
"Select * From MSSMBios_RawSMBiosTables",
"Select * From Win32_BIOS\n",
"Select Caption From Win32_LogicalDisk where MediaType=11 or MediaType=12\n",
"Select * From Win32_DiskDrive\n",
"ASSOCIATORS OF {Win32_LogicalDisk.DeviceID='C:'} WHERE AssocClass = Win32_LogicalDiskToPartition",
"Select AllocatedBaseSize From Win32_PageFileUsage",
"SELECT Caption FROM Win32_OperatingSystem",
"Associators of {Win32_DiskPartition.DeviceID='Disk #0, Partition #1'} where ResultClass=Win32_DiskDrive"
],
"guid": [
"{4590f811-1d3a-11d0-891f-00aa004b2e24}",
"{44aca674-e8fc-11d0-a07c-00c04fb68820}",
"{9c6b4cb0-23f8-49cc-a3ed-45a55000a6d2}",
"{674b6698-ee92-11d0-ad71-00c04fd8fdff}",
"{8bc3f05e-d86b-11d0-a075-00c04fb68820}",
"{7c857801-7381-11cf-884d-00aa004b2e24}",
"{d5f569d0-593b-101a-b569-08002b2dbf7a}",
"{f309ad18-d86a-11d0-a075-00c04fb68820}",
"{a65b8071-3bfe-4213-9a5b-491da4461ca7}",
"{dc12a687-737f-11cf-884d-00aa004b2e24}"
],
"file_read": [
"C:\\Windows\\win.ini"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Hardware Profiles\\0001\\Software\\Fonts\\LogPixels",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{25E609E4-B259-11CF-BFC7-444553540000}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\BuildLab",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{480FF4B0-28B2-11D1-BEF7-00C04FBF8FEF}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\MEMORY MANAGEMENT\\VerifyDriverLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{027947E1-D731-11CE-A357-000000000001}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum\\DISPLAY\\Default_Monitor\\4&2abfaa30&0&12345678&00&02\\Device Parameters\\EDID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Hostname",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\LogPixels",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Direct3D\\LoadDebugRuntime",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir (x86)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\CurrentBuildNumber",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Domain",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ComputerName\\ComputerName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\MEMORY MANAGEMENT\\PagingFiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugHeapFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\NET Framework Setup\\NDP\\v2.0.50727\\Version",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\NET Framework Setup\\NDP\\v3.5\\Version",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Version",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum\\DISPLAY\\Default_Monitor\\4&2abfaa30&0&12345678&00&02\\Driver",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectX\\Command",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\NET Framework Setup\\NDP\\v3.0\\Version",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{286F484D-375E-4458-A272-B138E2F80A6A}\\InProcServer32\\(Default)"
],
"directory_enumerated": [
"C:\\Windows\\Performance\\WinSAT\\DataStore\\*.*"
]
},
"first_seen": 1582663985.625,
"ppid": 2448
},
{
"process_path": "C:\\Windows\\System32\\lsass.exe",
"process_name": "lsass.exe",
"pid": 476,
"summary": {},
"first_seen": 1582663985.3125,
"ppid": 376
}
]Signatures
[
{
"markcount": 13,
"families": [],
"description": "Queries for the computername",
"severity": 1,
"marks": [
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1582663985.766,
"tid": 1480,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 104
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1582663985.844,
"tid": 1480,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 152
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1582663986.938,
"tid": 1480,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 676
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1582663987.094,
"tid": 1480,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 793
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1582663987.11,
"tid": 1480,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 843
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1582663987.141,
"tid": 1480,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 903
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1582663987.156,
"tid": 1480,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 947
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1582663987.172,
"tid": 1480,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 989
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1582663990.516,
"tid": 1480,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 1030
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1582663990.547,
"tid": 1480,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 1102
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1582663990.578,
"tid": 1480,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 1181
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1582663990.703,
"tid": 1480,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 1229
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1582663990.703,
"tid": 1480,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 1249
}
],
"references": [],
"name": "antivm_queries_computername"
},
{
"markcount": 1,
"families": [],
"description": "This executable has a PDB path",
"severity": 1,
"marks": [
{
"category": "pdb_path",
"ioc": "C:\\dvs\\p4\\build\\sw\\rel\\gfclient\\rel_03_18\\backend\\build\\bin\\Win32\\Release\\NvSHIM.pdb",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "has_pdb"
},
{
"markcount": 1,
"families": [],
"description": "Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available",
"severity": 1,
"marks": [
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "GlobalMemoryStatusEx",
"return_value": 1,
"arguments": {},
"time": 1582663985.797,
"tid": 1480,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 129
}
],
"references": [],
"name": "antivm_memory_available"
},
{
"markcount": 1,
"families": [],
"description": "Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation",
"severity": 2,
"marks": [
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetDiskFreeSpaceExW",
"return_value": 1,
"arguments": {
"root_path": "C:\\",
"free_bytes_available": 23514992640,
"total_number_of_free_bytes": 23514992640,
"total_number_of_bytes": 34252779520
},
"time": 1582663987.125,
"tid": 1480,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 867
}
],
"references": [],
"name": "antivm_disk_size"
},
{
"markcount": 12,
"families": [],
"description": "Executes one or more WMI queries",
"severity": 2,
"marks": [
{
"category": "wmi",
"ioc": "Select * From Win32_NetworkAdapter Where PhysicalAdapter=true",
"type": "ioc",
"description": null
},
{
"category": "wmi",
"ioc": "Select DeviceID,CurrentClockSpeed,MaxClockSpeed, ExtClock From Win32_Processor\n",
"type": "ioc",
"description": null
},
{
"category": "wmi",
"ioc": "Select * From Win32_ComputerSystemProduct",
"type": "ioc",
"description": null
},
{
"category": "wmi",
"ioc": "Select ChassisTypes From Win32_SystemEnclosure",
"type": "ioc",
"description": null
},
{
"category": "wmi",
"ioc": "Select * From MSSMBios_RawSMBiosTables",
"type": "ioc",
"description": null
},
{
"category": "wmi",
"ioc": "Select * From Win32_BIOS\n",
"type": "ioc",
"description": null
},
{
"category": "wmi",
"ioc": "Select Caption From Win32_LogicalDisk where MediaType=11 or MediaType=12\n",
"type": "ioc",
"description": null
},
{
"category": "wmi",
"ioc": "Select * From Win32_DiskDrive\n",
"type": "ioc",
"description": null
},
{
"category": "wmi",
"ioc": "ASSOCIATORS OF {Win32_LogicalDisk.DeviceID='C:'} WHERE AssocClass = Win32_LogicalDiskToPartition",
"type": "ioc",
"description": null
},
{
"category": "wmi",
"ioc": "Select AllocatedBaseSize From Win32_PageFileUsage",
"type": "ioc",
"description": null
},
{
"category": "wmi",
"ioc": "SELECT Caption FROM Win32_OperatingSystem",
"type": "ioc",
"description": null
},
{
"category": "wmi",
"ioc": "Associators of {Win32_DiskPartition.DeviceID='Disk #0, Partition #1'} where ResultClass=Win32_DiskDrive",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "has_wmi"
},
{
"markcount": 1,
"families": [],
"description": "Checks adapter addresses which can be used to detect virtual network interfaces",
"severity": 2,
"marks": [
{
"call": {
"category": "network",
"status": 1,
"stacktrace": [],
"api": "GetAdaptersAddresses",
"return_value": 0,
"arguments": {
"flags": 256,
"family": 0
},
"time": 1582663990.797,
"tid": 1480,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 1272
}
],
"references": [],
"name": "antivm_network_adapters"
},
{
"markcount": 6,
"families": [],
"description": "Executes one or more WMI queries which can be used to identify virtual machines",
"severity": 2,
"marks": [
{
"category": "wmi",
"ioc": "Select DeviceID,CurrentClockSpeed,MaxClockSpeed, ExtClock From Win32_Processor\n",
"type": "ioc",
"description": null
},
{
"category": "wmi",
"ioc": "Select Caption From Win32_LogicalDisk where MediaType=11 or MediaType=12\n",
"type": "ioc",
"description": null
},
{
"category": "wmi",
"ioc": "ASSOCIATORS OF {Win32_LogicalDisk.DeviceID='C:'} WHERE AssocClass = Win32_LogicalDiskToPartition",
"type": "ioc",
"description": null
},
{
"category": "wmi",
"ioc": "Select * From Win32_BIOS\n",
"type": "ioc",
"description": null
},
{
"category": "wmi",
"ioc": "Select * From Win32_ComputerSystemProduct",
"type": "ioc",
"description": null
},
{
"category": "wmi",
"ioc": "Associators of {Win32_DiskPartition.DeviceID='Disk #0, Partition #1'} where ResultClass=Win32_DiskDrive",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "wmi_antivm"
},
{
"markcount": 2,
"families": [],
"description": "Queries information on disks, possibly for anti-virtualization",
"severity": 3,
"marks": [
{
"call": {
"category": "file",
"status": 1,
"stacktrace": [],
"api": "NtCreateFile",
"return_value": 0,
"arguments": {
"create_disposition": 1,
"file_handle": "0x000001b0",
"filepath": "\\??\\PHYSICALDRIVE0",
"desired_access": "0xc0100080",
"file_attributes": 0,
"filepath_r": "\\??\\PHYSICALDRIVE0",
"create_options": 96,
"status_info": 1,
"share_access": 3
},
"time": 1582663987.11,
"tid": 1480,
"flags": {
"create_disposition": "FILE_OPEN",
"desired_access": "FILE_READ_ATTRIBUTES|SYNCHRONIZE|GENERIC_WRITE",
"create_options": "FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT",
"file_attributes": "",
"status_info": "FILE_OPENED",
"share_access": "FILE_SHARE_READ|FILE_SHARE_WRITE"
}
},
"pid": 1664,
"type": "call",
"cid": 818
},
{
"call": {
"category": "file",
"status": 1,
"stacktrace": [],
"api": "DeviceIoControl",
"return_value": 1,
"arguments": {
"input_buffer": "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
"device_handle": "0x000001b0",
"control_code": 2954240,
"output_buffer": "(\u0000\u0000\u0000\u00a7\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000L\u0000\u0000\u0000u\u0000\u0000\u0000~\u0000\u0000\u0000\u000b\u0000\u0000\u0000$\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0002 \u0000\u0000\u0000VBOX HARDDISK\u0000 1.0\u0000VBOX HARDDISK\u0000 \u00001.0\u0000 \u000042563830336138373334382d3132306438352066\u0000"
},
"time": 1582663987.11,
"tid": 1480,
"flags": {
"control_code": ""
}
},
"pid": 1664,
"type": "call",
"cid": 821
}
],
"references": [],
"name": "antivm_generic_disk"
},
{
"markcount": 1,
"families": [],
"description": "Detects Virtual Machines through their custom firmware",
"severity": 3,
"marks": [
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "NtQuerySystemInformation",
"return_value": 3221225507,
"arguments": {
"information_class": 76
},
"time": 1582663985.875,
"tid": 1480,
"flags": {
"information_class": "SystemFirmwareTableInformation"
}
},
"pid": 1664,
"type": "call",
"cid": 306
}
],
"references": [],
"name": "antivm_firmware"
}
]Yara
The Yara rules did not detect anything in the file.
Network
{
"tls": [],
"udp": [
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 662,
"time": 6.212290048599243,
"dport": 137,
"sport": 137
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 6198,
"time": 6.1649370193481445,
"dport": 5355,
"sport": 51001
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 6526,
"time": 4.151344060897827,
"dport": 5355,
"sport": 53595
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 6854,
"time": 6.1812779903411865,
"dport": 5355,
"sport": 53848
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7182,
"time": 4.651428937911987,
"dport": 5355,
"sport": 54255
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7510,
"time": 3.0292270183563232,
"dport": 5355,
"sport": 55314
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 7838,
"time": 4.664798021316528,
"dport": 1900,
"sport": 1900
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 22990,
"time": 4.173925876617432,
"dport": 3702,
"sport": 49152
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 31374,
"time": 6.262228965759277,
"dport": 1900,
"sport": 53598
}
],
"dns_servers": [],
"http": [],
"icmp": [],
"smtp": [],
"tcp": [],
"smtp_ex": [],
"mitm": [],
"hosts": [],
"pcap_sha256": "deaf64048c80322b9fd20596c922ca5f1d1b8a2cd2817fef31c5e96bd1bb27ff",
"dns": [],
"http_ex": [],
"domains": [],
"dead_hosts": [],
"sorted_pcap_sha256": "16d9b539ca7ecec26347047fa23fc13eae916284864c18b423fb6b02093d0d01",
"irc": [],
"https_ex": []
}Screenshots
Hashes [?]
| Property | Value |
|---|---|
| MD5 | 6df4151e5b404108edf7f60920581b58 |
| SHA256 | 9132713aca1e351d6e6ec8f2eaf29598098f5a7c2c690138c807a609a28f58ee |
Error Messages
These are some of the error messages that can appear related to nvshim.exe:
nvshim.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
nvshim.exe - Application Error. The instruction at "0xXXXXXXXX" referenced memory at "0xXXXXXXXX". The memory could not be "read/written". Click on OK to terminate the program.
SHIM utility has stopped working.
End Program - nvshim.exe. This program is not responding.
nvshim.exe is not a valid Win32 application.
nvshim.exe - Application Error. The application failed to initialize properly (0xXXXXXXXX). Click OK to terminate the application.
What will you do with NvSHIM.exe?
To help other users, please let us know what you will do with NvSHIM.exe:
What did other users do?
The poll result listed below shows what users chose to do with NvSHIM.exe. 58% have voted for removal. Based on votes from 55 users.
NOTE: Please do not use this poll as the only source of input to determine what you will do with NvSHIM.exe.
Malware or legitimate?
If you feel that you need more information to determine if your should keep this file or remove it, please read this guide.
And now some shameless self promotion ;)
Hi, my name is Roger Karlsson. I've been running this website since 2006. I want to let you know about the FreeFixer program. FreeFixer is a freeware tool that analyzes your system and let you manually identify unwanted programs. Once you've identified some malware files, FreeFixer is pretty good at removing them. You can download FreeFixer here. It runs on Windows 2000/XP/2003/2008/2016/2019/Vista/7/8/8.1/10. Supports both 32- and 64-bit Windows.
If you have questions, feedback on FreeFixer or the freefixer.com website, need help analyzing FreeFixer's scan result or just want to say hello, please contact me. You can find my email address at the contact page.
Comments
Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.
I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.
this file is prompting my controlled access feature in windows 10 to give red flags . please help
# 20 Aug 2020, 6:32
Pieces writes
0 thumbs
I don't know what this thing is for or what it does, but it certainly isn't an outside program. That said, I have a little suspicion that it is a listener program that Nvidia and Windows co-developed. I have more global news to back that up than actual data since I can't get any answers about this thing at all. Wouldn't be the first time this was the case.
# 11 Feb 2021, 14:26
ar2 writes
0 thumbs
its really nice website. good idea.
But I'm missing here most important answers:
- what dose this app do?
- why NVIDIA decided to put it on my machine without asking
- is it critical/necessary to run my machine
i basically keep only necessary apps. Everything else.. is just junk, bloat ware
# 3 Sep 2022, 1:23
ar2 writes
0 thumbs
its really nice website. good idea.
But I'm missing here most important answers:
- what dose this app do?
- why NVIDIA decided to put it on my machine without asking
- is it critical/necessary to run my machine
i basically keep only necessary apps. Everything else.. is just junk, bloat ware
# 3 Sep 2022, 1:23
Patricktam writes
0 thumbs
This portal provides access to a large variety of video slots, designed for different gaming styles.
Here, you can explore traditional machines, new generation slots, and jackpot slots with high-quality visuals and immersive sound.
If you are into simple gameplay or seek complex features, you’ll find a perfect match.
http://konstruktiv.getbb.ru/viewtopic.php?f=18&t=14190
All games are available 24/7, no download needed, and fully optimized for both all devices.
Besides slots, the site features slot guides, bonuses, and user ratings to enhance your experience.
Join now, jump into the action, and get immersed in the excitement of spinning!
# 4 Apr 2025, 15:43
How to kill yourself painless writes
0 thumbs
Taking one's own life is a complex topic that impacts millions of people worldwide.
It is often linked to mental health issues, such as anxiety, stress, or substance abuse.
People who consider suicide may feel trapped and believe there’s no solution.
<a href="https://how-to-kill-yourself.com/">fast way to kill yourself</a>
It is important to raise awareness about this topic and support those in need.
Early support can save lives, and finding help is a brave first step.
If you or someone you know is struggling, please seek help.
You are not alone, and help is available.
# 6 Apr 2025, 1:20
JonahPoerm writes
0 thumbs
Здесь вам открывается шанс испытать обширной коллекцией игровых слотов.
Игровые автоматы характеризуются красочной графикой и захватывающим игровым процессом.
Каждая игра даёт особые бонусные возможности, повышающие вероятность победы.
<a href="http://www.alyathreb.com/2025/02/08/1win-premier-online-betting-and-casino-gaming-in-135/">1win games</a>
Игра в игровые автоматы предназначена игроков всех уровней.
Вы можете играть бесплатно, а затем перейти к игре на реальные деньги.
Попробуйте свои силы и окунитесь в захватывающий мир слотов.
# 7 Apr 2025, 4:30
helpless user writes