d2dh1mgp.exe

SlimDrivers

Slimware Utilities Holdings, Inc.

The file d2dh1mgp.exe, “SlimDrivers Setup Wizard” by Slimware Utilities Holdings has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
Publisher:
SlimWare Utilities, Inc.  (signed by Slimware Utilities Holdings, Inc.)

Product:
SlimDrivers

Description:
SlimDrivers Setup Wizard

Version:
2.0.0

MD5:
b646044ba5f0dd4ebb1e8d9a2bda7f46

SHA-1:
1e13b73fbc795e444f6ea69d02b17298ba45a86d

SHA-256:
f6ef2b41fe873c2a08ea270fa54bc36d835b9202fb14fc67eb60898ceb4f4237

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 6:41:52 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Slimware.Optional.Installer.Meta (M)
16.4.26.21

File size:
958.7 KB (981,728 bytes)

Product version:
2.0.0

Copyright:
Copyright SlimWare Utilities, Inc. 2011-2015

Original file name:
SlimDrivers-setup.exe

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\d2dh1mgp.exe.part

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/22/2015 6:00:00 PM

Valid to:
1/6/2018 5:59:59 PM

Subject:
CN="Slimware Utilities Holdings, Inc.", O="Slimware Utilities Holdings, Inc.", L=New York, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
246BBE812B36C137225497BA8DF178FA

File PE Metadata
Compilation timestamp:
2/25/2015 10:27:44 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:oIZLwDshZ2p6j2y4LcmXjxEL/hPKHvcXqFApycRpB9EF3J8Qf:PZ0S2p6KIE6LJEvcpyc3nEFuQf

Entry address:
0x2F69C

Entry point:
E8, BE, 76, 00, 00, E9, 17, FE, FF, FF, 8B, 44, 24, 04, 66, 8B, 08, 40, 40, 66, 85, C9, 75, F6, 2B, 44, 24, 04, D1, F8, 48, C3, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, F2, 4E, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 88, 7B, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, CD, 4E, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, F2, 76, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D, C3, 8B, 44, 24, 04, 85...
 
[+]

Code size:
300 KB (307,200 bytes)

The file d2dh1mgp.exe has been seen being distributed by the following 12 URLs.

https://dw.uptodown.com/dwn/WRBbvjvk8Ml_9U7bNRmwcTQ5aNPr3QNndG-fSEhTzCUDchOrw6Fr9GwQUGlpq8giKUdKKmoAF3iVa5YPPFSb3cqPs_pwrUFYIN01TWI5w8DJrbyVMSbPJvjUr__pUqG3/18peyuumdPySMLUNf6ApkB2o4gKhuhIfnD5Iu9z1gZfbKzgk31PgXWrc5w78M_1gz53KMMzmR0mQQAOmyhcENG5NOnTNGtBoIwJrAMt-GtSMAk0xJvSEJL6lweA0u-kq/GgJUSJcBWR302JFbmYCygpkRUijc-6zO7G7K_V8kX4GyrhsqBo01MKd1NbtoQi2fSUJAVRrPJOjnL3XDPF-J5fxb9iV5N0XlzpB7zFRFHvXTpQGiZhS2Chxfz8K3khvc/.../

https://dw.uptodown.com/dwn/VTPysLnTByky0Y6tfy9AXeSWC6fkm2R9rwvB5E6zUjYt_dPUn1xScpS8HHwC3nRoo5VFor07pFRhspt_ktuNf4RJholKuedbCcVKH93EeNp8YUZc-nZ9ACItlGhEioYq/OfQ83Rp8fx2QF5eckYWITsCo_Z2BJud-c-4EaXtzdErDwV_pZ1WD73k8_iD8dm5l3vO8VjH-sof8oGEwQh7TLvYCXaWBxzVOydV7UQIR_Ln_Kuw8jZ61XEVNz4laBHG6/.../

http://dw.uptodown.com/dwn/F330a2fGjbHi9cyE3-DcPRLSzIkMBlYm6esRoFvkSRT9cSJQHuGp3tDQk0vfgy25SrSgeEs1wr0v5UV0jGDGiKsyODvGgbadBLkML82Atrbxm_SQ-7ZFDWOl03WU_rU0/vcC1aoDLQ5JsuBF1kl-4shXmiGdlu4KFAnD-ZZ-gWkgQH2JlbRW1UINN50IzrW-J252nQE1vBY818cGyrFpD5U8r6VvlKljLBf_tsA60iKQJQggtDBSf5_wA4IeQe044/.../

https://dw.uptodown.com/dwn/4ay45n08uyba4ENRswGOw8PpaGg6q8C5J2-obFfC4cKIQmpBAfWWGlLodU1b-FMZlfmMg_ro0j0vW-3rcCVGwuAm95x-RTUHpSdPQX4Ap1qEarAS19IpRTAe_J5jFTdD/_BmUXQSc3COtKcd-r2WGpDwddd31mLYTwXVfuEgJct-KxdnZFi8NsbxFWfA9tZVa5pficXTlR-6QQd362E3cYG6fvLuMVUO1Q04UnhRsxV6FSeAukhuArdURUEE2PILl/5XSPzMut4l-qz4Hw8K3SVI6ANlfigz07NxYhFI-axiDmSaPCpSPi7QnbUoNPnOhQV26eUlP3q3DxD1oels95Exj2uY2zBo6o_j7xEXFSMBnHMRNXz7LYqyJ3laBXbAkJ/.../

https://dw.uptodown.com/dwn/6hUAFU2dppwtLiUL5KAHBIFOWLGWquIVUhWFTqB-LvxDr3FPBQ-QxnJ9Kmao0xu-tERgLGdQ9SOjvNLmZqcHpd2SYWAOLXYdxC-h6FnLD8Jy636DQr4M4oDB5q2nLytR/7F1i-wvuAiA_UPMjRnJKM9fi78J9Ivj3WXD5YCek5fQ-RIL0cmtwrr28b4MG5IvDMlEyTZQkohok6gmq6Ao18c-8pIQEUCTQbh37eJ0BzuQX5Z0yi48UsCKZ3R4GxZiI/4KIVvcSLhaabX4Bxwy2dw6K8lFusRYJIJujfkIAcgOXzby6TuaelGR88YLB5Mtvc7690Ryyrf3F0p2PthMZoJp9bcACIESqJZNo9u4lecIiG5FCZfmmQ-eQYoUsMN9VD/.../

https://dw.uptodown.com/dwn/qvhH_L6oaDmMx-Cfff-Yu0iFEyTYy10K8yfAscHYkzRRH4kJzK_wDndHc2n9Uw9phFd_gV2iqProXfu37Y5wimO5DoNPtv_pNBxDwWgkWansH_6Ci-5ETG90ANtkC8sT/aTeMJEdziBH7ZmrluN1NsQ_ttuGCugoOcyU_rayBdkbjGriCJg5skKdAqEvTjMvJgmBftBfFfVHzxAwPwEyxIa_mAD6ZK1uR8hxNsfWh01C1ZX1OVlmor8g772_0ovaU/oMllMobOUi_7oZtYpKT6W0NKws9xmhOxFTXuxdwktwSgXeeVYrOzdsvPGFubl92Ildff7-D8mOlaqS6Xm9rtVgN0XbqgbjuR9r0r9cklCR0-R4o_a3QGXFPbG3ZIZCDe/.../

https://dw.uptodown.com/dwn/c64tQ3XkcHY6huPKLEqf7tt94X0AUlX7SwwUxP5sAWywbxdebqqARpliZ8r9SqA26l9tzsgx4Mv371HAKNusO8pQ89SoXl-_Tzv7nGAhTubBEHWFfnJId0MjyFNTSuTZ/OQ5Ds2yX55jDKUcq8gGlXN-FtK2S09XT9x_iYSeT_5mxtEf-AdN67jFi6OAB7whLflrTLhuyb6iBwJzgaNkIRwSPkgEWvZRDtkIJCBrRTIPw1_RGuau8wS8qWemo9ozh/GS5nu_GcSCPb-aNQ-1NiNKrKNrOEYykDH6Smp4s6afa0F8FzdZn-wAqNMBy1vfHCQl_qWquwHjBML0mwKbKJMDTRnvMbmupjAv1l_99uOI9j0S4CVUGa_7nTjrKmXCul/.../

https://dw.uptodown.com/dwn/uM8GrfWieLWCsMxperbc9rIEiB9L1pkIiZs-Q9idxII8Lvr2Z1O_JldiRmrvtNfgS6frYgB3285BHhk26JpIU94IzCi-cwEsgsGqTr4QhuP0ItVk845AHwryhYtbORoB/JKRYeA09NNgCzjF4RYdXzyCGmZeTXQBYW2h4_36_1_d4_a6W68FLNiFuzxIO27MRYYwjyYkp0szesfLXYLW3yWckLp2K5kyXRE--u5yNHszNRTadM6Br8zym4BWBIXGM/GPjW7jDvcNU9LNblqxSxoUnMFTMvgc5TLgTBFXhi5px0I--RuyaO_LKHb49J9Y_RhhBw-_zWBdE66bIsyMXIfGGkt6LqPfHBZ92cZGeN0cJjYx4QOdN4rDxaRJKYAV1x/.../

https://dw.uptodown.com/dwn/00GgKA97ZsdRBIyk5LyNXpZGkNdTEr3EpO9LjQUYUFwK9ttu6T7HLekoWkNsrytXRZ_8uxkR5hKgAke927g6OW2MZWKYUGDR1HMf4VfJF6Fy-UUsdhH_G7Gm1Pi82c2i/LKQIdsdlYPQDZNTc1czuDdT_EpcNpaZaHKMYiLfuKAnSziwKr3txBwqfBNxX4suNLqVC7byGMHAW4K9NbN03ZbsHi15-OC_0Yjf86Iy90MqgGTX7vdu22mxEA8ZLxEyY/E0VbU9uLRzQvuyoXgXKzjgFOJ5e5gvJO4W-wb7hiDfJpT2J0lgZzGwzFIYqPYTvAvqCPpXzcDfew09hZD5p-0Z-icaOtm0eaE4urlSlSANwbOXo1OnkQNbCL0av31100/.../

http://dw.uptodown.com/dwn/v9wiY00MItXY1uEho11lK7aTd5mckfwYZCG5KJCBxD3CXsBJlpXaLTigSWBSEKr4Et5mEcG7rQeS3o4EIveVvQdehCEYm-me0IaItZGQkeiCtVBmqyX8Ut-yRUKfO061/AAfyyP2VVSnPHBLQPO9jPWu7L-JW-Kto_wdT33mwoxd5-vEYCv-XSVy5A7DY1TOjxjLUv7_c3SJ6qirbKc29-5JkUqfLC8VdATlRPaDhQdiOzOyaind2aeYxeXJ86oxR/E5HmFjmbt5oLoRGZFdjyk0f3y4-zZoPrtIam-NcdW8VFL1o8Dx70JbOoq4PLFHZrPnHxliKf_s6eSTrAl-9Pa5ytj4tBuq3ihjVOS6IwDCgYgnuU4Td7Y5CaKNL6S0PR/.../

https://dw.uptodown.com/dwn/SgpEC5V-ZsJuolL8hk2oewyKVY6Lf-5oSxCo0f1yJnNlGU-g0Y5gN5Vezm0TEQygW9RoHNWLH_N00cVCnpyilibtJSBx8ZpN3-vHN_AA5QU1WF1TjXjzkmWFQYzbuVKP/ezFZAxQRy9nHaJ5-aj-Hzi1HuAISHBQjg8flnaVB3HWR8hBMg8yYck7TcRSXT5JgsjuIWbaIzyFI7XFdZEm_-goVrhSf4evxCZhtFF2s8rV1arF-ey38m-fw8GE81u4A/ZUltUUDGtw5ryE8njOAXhkMoBkIqmIQxhMRqPPtZKc4QRsHW2yH54UKmk_LOZUGhlIzjozXbWiqAuMM0YqdZTGMSrvvVsB4vE6Pc5zgx4cwPCWBPSmKPQTpWc7MRUNGI/.../

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-172-246-138.compute-1.amazonaws.com  (54.172.246.138:80)

TCP (HTTP):
Connects to ec2-52-205-138-83.compute-1.amazonaws.com  (52.205.138.83:80)

TCP (HTTP):
Connects to ec2-52-55-209-160.compute-1.amazonaws.com  (52.55.209.160:80)

TCP (HTTP):
Connects to ec2-52-200-95-59.compute-1.amazonaws.com  (52.200.95.59:80)

TCP (HTTP):
Connects to ec2-52-22-228-216.compute-1.amazonaws.com  (52.22.228.216:80)

TCP (HTTP):
Connects to ec2-52-73-139-56.compute-1.amazonaws.com  (52.73.139.56:80)

TCP (HTTP):
Connects to ec2-107-22-237-248.compute-1.amazonaws.com  (107.22.237.248:80)

TCP (HTTP):
Connects to ec2-50-17-223-81.compute-1.amazonaws.com  (50.17.223.81:80)

TCP (HTTP):
Connects to server-54-240-186-124.mad50.r.cloudfront.net  (54.240.186.124:80)

TCP (HTTP):
Connects to server-54-192-59-130.gru1.r.cloudfront.net  (54.192.59.130:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (52.216.226.242:80)

Remove d2dh1mgp.exe - Powered by Reason Core Security