dc_setup.exe

Driver Checker

Guangxi Nanning Qiwang Co. Ltd.

The application dc_setup.exe, “Driver Checker Setup ” by Guangxi Nanning Qiwang Co has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. This file is typically installed with the program Driver Checker v2.7.5 by driverchecker.com, Inc.. The file has been seen being downloaded from download1735.mediafire.com and multiple other hosts.
Publisher:
driverchecker.com, Inc.   (signed by Guangxi Nanning Qiwang Co. Ltd.)

Product:
Driver Checker

Description:
Driver Checker Setup

Version:
2.7.5

MD5:
c16a6a7018901c5191404722d9b11c43

SHA-1:
ac69c0f30ee0e71f8f95896b7cb749a4dc57adc3

SHA-256:
73270a091e27031edb01a1fd898e3ff76497fa66fd4104c84f49e7ad441f30f9

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/5/2024 4:48:26 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.GuangxiNanningQiwangCo.I
14.2.16.4

File size:
5.5 MB (5,760,144 bytes)

Product version:
2.7.5

Copyright:
Copyright(C) 2009 - 2012 DriverChecker.com, Inc.

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\{random}\dc_setup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/29/2011 2:00:00 AM

Valid to:
6/29/2014 1:59:59 AM

Subject:
CN=Guangxi Nanning Qiwang Co. Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Guangxi Nanning Qiwang Co. Ltd., L=Nanning, S=Guangxi, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
058EFD81CFC178B930CAA249710DE3B1

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:DoZ1zfXBY9NU/6bZs5Bzfn0zf4W+aoMGn5mXzklV/A1iXTTZ5dRbIidRWjvPIjhl:mzfRY7Z4Bn0r4J1n5mXzkl5T/bIidR2Q

Entry address:
0x9A58

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 6E, 96, FF, FF, E8, 75, A8, FF, FF, E8, A0, CA, FF, FF, E8, E7, CA, FF, FF, E8, 0E, F3, FF, FF, E8, 75, F4, FF, FF, 33, C0, 55, 68, 0B, A1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, D4, A0, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 02, FA, FF, FF, 8D, 55, F0, 33, C0, E8, AC, D0, FF, FF, 8B, 55, F0, B8, E4, CD, 40, 00, E8, 1F, 97, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E4, CD, 40, 00, B2, 01, B8...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36.5 KB (37,376 bytes)

The file dc_setup.exe has been discovered within the following program.

Driver Checker v2.7.5  by driverchecker.com, Inc.
Publisher's description - “Drivers may relate to small software programs and share the same files. If any of the files is damaged which results in corrupted and outdated drivers, errors will occur on your computer endlessly.”
www.driverchecker.com
50% remove it
 
Powered by Should I Remove It?

The file dc_setup.exe has been seen being distributed by the following 21 URLs.

http://download1735.mediafire.com/sk3i63ed20eg/.../DC_Setup.exe

http://download1172.mediafire.com/0nk7xmpirxog/.../DC_Setup.exe

http://download.findmysoft.com/2013/06/.../Driver-Checker_2.7.5.exe

http://download835.mediafire.com/9nfxw6e2ujfg/.../DC_Setup.exe

https://mega.nz/persistent/.../to9AVSRY

http://download1671.mediafire.com/dtnvq7kztpfg/.../DC_Setup.exe

http://download2115.mediafire.com/oa5ep6hrcszg/.../DC_Setup.exe

http://download1383.mediafire.com/7a6u7e6js3mg/.../DC_Setup.exe

http://download1671.mediafire.com/s3dxnll9e9ng/.../DC_Setup.exe

Remove dc_setup.exe - Powered by Reason Core Security