home

devicedoctor.exe

Device Doctor

Smart PC Solutions, Inc.

The application devicedoctor.exe, “Fast, easy and safe way to update your drivers” by Smart PC Solutions has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address static.105.2.9.176.clients.your-server.de on port 80 using the HTTP protocol.
Publisher:
Device Doctor Software Inc.  (signed by Smart PC Solutions, Inc.)

Product:
Device Doctor

Description:
Fast, easy and safe way to update your drivers

Version:
2.1.0.0

MD5:
13f62288a7cbc07aae784d53ff447f92

SHA-1:
af530b3376bee7fcbf57fad929e53f1215e96ff4

SHA-256:
57df8d9dfd81acb590a44b5666fafa958bbe97023ffed27050777b01ad087dd9

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/27/2024 2:34:29 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.SmartPCSolutions.M
14.6.10.14

File size:
1.7 MB (1,759,888 bytes)

Product version:
2.1.0.0

Copyright:
Device Doctor Software Inc.

Trademarks:
Device Doctor Software Inc.

Original file name:
DeviceDoctor

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\device doctor\devicedoctor.exe

Digital Signature
Signed by:
Smart PC Solutions, Inc.

Authority:
VeriSign, Inc.

Valid from:
4/5/2011 3:00:00 AM

Valid to:
5/30/2014 2:59:59 AM

Subject:
CN="Smart PC Solutions, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Smart PC Solutions, Inc.", L=Alexandria, S=Virginia, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
502E76B6ACDCDE4F3336BF9286946063

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:dSc9p4XqSA1HAegNeYdb4OJEW63h6wpHJqrjR8ZPSxY:db/pAbV23h6wFAR8Z6xY

Entry address:
0x10F538

Entry point:
55, 8B, EC, 83, C4, E4, 53, 56, 57, 33, C0, 89, 45, EC, 89, 45, E8, 89, 45, E4, B8, 60, F0, 50, 00, E8, 9A, 73, EF, FF, 33, C0, 55, 68, 7A, F6, 50, 00, 64, FF, 30, 64, 89, 20, 8D, 55, E4, B8, 01, 00, 00, 00, E8, 1B, 35, EF, FF, 8B, 45, E4, 8D, 55, E8, E8, 7C, 9B, EF, FF, 8B, 45, E8, 8D, 55, EC, E8, 81, 97, EF, FF, 8B, 55, EC, A1, D8, 27, 51, 00, E8, 4C, 4D, EF, FF, 68, 8C, F6, 50, 00, 6A, 00, 68, 01, 00, 1F, 00, E8, C7, 78, EF, FF, 85, C0, 75, 10, 68, 8C, F6, 50, 00, 6A, 00, 6A, 00, E8, 05, 76, EF, FF, EB...
 
[+]

Entropy:
6.8553

Developed / compiled with:
Microsoft Visual C++

Code size:
1.1 MB (1,107,968 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static.105.2.9.176.clients.your-server.de  (176.9.2.105:80)

TCP (HTTP):
Connects to static.106.2.9.176.clients.your-server.de  (176.9.2.106:80)

Remove devicedoctor.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.