driver genius professional 15._3@23419.exe

downer for windows

Wang Xin'gang

The application driver genius professional 15._3@23419.exe by Wang Xin'gang has been detected as a potentially unwanted program by 16 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from xz.119g.com and multiple other hosts.
Publisher:
Riyue peer information technology (Beijing) Co., Ltd  (signed by Wang Xin'gang)

Product:
downer for windows

Version:
1.2.0.0

MD5:
7aeced2d54ccaaa3c92b61b8a9e6db9e

SHA-1:
3e90785a0864b160b63fd6984eed04a528153a46

SHA-256:
8046a49556d83f81da353403c75d0ba5dc90c1ec392b71943d9ec0bf4e08f0e4

Scanner detections:
16 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 2:28:27 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
2014.9-151127

AVG
Generic
2016.0.2913

Baidu Antivirus
PUA.Win32.Gaofenquming
4.0.3.151127

ESET NOD32
Win32/Gaofenquming.A potentially unwanted (variant)
9.12629

Fortinet FortiGate
Riskware/Gaofenquming
11/27/2015

IKARUS anti.virus
Trojan-Banker.Win32.Delf
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.212.17982

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.1058

McAfee
Artemis!7AECED2D54CC
5600.6569

NANO AntiVirus
Riskware.Win32.Downware.dxtnim
0.30.26.4751

Panda Antivirus
Generic Suspicious
15.11.27.11

Reason Heuristics
Threat.Win.Reputation.IMP
15.11.27.23

Sophos
Generic PUA DO (PUA)
4.98

Vba32 AntiVirus
AdWare.Agent
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
45446

Zillya! Antivirus
Worm.Allaple.Win32.26832
2.0.0.2534

File size:
2.6 MB (2,721,280 bytes)

Product version:
1.2.0.0

Copyright:
Riyue peer information technology (Beijing) Co., Ltd

Original file name:
downer

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Common path:
C:\users\{user}\downloads\programs\driver genius professional 15._3@23419.exe

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
4/16/2015 2:21:52 PM

Valid to:
4/16/2016 3:21:52 PM

Subject:
CN=Wang Xin'gang, L=Baicheng, S=Jilin, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
2108C800D6BA37F4A70D21559AF73CF5

File PE Metadata
Compilation timestamp:
9/25/2015 4:33:07 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:hVEGQs1XkKn21Lc9fgVbWpYbKz4DgDjawyEgIO4YZ+wLhnzkexAd:hVEGRCc6ViyoyEWZ+wtod

Entry address:
0x782720

Entry point:
60, BE, 00, 40, 8F, 00, 8D, BE, 00, D0, B0, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Entropy:
7.9086

Packer / compiler:
UPX 2.90LZMA

Code size:
2.6 MB (2,682,880 bytes)

The file driver genius professional 15._3@23419.exe has been seen being distributed by the following 2 URLs.

http://xz.119g.com/download?webid=25&softid=6F8A1A067BED4B2B&softname=??????????BT???...

Remove driver genius professional 15._3@23419.exe - Powered by Reason Core Security