» driver update.exe
Overview
Analysis
File Details
Downloads (1)

driver update.exe

PC Driver Kit

Install Manager

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application driver update.exe, “PC Driver Kit ” by Install Manager has been detected as adware by 29 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from e5hzz.instante.sweepsummer.eu.

File name:

driver update.exe

Publisher:

Install Manager (signed by Install Manager)

Product:

PC Driver Kit

Description:

PC Driver Kit

Version:

2.0.56.0

MD5:

d278da4abdffe2cba01e305f6c8a1264

SHA-1:

17a5de469a6b83e16ad04a41ad1152d1a9065709

SHA-256:

2abfdde37dc80b54f6cc2577d22585b62569acad46f26392f7bb11d8737ff266

Scanner detections:

29 / 68

Status:

Adware

Explanation:

This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/24/2024 5:22:53 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Graftor.153852

364

Agnitum Outpost

PUA.AirAd

7.1.1

AhnLab V3 Security

PUP/Win32.Installer

2015.01.09

Avira AntiVirus

Adware/InstallCo.zka

7.11.200.58

avast!

Win32:Adware-BZI [PUP]

2014.9-160206

AVG

Generic

2017.0.2842

Baidu Antivirus

PUA.Win32.AirAdInstaller

4.0.3.1626

Bitdefender

Gen:Variant.Application.Bundler.Graftor.155900

1.0.20.185

Bkav FE

W32.HfsAdware

1.3.0.6267

Dr.Web

Trojan.SMSSend.5502

9.0.1.037

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.153852

8.16.02.06.10

ESET NOD32

Win32/AirAdInstaller.A potentially unwanted application

10.7.0.302.0

F-Prot

W32/A-a607985a

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Graftor.153852

11.2016-06-02_7

G Data

Gen:Variant.Adware.Graftor.153852

16.2.24

IKARUS anti.virus

PUA.AirAdInstaller

t3scan.1.8.6.0

K7 AntiVirus

Unwanted-Program

13.190.14587

Kaspersky

not-a-virus:AdWare.Win32.AirAdInstaller

14.0.0.703

Malwarebytes

PUP.Optional.AirInstaller

v2016.02.06.10

MicroWorld eScan

Gen:Variant.Adware.Graftor.153852

17.0.0.111

NANO AntiVirus

Trojan.Win32.SMSSend.dfptxm

0.30.0.64448

Norman

Gen:Variant.Adware.Graftor.153852

11.20160206

nProtect

Trojan-Clicker/W32.AirAdInstaller.934296.B

15.01.08.01

Reason Heuristics

PUP.Adknowledge.InstallManager.Installer (M)

16.2.6.10

Rising Antivirus

PE:PUF.Airinstall!1.9C4C

23.00.65.16204

Sophos

PUA 'AirInstaller'

Vba32 AntiVirus

AdWare.AirAdInstaller

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

36496

Zillya! Antivirus

Backdoor.PePatch.Win32.44626

2.0.0.2029

File size:

897.4 KB (918,936 bytes)

Product version:

2.0.56.0

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion

Language:

English (United States)

Common path:

C:\users\{user}\downloads\driver update.exe

Digital Signature

Signed by:

Install Manager

Authority:

DigiCert Inc

Valid from:

8/6/2013 7:00:00 PM

Valid to:

8/11/2015 7:00:00 AM

Subject:

CN=Install Manager, O=Install Manager, L=Victoria, S=British Columbia, C=CA

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

06C0BBB90999729C33560EC18A203261

File PE Metadata

Compilation timestamp:

8/19/2014 11:29:30 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:al8MdhuJy9Z1ARjpQ4kvoCHCr21oUQAh5UcyHBWGktXE46SAjKvHWDialK6+oUdH:al8MdwyzXHvH0cuBytmVD7K6+pdCfWlP

Entry address:

0x297BE0

Entry point:

60, BE, 00, 80, 5C, 00, 8D, BE, 00, 90, E3, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Entropy:

7.8743

Packer / compiler:

UPX 2.90LZMA

Code size:

832 KB (851,968 bytes)

The file driver update.exe has been seen being distributed by the following URL.

http://e5hzz.instante.sweepsummer.eu/AIRdriver2cpaUS.html

Remove driver update.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.