home

driver_booster_setup.exe

AnVir Software

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from cs00.superfiles.me.
Publisher:
AnVir Software  (signed and verified)

MD5:
02fa1308a0b03b37373252542da11f3e

SHA-1:
fe92300bcc466cf0dfc70a38c36b297094d6c0e0

SHA-256:
7c2eaaca2ca838424214cd58c7a708d8d9f4db91caf62aa786b2b5ec1ab40e46

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/13/2025 8:58:57 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.6979

Dr.Web
Program.Unwanted.416
9.0.1.0363

G Data
Win32.Adware.iObit
15.12.25

Rising Antivirus
PE:Trojan.RuMail!1.6574
23.00.65.151227

File size:
21.2 MB (22,237,104 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\?????????\driver_booster_setup.exe

Digital Signature
Signed by:
AnVir Software

Authority:
COMODO CA Limited

Valid from:
9/27/2011 3:00:00 AM

Valid to:
9/27/2014 2:59:59 AM

Subject:
CN=AnVir Software, O=AnVir Software, STREET=29 Altaiskaya ul., L=Moscow, S=Moscow, PostalCode=107589, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6BA3E1478E3A2F8975212409D192880E

File PE Metadata
Compilation timestamp:
9/26/2011 4:21:38 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
393216:UjVtYS56jwTb8G+46McDegfqVv6yy/tmelvDccPEGEU0LDXi91cHdRgnio2cA:mIS56UTb8d4exqVv6yy/se5DqU8Xi91w

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The file driver_booster_setup.exe has been discovered within the following program.

Driver Booster  by IObit
Publisher's description - “Outdated drivers may heavily affect your PC performance and lead to system crashes. Driver Booster scans and identifies outdated drivers automatically, and downloads and installs the right update for you with just ONE click, saving you loads of time.”
www.iobit.com
43% remove it
 
Powered by Should I Remove It?

The file driver_booster_setup.exe has been seen being distributed by the following URL.

http://cs00.superfiles.me/f/0/1457020159/42834731/0/.../Driver_Booster-spaces.ru.exe

Scan driver_booster_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.