driver_genuis_17_de_r.exe

Driver Genius

Driver Information Technology Co., Ltd.

The application driver_genuis_17_de_r.exe, “Driver Genius Setup ” by Driver Information Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from downloads.upclick.com and multiple other hosts.
Publisher:
Driver-Soft Inc.   (signed by Driver Information Technology Co., Ltd.)

Product:
Driver Genius

Description:
Driver Genius Setup

Version:
17.0

MD5:
3fd67e6c750ae856ed1a8b91f1e33150

SHA-1:
6fe5a7055daebbea14f59cbadcc9d6d71c9ccd56

SHA-256:
0e0b8b9ef20c26d2f7dec01b5958b58b1d5937ad0ca016f7e671734ed124e6e6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/25/2024 1:03:06 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.CSH (L)
17.1.25.16

File size:
10.3 MB (10,811,096 bytes)

Product version:
17.0

Copyright:
Copyright © 2002-2017 Driver-Soft Inc. All rights reserved.

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\driver_genuis_17_de_r.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
1/13/2016 1:00:00 AM

Valid to:
8/20/2017 1:59:59 AM

Subject:
CN="Driver Information Technology Co., Ltd.", O="Driver Information Technology Co., Ltd.", L=ChangSha, S=HuNan, C=CN

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
19889469F66712E6654578C53844C7C1

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xAA98

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
40.5 KB (41,472 bytes)

The file driver_genuis_17_de_r.exe has been seen being distributed by the following 2 URLs.

https://downloads.upclick.com/download.aspx?id=d6442cda-1cee-4635-b080-a19602e4653a&mkey1=AQ_DE_EM_DG17_FREE_T2_0117_UPG0&mkey2=AQ_DE_DG_UPG_FREE2&mkey5=nc&uid=1013455&wid=5808

https://shop.avanquest.com/.../download_link.php?type=master&id=6cf86e4edfc2a2229124ee5c61386cad17953892

Remove driver_genuis_17_de_r.exe - Powered by Reason Core Security