driverassist-setup.exe

DriverAssist-Setup.exe

SafeBytes Software Inc.

The application driverassist-setup.exe by SafeBytes Software has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
SafeBytes Software Inc.  (signed and verified)

Product:
DriverAssist-Setup.exe

Version:
1.0.0.0

MD5:
b308d44c9ad6430e01f5881bba34df8c

SHA-1:
095d75a9106e699392daafa330115e0531328682

SHA-256:
1b3d8bb060eb9fd4046ff9e49958c00a091d27d1ac52f1b25ee3d788e916d298

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 12:45:10 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win64.Generic
17.2.23.9

File size:
2.7 MB (2,847,472 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © SafeBytes 2017

Original file name:
GenericSkinnedInstaller.exe

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\driverassist\install\driverassist-setup.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
10/22/2015 2:00:00 AM

Valid to:
9/11/2017 1:59:59 AM

Subject:
CN=SafeBytes Software Inc., O=SafeBytes Software Inc., L=Mascouche, S=Quebec, C=CA, SERIALNUMBER=8678359, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CA

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
246A1D5D12699D0EB7FE724D899B4CFC

File PE Metadata
Compilation timestamp:
2/23/2017 11:02:06 AM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x2B0AC2

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3102

Code size:
2.7 MB (2,812,928 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to ec2-52-33-30-87.us-west-2.compute.amazonaws.com  (52.33.30.87:443)

TCP (HTTP):

TCP (HTTP SSL):
Connects to server-52-85-77-49.lax3.r.cloudfront.net  (52.85.77.49:443)

TCP (HTTP):

TCP (HTTP SSL):
Connects to server-54-230-5-8.dfw3.r.cloudfront.net  (54.230.5.8:443)

TCP (HTTP SSL):
Connects to server-54-230-5-155.dfw3.r.cloudfront.net  (54.230.5.155:443)

TCP (HTTP):
Connects to server-54-230-37-143.jfk1.r.cloudfront.net  (54.230.37.143:80)

TCP (HTTP SSL):
Connects to server-54-230-206-126.atl50.r.cloudfront.net  (54.230.206.126:443)

TCP (HTTP SSL):
Connects to server-54-230-191-87.maa3.r.cloudfront.net  (54.230.191.87:443)

TCP (HTTP):
Connects to server-54-230-190-142.maa3.r.cloudfront.net  (54.230.190.142:80)

TCP (HTTP):
Connects to server-54-192-7-48.dfw3.r.cloudfront.net  (54.192.7.48:80)

TCP (HTTP SSL):
Connects to server-54-192-36-86.jfk1.r.cloudfront.net  (54.192.36.86:443)

TCP (HTTP SSL):
Connects to server-54-192-130-161.ams50.r.cloudfront.net  (54.192.130.161:443)

TCP (HTTP):
Connects to server-54-192-119-76.sfo9.r.cloudfront.net  (54.192.119.76:80)

TCP (HTTP SSL):
Connects to server-52-85-83-202.lax1.r.cloudfront.net  (52.85.83.202:443)

TCP (HTTP):
Connects to server-52-85-202-251.dfw50.r.cloudfront.net  (52.85.202.251:80)

TCP (HTTP SSL):
Connects to server-52-84-33-49.ewr50.r.cloudfront.net  (52.84.33.49:443)

TCP (HTTP):
Connects to server-52-84-26-85.ewr50.r.cloudfront.net  (52.84.26.85:80)

TCP (HTTP):
Connects to server-52-84-13-65.ord54.r.cloudfront.net  (52.84.13.65:80)

TCP (HTTP):
Connects to server-52-84-133-105.atl52.r.cloudfront.net  (52.84.133.105:80)

Remove driverassist-setup.exe - Powered by Reason Core Security