driverassist-setup.exe

DriverAssist-Setup.exe

SafeBytes Software Inc.

The application driverassist-setup.exe by SafeBytes Software has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-52-85-74-59.lhr3.r.cloudfront.net on port 443.
Publisher:
SafeBytes Software Inc.  (signed and verified)

Product:
DriverAssist-Setup.exe

Version:
1.1.0.0

MD5:
b435d250ab423df3cbe2cc56094faed0

SHA-1:
f58be02d3ec96fb0d20aba2ea0876f636028aa67

SHA-256:
a56bf5d607b057732f51a1075f50bff0dc3e267a1aaa4e5066d5d94ec68ecbd7

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 4:33:11 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win64.Generic
17.3.6.17

File size:
2.7 MB (2,847,472 bytes)

Product version:
1.1.0.0

Copyright:
Copyright © SafeBytes 2017

Original file name:
GenericSkinnedInstaller.exe

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\driverassist\install\driverassist-setup.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
10/21/2015 8:00:00 PM

Valid to:
9/10/2017 7:59:59 PM

Subject:
CN=SafeBytes Software Inc., O=SafeBytes Software Inc., L=Mascouche, S=Quebec, C=CA, SERIALNUMBER=8678359, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CA

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
246A1D5D12699D0EB7FE724D899B4CFC

File PE Metadata
Compilation timestamp:
3/5/2017 10:43:45 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x2B0AAA

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3101

Code size:
2.7 MB (2,812,928 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to ec2-52-33-30-87.us-west-2.compute.amazonaws.com  (52.33.30.87:443)

TCP (HTTP):
Connects to server-54-230-37-137.jfk1.r.cloudfront.net  (54.230.37.137:80)

TCP (HTTP):
Connects to server-54-192-9-35.lhr3.r.cloudfront.net  (54.192.9.35:80)

TCP (HTTP):
Connects to server-54-192-9-206.lhr3.r.cloudfront.net  (54.192.9.206:80)

TCP (HTTP):
Connects to server-54-192-9-185.lhr3.r.cloudfront.net  (54.192.9.185:80)

TCP (HTTP SSL):
Connects to server-52-85-74-173.lhr3.r.cloudfront.net  (52.85.74.173:443)

TCP (HTTP SSL):
Connects to server-52-84-25-32.sea32.r.cloudfront.net  (52.84.25.32:443)

TCP (HTTP):
Connects to server-52-84-24-174.sea32.r.cloudfront.net  (52.84.24.174:80)

TCP (HTTP):
Connects to server-54-230-87-165.lax3.r.cloudfront.net  (54.230.87.165:80)

TCP (HTTP):
Connects to server-54-230-197-146.lhr50.r.cloudfront.net  (54.230.197.146:80)

TCP (HTTP):
Connects to server-54-230-197-133.lhr50.r.cloudfront.net  (54.230.197.133:80)

TCP (HTTP):
Connects to server-54-192-9-64.lhr3.r.cloudfront.net  (54.192.9.64:80)

TCP (HTTP SSL):
Connects to server-52-85-77-131.lax3.r.cloudfront.net  (52.85.77.131:443)

TCP (HTTP SSL):
Connects to server-52-85-74-59.lhr3.r.cloudfront.net  (52.85.74.59:443)

TCP (HTTP SSL):
Connects to server-52-85-74-148.lhr3.r.cloudfront.net  (52.85.74.148:443)

TCP (HTTP):
Connects to server-52-85-113-156.ind6.r.cloudfront.net  (52.85.113.156:80)

TCP (HTTP):
Connects to server-52-85-113-142.ind6.r.cloudfront.net  (52.85.113.142:80)

TCP (HTTP SSL):
Connects to server-52-85-112-105.ind6.r.cloudfront.net  (52.85.112.105:443)

TCP (HTTP):
Connects to server-52-84-64-84.ord51.r.cloudfront.net  (52.84.64.84:80)

TCP (HTTP):
Connects to server-52-84-64-21.ord51.r.cloudfront.net  (52.84.64.21:80)

Remove driverassist-setup.exe - Powered by Reason Core Security