home

driverdetective.exe

Driver Detective

PC Drivers HeadQuarters

The executable driverdetective.exe, “This installer database contains the logic and data required to install Driver Detective.” has been detected as malware by 8 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from downloads.drivershq.com.
Publisher:
PC Drivers HeadQuarters

Product:
Driver Detective

Description:
This installer database contains the logic and data required to install Driver Detective.

Version:
8.1

MD5:
e8016f8377aa60a7b6b9f4cceace51e9

SHA-1:
9d51371b65ff5f9680731fd679e15fbae4e5b305

SHA-256:
40923c762627dbe569d39a14a00d5c5dc9309bcc06de0605c800a89b8257ec9b

Scanner detections:
8 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/5/2024 10:34:18 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160503-1

AVG
Win32/Sality
2015.0.4568

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
16.05.24

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

Microsoft Security Essentials
Threat.Undefined
1.221.508.0

Norman
Win32.Sality.3
19.05.2016 05:17:13

File size:
2 MB (2,071,776 bytes)

Product version:
8.1

Copyright:
Copyright (C) 2009 PC Drivers HeadQuarters

Original file name:
InstallShield Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\driverdetective.exe

File PE Metadata
Compilation timestamp:
4/25/2012 2:16:29 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:7NjKEhegFjROMRGMRvHTWIFahw65CYTxaaToY:MEhljROMRvRlV65CYwaToY

Entry address:
0x9895B

Entry point:
60, EB, 02, 2A, FA, 68, 3C, F7, 51, 00, 77, 03, 0F, AF, C2, 0C, E2, 89, CF, 50, F2, F7, C2, 7E, A9, B4, 74, 21, E9, 23, CF, 80, C1, 07, FF, CF, F3, E8, 15, 00, 00, 00, 80, DD, 30, 84, CF, 0F, AF, CF, 3A, D3, EB, 02, B2, 80, 35, FB, 1A, 00, 00, 30, D3, 58, 85, F1, F3, 81, FB, 6D, 1C, 00, 00, 73, 09, 80, D5, 0F, 81, FE, F5, 27, 8E, 1D, 05, A0, 3B, 0D, 00, 0F, AF, F1, 89, D3, 2D, 68, 0C, 00, 00, F6, C0, 56, 4D, 81, FB, 58, 01, 00, 00, 74, 07, 45, 69, D7, E8, 70, C2, 85, B7, CE, C6, C2, 4A, 8A, FA, 85, C8, 70...
 
[+]

Entropy:
7.2071

Code size:
907.5 KB (929,280 bytes)

The file driverdetective.exe has been seen being distributed by the following URL.

http://downloads.drivershq.com/DD/.../DriverDetective.exe

Remove driverdetective.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.