driverdoc_2014.exe

DriverDoc

Solvusoft Corporation

The application driverdoc_2014.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from download.solvusoft.com.
Publisher:
Solvusoft Corporation

Product:
DriverDoc

Version:
DriverDoc

MD5:
d4efaf082eaf9db961e119957b7877c5

SHA-1:
956fd1d72ac9c6be9d84e68e04e0c199a5bd95c6

SHA-256:
515277d610d995517a9cf046fd979e055f5ada74b1c30ee52a146158f59fc102

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 11:34:17 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WinThruster (L)
16.7.16.23

File size:
3.3 MB (3,511,160 bytes)

Product version:
1.52.1086.14425

Copyright:
© Solvusoft Corporation

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\driverdoc_2014.exe

File PE Metadata
Compilation timestamp:
7/9/2012 2:41:29 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:BhMXbXbA+Zc3fEHebQMj0xuWq9heQXSdRZgu2AI1DW6439rNCJg1JcFNRrqIiJZJ:zMXrc+ZDmJjqEz6271IkVFNRrqIZfo

Entry address:
0x16478

Entry point:
B3, 62, 86, D2, 85, CB, 78, 09, B2, 0B, 84, E0, 0D, 4B, 29, 44, 4B, 0F, AF, F0, 0F, B7, E9, B3, B9, F2, 0F, BF, E9, 2D, 60, D1, 00, 00, 89, CA, 84, D2, 2D, 4E, 0C, 00, 00, 87, FA, 85, C3, 3C, D3, 8B, DA, FE, CE, 21, DE, 84, EB, FF, C7, FF, C2, E8, 32, 00, 00, 00, 85, D2, 0F, B7, C0, 81, C6, 2C, 01, F8, 17, 01, CA, F6, C4, 17, FF, CA, 40, B9, AD, EE, 00, 00, 85, C9, 69, D9, 36, 62, 64, AA, 81, F1, F2, 0B, 00, 00, 81, DB, 98, BA, CA, 6D, 81, F1, 05, 0E, 00, 00, 69, D1, 56, 57, 3B, CA, FE, C0, F2, 86, F0, 0F...
 
[+]

Entropy:
7.9856  (probably packed)

Code size:
84 KB (86,016 bytes)

The file driverdoc_2014.exe has been seen being distributed by the following URL.

Remove driverdoc_2014.exe - Powered by Reason Core Security