driverfinder_setup.exe

DeskToolsSoft B.V

The application driverfinder_setup.exe by DeskToolsSoft B.V has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
Publisher:
DeskToolsSoft B.V  (signed and verified)

MD5:
48ade298218559c919f41c343575253b

SHA-1:
331838802c0b88221afcbb008535eefb997af768

SHA-256:
2fab970985cb51501451224f5e2953bcccfc56fc8a13db6e8a7da272be27ec78

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 6:29:57 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DeskToolsSoft (L)
16.6.13.18

File size:
248.9 KB (254,912 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\programs\driverfinder_setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
2/8/2012 3:00:00 AM

Valid to:
2/8/2014 2:59:59 AM

Subject:
CN=DeskToolsSoft B.V, O=DeskToolsSoft B.V, STREET=Jupiterstraat 4, L=Assen, S=Drenthe, PostalCode=9405PP, C=NL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1AF9E0F588744CDEC54F29861DEA1F32

File PE Metadata
Compilation timestamp:
2/24/2012 10:19:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:AEUXQmssSM6Bcr2b2jDazH4UeaNKZiex+HYfSanHmHj:AE3m8PcK4GzreK+itYRnej

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Entropy:
7.7641

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

Scheduled Task
Task name:
{1A701DCC-883A-42D3-AC2E-E2877ED08AF9}

Trigger:
Registration (Runs on registration)


The file driverfinder_setup.exe has been seen being distributed by the following 43 URLs.

http://gsf-cf.softonic.com/331/838/.../file?SD_used=0&channel=WEB&fdh=no&id_file=6656671&instance=softonic_en&type=PROGRAM&Expires=1452189637&Signature=Mh35EfnYJlskAdxn0moWHtS3iRM5wE9MT-VVoAK9HbESVoJjo7qJOb54aM28UgPyGj9T1EAhSQKDrWT9~0Rq051Y3MnKqnf5k~xsGsHv7xzal-PtGY9aymMiYNT4ZhVzzpCAYdnrTf6iEZirtibRDosirE7VyRjArT05u43LIZ4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=DriverFinder_Setup.exe

http://gsf-cf.softonic.com/331/838/.../file?SD_used=0&channel=WEB&fdh=no&id_file=6656671&instance=softonic_en&type=PROGRAM&Expires=1449800872&Signature=X3MBVzwuxGvrKR5glQQCaqhUtgkBxHL~hGyOFrH6MJBdQemTb3Xhbu9t~axHmv5B5DRFQCGt~xTbs1NjDw7yrfqvM~w9xgtCnEoEm9zvklLnOKOsEbBNXE52g3kuKQfjGlyT5p1uMP4oTGOgfrZJO8pAIU2x5cOg-G-CpsHYB1s_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=DriverFinder_Setup.exe

http://gsf-cf.softonic.com/331/838/.../file?SD_used=0&channel=WEB&fdh=no&id_file=6656671&instance=softonic_es&type=PROGRAM&Expires=1441158331&Signature=WWzvpZ4r9wFKsKSZVZiRvz~7Jc1Qw6V2Q31MRFeIC-ZfkL4xdaWE~PW1S-qFC0qZRijoeZKN9W98wyPg2aD0yOciRuKHDliEF~cTPZHtEke-ftQLANVz8DRcfbYHzHUmTmAq4aMffi~3VEMOWthAo28miHA-ZjIEBLcOW7CvSX4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=DriverFinder_Setup.exe

Latest 30 of 43 download URLs

Remove driverfinder_setup.exe - Powered by Reason Core Security