driverfinder_setup.exe

DeskToolsSoft B.V

The application driverfinder_setup.exe by DeskToolsSoft B.V has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from 188.138.9.44 and multiple other hosts. While running, it connects to the Internet address server-54-230-216-34.mrs50.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
DeskToolsSoft B.V  (signed and verified)

MD5:
0a5cfba3deaf1d52671ab06c42a48a1b

SHA-1:
c0d7d0a38b9f36496006b4e00d965198acc72735

SHA-256:
d08a4a6839d7130d8c75b1807cb1a3be9e6c963598f0208d65c8da155d711316

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 3:26:14 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DeskToolsSoft (L)
16.6.13.18

File size:
308.7 KB (316,088 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\driverfinder_setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
3/12/2014 3:00:00 AM

Valid to:
3/12/2017 2:59:59 AM

Subject:
CN=DeskToolsSoft B.V, O=DeskToolsSoft B.V, STREET=Beilerstraat 24, L=Assen, S=Drenthe, PostalCode=9401 PL, C=NL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
23E91622F4F9BB2180A25DD47067B009

File PE Metadata
Compilation timestamp:
2/24/2012 10:19:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:7EUXEmVp49TT4w5fKxc3dNkyZEzT7XyMVudqkjAs:7EzmVp49T0w5SGsyZEX/Ikm5

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Entropy:
7.8278

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file driverfinder_setup.exe has been seen being distributed by the following 13 URLs.

http://188.138.9.44/.../DriverFinder_Setup.exe

http://www.devicedriverfix.com/download.php

http://www.driverfinderpro.com/setup.php?id=trk

http://www.driverdownloadhelp.com/download.php

http://www.mousedriverupdated.com/download.php

http://85.25.103.166/.../DriverFinder_Setup.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-216-34.mrs50.r.cloudfront.net  (54.230.216.34:80)

TCP (HTTP):
Connects to server-54-230-216-172.mrs50.r.cloudfront.net  (54.230.216.172:80)

TCP (HTTP):
Connects to server-54-192-129-196.ams50.r.cloudfront.net  (54.192.129.196:80)

Remove driverfinder_setup.exe - Powered by Reason Core Security