driverfindersetup.exe

DeskToolsSoft B.V.

The application driverfindersetup.exe by DeskToolsSoft B.V has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from cdn.driverfinderpro.com and multiple other hosts. While running, it connects to the Internet address server-54-230-95-202.fra2.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
DeskToolsSoft B.V.  (signed and verified)

MD5:
8d1fc28a732b5ed07e5659a31f2bce3b

SHA-1:
1abbb55d1b3345badc7164609f6ef49c9c4f493c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 12:05:21 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DeskToolsSoft.Installer.Meta (L)
16.6.13.17

File size:
307.4 KB (314,792 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\documents and settings\aziz\mes documents\egdownloads\driverfindersetup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
2/8/2016 1:00:00 AM

Valid to:
3/12/2017 12:59:59 AM

Subject:
CN=DeskToolsSoft B.V., O=DeskToolsSoft B.V., STREET=Beilerstraat 24, L=Assen, S=Drenthe, PostalCode=9401 PL, C=NL

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C1E7336D4840CCCE893FF3B383FCA499

File PE Metadata
Compilation timestamp:
2/24/2012 8:19:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:9EUXEm8vXo4ClTvNgYyltHGIY6xVtPLi5vc+RpP/hL6644:9Ezmb5gYatmIYYP250GpPZLV44

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file driverfindersetup.exe has been seen being distributed by the following 8 URLs.

http://cdn.driverfinderpro.com/DriverFinderSetup.exe

http://driver-finder.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAOXcWk/i WOGeImNQ/.../4MF5Rqcm0BKYZs4xJM2PZV QTRaffsTkn8gU45KwznrMy1pmUhvpS82ZnWCI=

https://www.aweber.com/.../addlead.pl

http://www.driverupdatersexposed.com/.../

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-95-202.fra2.r.cloudfront.net  (54.230.95.202:80)

TCP (HTTP):
Connects to server-54-192-129-132.ams50.r.cloudfront.net  (54.192.129.132:80)

TCP (HTTP):
Connects to server-52-85-221-59.cdg50.r.cloudfront.net  (52.85.221.59:80)

Remove driverfindersetup.exe - Powered by Reason Core Security