driverfindersetup.exe

DeskToolsSoft B.V.

The application driverfindersetup.exe by DeskToolsSoft B.V has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.desktoolssoft.com and multiple other hosts. While running, it connects to the Internet address server-52-84-33-169.ewr50.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
DeskToolsSoft B.V.  (signed and verified)

MD5:
4c8ca9b6c7a3131175b5252f2d41438f

SHA-1:
6f4bdf784267e4f0f5ddacadd8fa15346b6d4315

SHA-256:
93e0c3b1b10bfb593967e94b59401660da28ddfe0d78f4a0bfd13b15d7bedd6c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 11:30:37 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DeskToolsSoft (L)
16.10.22.11

File size:
307.6 KB (314,968 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\Program Files\driverfindersetup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
2/7/2016 4:00:00 PM

Valid to:
3/11/2017 3:59:59 PM

Subject:
CN=DeskToolsSoft B.V., O=DeskToolsSoft B.V., STREET=Beilerstraat 24, L=Assen, S=Drenthe, PostalCode=9401 PL, C=NL

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C1E7336D4840CCCE893FF3B383FCA499

File PE Metadata
Compilation timestamp:
2/24/2012 11:19:59 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:SEUXEmE5d2UjoZocRhzqzQDTPybldR7dVdbunkOLMvoz2nCN96C:SEzmGrjoznYY2lDZunkOMvoSCN96C

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Entropy:
7.8276

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file driverfindersetup.exe has been seen being distributed by the following 2 URLs.

http://www.desktoolssoft.com/.../index.php?_m=downloads&_a=downloadfile&downloaditemid=1

https://driverfinderpro.com/setup2.php

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to server-52-84-33-169.ewr50.r.cloudfront.net  (52.84.33.169:80)

Remove driverfindersetup.exe - Powered by Reason Core Security