driverguide_toolkit_2_135.exe

DriverGuide Toolkit

iCentric Corporation

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application driverguide_toolkit_2_135.exe, “Inventory, backup, restore and locate system drivers.” by iCentric has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from members.driverguide.com and multiple other hosts.
Publisher:
iCentric Corp.  (signed by iCentric Corporation)

Product:
DriverGuide Toolkit

Description:
Inventory, backup, restore and locate system drivers.

Version:
2.1.35

MD5:
2a4cbc8b3a93476f1d7b340244fbeb6f

SHA-1:
133a61e415c148ae981ae5d5d1b10102cbad98f0

SHA-256:
f86e6d1b4675d08ef891bbdd706f4bdef00df61801c3217eb15d0f4033c12bc1

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/5/2024 12:56:33 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore.iCentricCorporation (M)
15.8.17.16

File size:
4.9 MB (5,108,400 bytes)

Copyright:
© iCentric Corp. 2003 - 2008

Trademarks:
DriverGuide Toolkit is a trademark of iCentric Corp.

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\driverguide_toolkit_2_135.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
12/10/2006 9:00:00 PM

Valid to:
2/23/2010 8:59:59 PM

Subject:
CN=iCentric Corporation, OU=DriverGuide, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=iCentric Corporation, L=Los Angeles, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5536BA451B1A5BF228D18CF3A3933F90

File PE Metadata
Compilation timestamp:
9/29/2007 9:50:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:J2xQtjOWPERkFRYXDA5aKOZJ61Pm87BlnxYqoeut0fF/YxFfFXG329GdFwCOC:WTW8Rk40joEMeBlxit8F+W32Id+Y

Entry address:
0x30D7

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, C8, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 28, 7A, 00, E8, D4, 2A, 00, 00, A3, 64, 27, 7A, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 18, DD, 79, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, 60, 1F, 7A, 00, E8, 8B, 27, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 80, 7A, 00, 50, 57, E8, 79, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file driverguide_toolkit_2_135.exe has been seen being distributed by the following 3 URLs.

http://members.driverguide.com/.../dispatch_cache_get.php?msl=2a4cbc8b3a93476f1d7b340244fbeb6f,1344359_1226823233&time=1469194887&auth=6a579bd06d82debde247228b41dd7443&file=dgt2.exe

http://gsf-cf.softonic.com/133/a61/.../file?SD_used=0&channel=WEB&fdh=no&id_file=23508&instance=softonic_es&type=PROGRAM&Expires=1478340615&Signature=AfRL~sb2hvzOd67yPPk2pKNijXHR~fOvB9t4ymRGYLh6o1Kczu28qW5lDcSv2Hbz1TKQ9mSi35Uz1kZIysNDuFRBOh1Zu6hvTspQL8XmCw3wpsXj0CQJSFJvLRVHwfWXjAiVJH-5H8jJMU6~nGxqwPg0Mx-V81-7fueUC-6zAU0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=driverguide_toolkit_2_135.exe

http://gsf-cf.softonic.com/133/a61/.../file?SD_used=0&channel=WEB&fdh=no&id_file=23508&instance=softonic_es&type=PROGRAM&Expires=1475902044&Signature=AWQVAk1TfIKDBUmkA8VYOfXmEfprK2HqqUnnNMPOiQExU1iI3WCTs5q-kbdNd3NKZjqk8KUc0g321t9OjyzxZkV5gS-FlYU4NA4Bt4Gz3ZHJpCT2Ot1dXUEvJWQARIB2wj6XTwZ9GGDHShQiu-QMywDS9K8dUfwhSXBV8LkZZbI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=driverguide_toolkit_2_135.exe

Remove driverguide_toolkit_2_135.exe - Powered by Reason Core Security