» DriverMaintenance.EXE
Overview
Analysis
File Details
Behaviors (1)

DriverMaintenance.EXE

DriverMaintenance

AB eCommerce Inc

The application DriverMaintenance.EXE by AB eCommerce Inc has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named DriverMaintenance triggered to execute each time a user logs in.

File name:

Publisher:

AB eCommerce Inc (signed and verified)

Product:

DriverMaintenance

Version:

1, 0, 0, 0

MD5:

20a30a268f2c03d53f872db1d70a48cb

SHA-1:

4fc5a53b405520a7d392ceeddfdff78400b7611f

SHA-256:

2c6422dc9928ee29683d03a2c377e082ca87df5c0ebee1f5688007f275a90078

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

12/27/2024 7:18:35 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.PCActivator.Optional (L)

16.9.24.17

File size:

9.2 MB (9,620,792 bytes)

Product version:

1, 0, 0, 0

DriverMaintenance is a top-rated PC driver tool that scans your PC for missing, corrupt, and outdated drivers, and then recommends the latest updates

Original file name:

DriverMaintenance.EXE

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\drivermaintenance\drivermaintenance.exe

Digital Signature

Signed by:

AB eCommerce Inc

Authority:

COMODO CA Limited

Valid from:

7/12/2016 8:00:00 PM

Valid to:

7/13/2017 7:59:59 PM

Subject:

CN=AB eCommerce Inc, OU=AB eCommerce Inc, O=AB eCommerce Inc, STREET=3223-B chemin d'oka, L=Ste-Marthe-Sur-Le-Lac, S=Quebec, PostalCode=j0n1p0, C=CA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00A7A36B2735DFB344A36B133936AE5A90

File PE Metadata

Compilation timestamp:

9/9/2016 5:41:58 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:p/2GFk+hzP3KokXSy8+HUfftTH199I166o93qqUhQ9Rj/Cdwkrtn+zu8awrD65Fi:E4dwqM1+hfKwYvGLC18gNd9QXt

Entry address:

0x3D54C4

Entry point:

48, 83, EC, 28, E8, 07, 07, 00, 00, 48, 83, C4, 28, E9, F6, FC, FF, FF, FF, 25, 74, 27, 04, 00, 48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 8B, F2, 48, 8B, D9, F6, C2, 02, 74, 2A, 44, 8B, 41, F8, 4C, 8D, 0D, EA, 08, 00, 00, BA, 18, 00, 00, 00, E8, E6, 02, 00, 00, 40, F6, C6, 01, 74, 09, 48, 8D, 4B, F8, E8, AB, E5, FF, FF, 48, 8D, 43, F8, EB, 16, E8, C6, 08, 00, 00, 40, F6, C6, 01, 74, 08, 48, 8B, CB, E8, 92, E5, FF, FF, 48, 8B, C3, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F... 
[+]

Entropy:

6.0366

Code size:

4.1 MB (4,283,904 bytes)

Scheduled Task

Task name:

DriverMaintenance

Trigger:

Logon (Runs on logon)

Remove DriverMaintenance.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.