» drivermax.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

drivermax.exe

DriverMax

Innovative Solutions Grup SRL

It runs as a scheduled task under the Windows Task Scheduler named DriverMaxWelcome triggered daily at a specified time.

File name:

drivermax.exe

Publisher:

Innovative Solutions (signed by Innovative Solutions Grup SRL)

Product:

DriverMax

Version:

7.68.0.1194

MD5:

ebc4517e3c1c7feedda78dfe66535f09

SHA-1:

45eddbea655c11d5c8a685003bddb7ce0087c6ba

SHA-256:

26b74cc477f767fd5658a53aa925a2252159720ee67543df01ae16caabba34c9

Scanner detections:

3 / 68

Status:

Clean (3 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

11/5/2024 7:06:32 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Dldr.Swizzor.Gen

7.11.30.172

AVG

Generic

2016.0.2989

Clam AntiVirus

Win.Trojan.PCRat-1

0.98/20712

File size:

8.6 MB (8,982,544 bytes)

Product version:

7.68

Innovative Solutions

Trademarks:

Innovative Solutions

Original file name:

drivermax.exe

File type:

Executable application (Win32 EXE)

Language:

Romeno (Romênia)

Common path:

C:\Program Files\innovative solutions\drivermax\drivermax.exe

Digital Signature

Signed by:

Innovative Solutions Grup SRL

Authority:

Symantec Corporation

Valid from:

3/18/2015 9:00:00 PM

Valid to:

5/17/2016 8:59:59 PM

Subject:

CN=Innovative Solutions Grup SRL, O=Innovative Solutions Grup SRL, L=Bucharest, S=Bucharest, C=RO

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

6CCC9ABD5046DE5246F5CD620FC3DEBB

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:IAnA7pec5RORu7whKMmW8De1ZLCoFStFVkk8WA0w0KdDE00wk4bUKUvfbU/Gs:XAQ0ROu7WWWdLCmKsAfvy0wky9UvfM

Entry address:

0x25D668

Entry point:

55, 8B, EC, B9, 5E, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, B8, 70, CB, 65, 00, E8, 1B, 9E, DA, FF, 33, C0, 55, 68, C5, E9, 65, 00, 64, FF, 30, 64, 89, 20, E8, 1C, 1C, EE, FF, E8, 17, AC, FE, FF, 84, C0, 74, 4D, 6A, 01, 8D, 45, EC, E8, 7D, CB, FF, FF, 8B, 45, EC, E8, 3D, 7A, DA, FF, 50, 68, D8, E9, 65, 00, 68, DC, E9, 65, 00, A1, 44, 72, 66, 00, FF, 30, 68, F4, E9, 65, 00, A1, 78, 6F, 66, 00, FF, 30, 8D, 45, E8, BA, 03, 00, 00, 00, E8, DA, 78, DA, FF, 8B, 45, E8, E8, 0A, 7A, DA, FF, 50, E8... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

2.4 MB (2,481,664 bytes)

Scheduled Task

Task name:

DriverMaxWelcome

Trigger:

Daily (Runs daily at 16:46)

Description:

DriverMaxWelcome

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to innovative-sol.com (66.36.231.30:80)

Scan drivermax.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.