home

driverrestore.exe

Driver Restore

Secure Installer Inc

This is part of the Air Installer, a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file driverrestore.exe by Secure Installer Inc has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the AirInstaller Download Manager installer. The file has been seen being downloaded from downloads.upclick.com and multiple other hosts.
Publisher:
383 Media, Inc.  (signed by Secure Installer Inc)

Product:
Driver Restore

Version:
2.5.0.0

MD5:
44a6f721c8ea50dbf1e510541c6c5274

SHA-1:
c8fd56aa62981a378256eb696618f27df4461a31

SHA-256:
c755b3f3396a29083c962b80b7cb2530d99068bc8329ac3b1a2f0f9d7e307e3b

Scanner detections:
2 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 4:27:40 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Program.Unwanted.855
9.0.1.0336

Reason Heuristics
PUP.Air Software.SecureInstaller.Installer (M)
15.12.2.10

File size:
6.5 MB (6,787,904 bytes)

Product version:
2.5.0.0

Copyright:
Copyright (c) 2013 383 Media, Inc.

Trademarks:
Copyright (c) 2013 383 Media, Inc.

Original file name:
DriverRestoreSetup.exe

Bundler/Installer:
AirInstaller Download Manager (using Nullsoft Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\driverrestore.exe.0mus4n1.partial

Digital Signature
Signed by:
Secure Installer Inc

Authority:
Symantec Corporation

Valid from:
10/27/2015 5:00:00 PM

Valid to:
11/18/2018 3:59:59 PM

Subject:
CN=Secure Installer Inc, O=Secure Installer Inc, L=Pleasanton, S=California, C=US, SERIALNUMBER=C3712890, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
22AA79DFC593B122228F38161FC4414F

File PE Metadata
Compilation timestamp:
12/24/2013 9:01:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:ZLgcsNnT7I0FXY43A9m3EIU8Rqz3ycXjzuCmIXyuQ7/Qs7F1mhEgaRZIadP8j0YE:psNn/HFO9VmRqzFjy/T7n9hIaCE

Entry address:
0x3219

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 08, A3, 98, 37, 42, 00, E8, AD, 2D, 00, 00, A3, E4, 36, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, A0, EC, 41, 00, FF, 15, 64, 71, 40, 00, 68, E4, 91, 40, 00, 68, E0, 2E, 42, 00, E8, 57, 2A, 00, 00, FF, 15, B0, 70, 40, 00, BD, 00, 90, 42, 00, 50, 55, E8, 45, 2A...
 
[+]

Entropy:
7.9996

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file driverrestore.exe has been seen being distributed by the following 9 URLs.

https://downloads.upclick.com/download.aspx?id=fb9f3e4b-66b5-47d6-aa8e-aa405ffdcb6c&mkey1=92021395&mkey2=true&uid=1015006&wid=6411

https://downloads.upclick.com/download.aspx?id=b8173d83-c2ff-46f8-a34a-5a690ca5f19f&mkey1=92124875&uid=1015006&wid=6411

https://downloads.upclick.com/download.aspx?id=e982c9e4-f956-4991-a586-cc78a908137c&mkey1=90621354&uid=1015006&wid=6411

https://downloads.upclick.com/download.aspx?id=ee07815b-d257-4e57-bf90-d4b09da965d8&mkey1=90363625&mkey2=true&uid=1015006&wid=6411

https://downloads.upclick.com/download.aspx?id=8dccbafe-8282-4905-8025-e0913792b170&mkey1=90513775&uid=1015006&wid=6411

https://downloads.upclick.com/download.aspx?id=0de17722-8f47-4696-9253-2de2dfd61e27&mkey1=90083995&uid=1015006&wid=6411

http://download.driverrestore.com/dr2/drinternal2/dr2.5.3/.../DriverRestore.exe

http://download.driverrestore.com/dr2/fionred/dr2.5.6/.../DriverRestore.exe

http://download.driverrestore.com/dr2/drinternal2/dr2.5.6/.../DriverRestore.exe

Remove driverrestore.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.