driverrevolution-setup.exe

Операционная система Microsoft Windows

IT AUDIT AND COMPLIANCE SERVICES LLC

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable driverrevolution-setup.exe, “Исполняемый файл для игры "Червы"” has been detected as malware by 1 anti-virus scanner. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software.
Publisher:
Microsoft Corporation  (signed by IT AUDIT AND COMPLIANCE SERVICES LLC)

Product:
Операционная система Microsoft® Windows®

Description:
Исполняемый файл для игры "Червы"

Version:
6.1.7600.16385 (win7_rtm.090713-1255)

MD5:
cbe71ce47e0f8e504b07c8ae74569ab2

SHA-1:
66fd53a29572904dac600e59e65c19b469a37b9d

SHA-256:
c140b7ea9b3151ca6357aff1de2e43785f5497b53cd015d1b2e08d8e6431d92e

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/18/2024 3:44:32 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.9.16

File size:
2 MB (2,050,600 bytes)

Product version:
6.1.7600.16385

Copyright:
© Корпорация Майкрософт. Все права защищены.

Original file name:
hearts.exe.mui

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\driverrevolution-setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
11/10/2015 3:00:00 AM

Valid to:
11/10/2016 2:59:59 AM

Subject:
CN=IT AUDIT AND COMPLIANCE SERVICES LLC, OU=IT, O=IT AUDIT AND COMPLIANCE SERVICES LLC, STREET="vul. Vilyamsa Akademika, 6 D", L=Kiev, S=Kiev, PostalCode=03189, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00BB3CCAF99CC223A1AD34177B638A3BC8

File PE Metadata
Compilation timestamp:
9/3/2011 10:58:28 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

Entry address:
0x45125

Entry point:
E8, 7C, 15, 00, 00, E9, 16, FE, FF, FF, E8, A3, 04, 00, 00, FF, 74, 24, 04, E8, FA, 02, 00, 00, FF, 35, 64, 34, 5D, 00, E8, EA, 0D, 00, 00, 68, FF, 00, 00, 00, FF, D0, 83, C4, 0C, C3, 68, 40, C6, 44, 00, FF, 15, CC, C0, 44, 00, 85, C0, 74, 16, 68, 30, C6, 44, 00, 50, FF, 15, E4, C0, 44, 00, 85, C0, 74, 06, FF, 74, 24, 04, FF, D0, C3, FF, 74, 24, 04, E8, D1, FF, FF, FF, 59, FF, 74, 24, 04, FF, 15, 20, C5, 44, 00, CC, 6A, 08, E8, 1B, 17, 00, 00, 59, C3, 6A, 08, E8, 3A, 16, 00, 00, 59, C3, 56, 8B, F0, EB, 0B...
 
[+]

Code size:
296.5 KB (303,616 bytes)

Remove driverrevolution-setup.exe - Powered by Reason Core Security