home

Drivers.exe

Build Input

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application Drivers.exe, “Fusion Install ” by Build Input has been detected as adware by 40 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from yourinstaller.com.
Publisher:
Fusion Install   (signed by Build Input)

Product:
Fusion Install

Description:
Fusion Install

Version:
2.4.8.1

MD5:
6af473fb3f59c49f75c64e1c299f601c

SHA-1:
d1c3ccedff42258df1910b0b86c81028022ccf38

SHA-256:
cb55325a6e9ac3b95924f7564c614f95436d14b892137ab6c56f39ec88173246

Scanner detections:
40 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/28/2024 6:43:50 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Agent.B
905

Agnitum Outpost
PUA.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.IBryte
14.08.14

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.147.26

avast!
Adware-gen [Adw]
2014.9-140814

AVG
Adware AdPlugin
2015.0.3383

Baidu Antivirus
Trojan.Win32.Clikug
4.0.3.14815

Bitdefender
Application.Bundler.Agent.B
1.0.20.1130

Clam AntiVirus
Win.Adware.Ibryte-592
0.98/19086

Comodo Security
Application.Win32.iBryte.WRP
18251

Dr.Web
Adware.iBryte.473
9.0.1.0226

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.145314
8.14.08.14.04

ESET NOD32
Win32/AdWare.iBryte.AR application
8.7.0.302.0

Fortinet FortiGate
W32/Zbot.AAN!tr
8/14/2014

F-Prot
W32/A-c255719d
v6.4.7.1.166

F-Secure
Application.Bundler.Agent
11.2014-14-08_5

G Data
Win32.Adware.Ibryte
14.8.24

herdProtect (fuzzy)
variant of Player-Chrome.exe (Adware)
2014.10.28.13

IKARUS anti.virus
AdWare.iBryte
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.177.12013

Kaspersky
not-a-virus:AdWare.Win32.iBryte
14.0.0.3409

Malwarebytes
PUP.Optional.OptimumInstaller.A
v2014.08.14.04

McAfee
GenericATG-FGI!02EC0BDF7C3C
5600.7039

Microsoft Security Essentials
TrojanClicker:Win32/Clikug.A
1.10401

MicroWorld eScan
Application.Bundler.Agent.B
15.0.0.678

NANO AntiVirus
Trojan.Win32.Agent.cxjjsz
0.28.0.59608

Norman
IBryte.PDB
11.20140825

nProtect
Adware.IBryte.Y
14.08.13.01

Panda Antivirus
Trj/Genetic.gen
14.08.14.04

Qihoo 360 Security
Malware.QVM10.Gen
1.0.0.1015

Quick Heal
(Suspicious) - DNAScan
10.14.12.00

Reason Heuristics
PUP.Installer.BuildInput.H
14.8.25.1

Rising Antivirus
PE:Malware.iBryte!6.192B
23.00.65.14812

Sophos
iBryte Optimum Installer
4.98

SUPERAntiSpyware
PUP.OptimumInstaller/Variant
10423

Trend Micro House Call
TROJ_CLIKUG.A
7.2.227

Trend Micro
TROJ_CLIKUG.A
10.465.15

Vba32 AntiVirus
AdWare.iBryte
3.12.26.0

VIPRE Antivirus
Threat.4778314
32186

Zillya! Antivirus
Adware.iBryte.Win32.854
2.0.0.1790

File size:
132.4 KB (135,544 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) 2014 Fusion Install

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion (using Nullsoft Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\drivers.exe

Digital Signature
Signed by:
Build Input

Authority:
COMODO CA Limited

Valid from:
3/23/2014 5:00:00 PM

Valid to:
3/24/2015 4:59:59 PM

Subject:
CN=Build Input, O=Build Input, STREET="4600 Madison Ave, 10th FL", L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0093C151407610A7B56F799C03CB8D955D

File PE Metadata
Compilation timestamp:
5/11/2014 1:04:44 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:T+0YBsBE3ain2Q5xq10DZYzI1wHCrbrCqr1L0wVQMw3zEfkYLaWw:TjnBTi2CRDZYzIq6b2qr1PQMw32kQw

Entry address:
0x322E

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 14, C7, 44, 24, 10, D8, A2, 40, 00, 89, 6C, 24, 1C, FF, 15, 34, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 81, 40, 00, 55, FF, 15, AC, 82, 40, 00, 6A, 08, A3, 58, AF, 47, 00, E8, 9F, 2E, 00, 00, A3, A4, AE, 47, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, B8, 01, 44, 00, FF, 15, 7C, 81, 40, 00, 68, C0, A2, 40, 00, 68, A0, 2E, 47, 00, E8, 0A, 2B, 00, 00, FF, 15, 38, 81, 40, 00, BB, 00, B0, 4C, 00, 50, 53, E8, F8, 2A, 00, 00...
 
[+]

Entropy:
4.9708

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file Drivers.exe has been seen being distributed by the following URL.

http://yourinstaller.com/o/.../Drivers.exe

Remove Drivers.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.