» driversleuth.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

driversleuth.exe

DriverSleuth

DeskToolsSoft B.V

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘DriverSleuth’. This file is installed with the program DriverSleuth.

File name:

driversleuth.exe

Publisher:

DeskToolsSoft B.V (signed and verified)

Product:

DriverSleuth

Version:

3, 0, 0, 0

MD5:

8fa1e0ee19762a763cac0b8b01e71cd5

SHA-1:

ba1d90ba89cca5e4d9a7c818434e75fefa0e6a88

SHA-256:

430da439707a079eec291b0bc72cdcb736ac200fe7a643a98cc91b29c9119cb1

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

11/27/2024 2:33:45 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

riskware program Program.Unwanted.645

9.0.1.05190

File size:

4.8 MB (5,075,104 bytes)

Product version:

3, 0, 0, 0

DriverSleuth™ is a top-rated PC driver tool that scans your PC for missing, corrupt, and outdated drivers, and then recommends the latest updates for

Original file name:

drivers.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\driversleuth\driversleuth.exe

Digital Signature

Signed by:

DeskToolsSoft B.V

Authority:

COMODO CA Limited

Valid from:

2/8/2012 1:00:00 AM

Valid to:

2/8/2014 12:59:59 AM

Subject:

CN=DeskToolsSoft B.V, O=DeskToolsSoft B.V, STREET=Jupiterstraat 4, L=Assen, S=Drenthe, PostalCode=9405PP, C=NL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1AF9E0F588744CDEC54F29861DEA1F32

File PE Metadata

Compilation timestamp:

4/9/2013 8:30:31 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

98304:XB/txkBHq4DPxbayZ5Uvv/v/vGfIrtDGUS9e+Eh6Ohgj:x1SBHq4DPxbayAvv/v/vEIrtDGV9e+E8

Entry address:

0x2E5ED6

Entry point:

E8, 7A, 0A, 00, 00, E9, 37, FD, FF, FF, FF, 25, CC, F6, 70, 00, 3B, 0D, A4, 62, 78, 00, 75, 02, F3, C3, E9, F6, 0A, 00, 00, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, A4, 62, 78, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, A4, 62, 78, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45... 
[+]

Code size:

3.1 MB (3,202,560 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

DriverSleuth

Command:

C:\Program Files\driversleuth\driversleuth.exe

The file driversleuth.exe has been discovered within the following program.

DriverSleuth by DeskToolsSoft

About 9% of users remove it

Scan driversleuth.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.