driverupdate-fr.exe

SlimWare Downloader

Slimware Utilities Holdings, Inc.

The application driverupdate-fr.exe by Slimware Utilities Holdings has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from ak.ssl.imgfarm.com and multiple other hosts. While running, it connects to the Internet address server-54-192-14-33.ams1.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
SlimWare Utilities, Inc.  (signed by Slimware Utilities Holdings, Inc.)

Product:
SlimWare Downloader

Version:
2.3.0

MD5:
cbddeffeb01a7c40d44737da1339f883

SHA-1:
bcb5b17258f31b0aab0302164f124546d05efce2

SHA-256:
6233295882a56dccb7db5530c5ba63f4c665d8da624f699c8879bf8f89190363

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 2:27:44 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.SlimwareUtilitiesHoldings
15.11.10.13

File size:
200.3 KB (205,136 bytes)

Product version:
2.3.0

Copyright:
Copyright 2014 SlimWare Utilities, Inc.

Original file name:
SlimWareDownloader.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\driverupdate-fr.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/23/2015 3:00:00 AM

Valid to:
1/7/2018 2:59:59 AM

Subject:
CN="Slimware Utilities Holdings, Inc.", O="Slimware Utilities Holdings, Inc.", L=New York, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
246BBE812B36C137225497BA8DF178FA

File PE Metadata
Compilation timestamp:
8/27/2015 4:05:30 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
3072:VZYmkE9tRla5nCuTPnNRPLpVwviz15TwmJjs7UZxqA5D:VZ7d93lET5lj2U6A5

Entry address:
0xFCC2

Entry point:
E8, 39, 7B, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, 7D, 08, 00, 75, 04, 33, C0, 5D, C3, 53, 57, FF, 75, 08, E8, A3, 7C, 00, 00, 6A, 02, 8D, 78, 01, 57, E8, C2, E8, FF, FF, 8B, D8, 83, C4, 0C, 85, DB, 74, 15, FF, 75, 08, 57, 53, E8, F4, 03, 00, 00, 83, C4, 0C, 85, C0, 75, 0A, 8B, C3, EB, 02, 33, C0, 5F, 5B, 5D, C3, 33, C0, 50, 50, 50, 50, 50, E8, AC, 0F, 00, 00, CC, 55, 8B, EC, 56, 57, 8B, 7D, 08, 85, FF, 74, 13, 8B, 4D, 0C, 85, C9, 74, 0C, 8B, 55, 10, 85, D2, 75, 1A, 33, C0, 66, 89, 07, E8, E6, 0F, 00...
 
[+]

Code size:
117.5 KB (120,320 bytes)

The file driverupdate-fr.exe has been seen being distributed by the following 2 URLs.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-5-242-226.compute-1.amazonaws.com  (52.5.242.226:80)

TCP (HTTP):
Connects to ec2-52-200-95-59.compute-1.amazonaws.com  (52.200.95.59:80)

TCP (HTTP):
Connects to ec2-52-5-122-159.compute-1.amazonaws.com  (52.5.122.159:80)

TCP (HTTP):
Connects to server-54-230-11-157.lhr3.r.cloudfront.net  (54.230.11.157:80)

TCP (HTTP):
Connects to server-54-192-203-105.fra50.r.cloudfront.net  (54.192.203.105:80)

TCP (HTTP):
Connects to ec2-54-172-246-138.compute-1.amazonaws.com  (54.172.246.138:80)

TCP (HTTP):
Connects to ec2-52-22-228-216.compute-1.amazonaws.com  (52.22.228.216:80)

TCP (HTTP):
Connects to server-54-230-187-86.cdg51.r.cloudfront.net  (54.230.187.86:80)

TCP (HTTP):
Connects to server-54-192-129-158.ams50.r.cloudfront.net  (54.192.129.158:80)

TCP (HTTP):
Connects to server-54-239-132-222.sfo9.r.cloudfront.net  (54.239.132.222:80)

TCP (HTTP):
Connects to server-54-230-96-237.arn1.r.cloudfront.net  (54.230.96.237:80)

TCP (HTTP):
Connects to server-54-230-187-222.cdg51.r.cloudfront.net  (54.230.187.222:80)

TCP (HTTP):
Connects to server-54-230-187-165.cdg51.r.cloudfront.net  (54.230.187.165:80)

TCP (HTTP):
Connects to server-54-230-187-16.cdg51.r.cloudfront.net  (54.230.187.16:80)

TCP (HTTP):
Connects to server-54-230-141-194.sfo5.r.cloudfront.net  (54.230.141.194:80)

TCP (HTTP):
Connects to server-54-192-14-33.ams1.r.cloudfront.net  (54.192.14.33:80)

Remove driverupdate-fr.exe - Powered by Reason Core Security