easydriverpro.exe

Easy Driver Pro

Probit Software LTD

The application easydriverpro.exe by Probit Software has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from download.easydriverpro.com and multiple other hosts. While running, it connects to the Internet address server-52-84-230-220.sfo9.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Probit Software LTD  (signed and verified)

Product:
Easy Driver Pro

Version:
8.0.3.0

MD5:
67bba8ba7228e84107f041d097af7f3f

SHA-1:
0d5c792bbb033851b02ca6049d3fc4139e891582

SHA-256:
f7238132326dbb947241d0f9f0c9ac4a177a0dab4cc5626b7f82ed6e3e828e84

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 10:00:05 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.ProbitSoftware.N
14.4.21.9

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

File size:
642.1 KB (657,560 bytes)

Product version:
8.0.3.0

Copyright:
Probit Software LTD

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\easydriverpro.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
10/22/2012 8:00:00 PM

Valid to:
11/22/2013 6:59:59 PM

Subject:
CN=Probit Software LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Probit Software LTD, L="Herzeliya ", S=Sharon, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
48F9535EDA4A26DA1B5DC764AEEE8209

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:1gn2ZZfKJwYIczVmjuldONAvA7KGbNuwoafu+JIyYOa+aPuLRapg:1g2ZZiJBSudONgA7XUCG+JIyd9ay

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9568

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file easydriverpro.exe has been seen being distributed by the following 3 URLs.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-141-239.sfo5.r.cloudfront.net  (54.230.141.239:80)

TCP (HTTP):
Connects to server-52-84-230-220.sfo9.r.cloudfront.net  (52.84.230.220:80)

TCP (HTTP):
Connects to ec2-23-23-159-58.compute-1.amazonaws.com  (23.23.159.58:80)

Remove easydriverpro.exe - Powered by Reason Core Security