home

installer_driver_intel_prowireless_3945abg_spanish.exe

The application installer_driver_intel_prowireless_3945abg_spanish.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from cdn.takesoftfast.com.edgesuite.net.
MD5:
b9ecd2c890c2a7d4c62c8e05740640d0

SHA-1:
10248837b27dfe760f0a44b8796f530fff81057d

SHA-256:
d60aa49aa287197b35881cc8f021c2af26facf7bd2a6742983003b5916a12c21

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 7:41:57 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Bundler (M)
16.9.25.21

File size:
575.5 KB (589,359 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\downloads\installer_driver_intel_prowireless_3945abg_spanish.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
12288:MfsDalVSGfP+BeCviG5whzbMvcinOWM3gN/2pqWuTVbYepGoSmBr8T:6xSGfPmeOiGCjwt+pq98e4qBQT

Entry point:
A9, AC, BD, A7, 22, FF, FF, FF, F8, FF, FE, CD, FF, BC, FF, C5, FF, A3, FF, 8A, FF, 8C, FF, 9A, FF, 8D, FF, 8C, FF, A3, FF, 95, FF, 9E, FF, 8E, FF, 8A, FF, 9A, FF, A3, FF, 9B, FF, 90, FF, 88, FF, 91, FF, 93, FF, 90, FF, 9E, FF, 9B, FF, 8C, FF, FF, FF, FD, 91, FF, 96, FF, 91, FF, 8C, FF, 8B, FF, 9E, FF, 93, FF, 93, FF, 9A, FF, 8D, FF, A0, FF, 9B, FF, 8D, FF, 96, FF, 89, FF, 9A, FF, 8D, FF, A0, FF, 96, FF, 91, FF, 8B, FF, 9A, FF, 93, FF, A0, FF, 8F, FF, 8D, FF, 90, FF, 88, FF, 96, FF, 8D, FF, 9A, FF, 93, FF...
 
[+]

The file installer_driver_intel_prowireless_3945abg_spanish.exe has been seen being distributed by the following URL.

http://cdn.takesoftfast.com.edgesuite.net/installers/axtan_installers/get.php?aa=ax/1/solodriverses//&ua=chrome&u=L2Rvd25sb2FkLmRyaXZlcnMuc29sb2RyaXZlcnMuY29tL2luc3RhbGxlcnMvb3V0LzAxMTI0MDExMjUwMTEyNi9waWlkLTAxMjM0NTY3ODk5ODc0NTYzMjEwMDEyMzQ1Njc4OTEyL2F4LzEvc29sb2RyaXZlcnNlcy9zcGFuaXNoL3Nlby9jaHJvbWUvZHJpdmVyX2ludGVsX3Byb3dpcmVsZXNzXzM5NDVhYmcvZC83ODIxOTgwMjdmYzUwOTRjNDc5ZDNlZjlhNDNiMjJiNS9vdXQvbmEvbmEvaW5zdGFsbGVyX2RyaXZlcl9pbnRlbF9wcm93aXJlbGVzc18zOTQ1YWJnX1NwYW5pc2guZXhl&p=U09MT0RSSVZFUlNFUw==&x=L2hvbWUvZG93bl9jcm9ucy9wdWJsaWNfaHRtbC9pbnN0YWxsZXJzL291dC9heC8xL3NvbG9kcml2ZXJzZXMvc3BhbmlzaC9zZW8vY2hyb21lL2RyaXZlcl9pbnRlbF9wcm93aXJlbGVzc18zOTQ1YWJnL2QvNzgyMTk4MDI3ZmM1MDk0YzQ3OWQzZWY5YTQzYjIyYjUvb3V0L25hL25hL2luc3RhbGxlcl9kcml2ZXJfaW50ZWxfcHJvd2lyZWxlc3NfMzk0NWFiZ19TcGFuaXNoLmV4ZQ==&loop=0&s=596002146738023462594389570270430030355028831277426864812930973987012524317534287974455649747035737989420274702590945410384088661350303421891141135686715223089225256598788893006675357879178190726385

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.