home

SimpleDriverUpdater.exe

Simple Driver Updater

Vapc Lux Sarl

The application SimpleDriverUpdater.exe by Vapc Lux Sarl has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Simple Driver Updater by SimpleStar.
Publisher:
Vapc Lux Sarl  (signed and verified)

Product:
Simple Driver Updater

Version:
5,15,1,2

MD5:
7d9e4252c0240e1b99b251b89753005a

SHA-1:
d86a94377c3c10e28355f0e96429de90466553c8

SHA-256:
1e9d33f919e087e449f437ab314e11616c6b370ab8c642a5b5cce68685f7e80c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/22/2024 10:15:11 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.SimpleStar (L)
16.12.13.16

File size:
25.9 MB (27,185,112 bytes)

Product version:
5.15.1.2

Copyright:
Copyright © 2016 SimpleStar. All Rights Reserved.

Original file name:
SimpleDriverUpdater.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\simple driver updater\simpledriverupdater.exe

Digital Signature
Signed by:
Vapc Lux Sarl

Authority:
GlobalSign nv-sa

Valid from:
2/11/2016 4:11:14 PM

Valid to:
2/10/2017 4:57:32 PM

Subject:
E=Ludovic.trogliero@vapc.lu, CN=Vapc Lux Sarl, O=Vapc Lux Sarl, L=Luxembourg, C=LU

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112130BA28CC6DC89090DD3923776478D67D

File PE Metadata
Compilation timestamp:
12/12/2016 3:54:36 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x30C1F4

Entry point:
E8, 39, 2C, 01, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 54, A1, F0, 6B, 8C, 00, 33, C5, 89, 45, FC, 53, 56, 57, 6A, 04, 58, E8, 35, 9F, FF, FF, 89, 65, F4, 6A, 1C, 8D, 45, D0, 50, FF, 75, F4, FF, 15, 24, 92, 78, 00, 85, C0, 0F, 84, A0, 00, 00, 00, 8B, 45, D4, 89, 45, F0, 8D, 45, AC, 50, FF, 15, 2C, 94, 78, 00, 8B, 7D, B0, 68, 34, 66, 7C, 00, 33, F6, FF, 15, D0, 93, 78, 00, 3B, C6, 74, 26, 68, 88, CC, 7D, 00, 50, FF, 15, A0, 93, 78, 00, 3B, C6, 74, 16, 8D, 4D, F8, 51, 89, 75, F8, FF, D0, 59, 85...
 
[+]

Code size:
3.5 MB (3,700,224 bytes)

Scheduled Task
Task name:
Start Simple Driver Updater for DESKTOP-FFO1ERH@legendre patricia(logon)

Trigger:
Logon (Runs on logon)


The file SimpleDriverUpdater.exe has been discovered within the following program.

Simple Driver Updater  by SimpleStar
www.simplestar.com/support/simple-driver-updater
About 5% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-107-23-113-215.compute-1.amazonaws.com  (107.23.113.215:80)

TCP (HTTP):
Connects to ec2-52-20-215-251.compute-1.amazonaws.com  (52.20.215.251:80)

TCP (HTTP):
Connects to ec2-54-174-14-7.compute-1.amazonaws.com  (54.174.14.7:80)

TCP (HTTP):
Connects to ec2-54-174-209-247.compute-1.amazonaws.com  (54.174.209.247:80)

TCP (HTTP):
Connects to ec2-52-202-118-91.compute-1.amazonaws.com  (52.202.118.91:80)

TCP (HTTP):
Connects to ec2-52-7-8-20.compute-1.amazonaws.com  (52.7.8.20:80)

TCP (HTTP):
Connects to ec2-54-174-121-249.compute-1.amazonaws.com  (54.174.121.249:80)

TCP (HTTP):
Connects to ec2-34-194-231-165.compute-1.amazonaws.com  (34.194.231.165:80)

TCP (HTTP):
Connects to ec2-52-73-235-184.compute-1.amazonaws.com  (52.73.235.184:80)

TCP (HTTP):
Connects to ec2-52-206-15-116.compute-1.amazonaws.com  (52.206.15.116:80)

TCP (HTTP SSL):
Connects to wb-in-f97.1e100.net  (66.102.1.97:443)

TCP (HTTP):
Connects to host213-123-252-146.in-addr.btopenworld.com  (213.123.252.146:80)

TCP (HTTP):
Connects to a23-55-149-163.deploy.static.akamaitechnologies.com  (23.55.149.163:80)

TCP (HTTP):
Connects to a23-51-117-163.deploy.static.akamaitechnologies.com  (23.51.117.163:80)

Remove SimpleDriverUpdater.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.