home

unknowndeviceidentifier.exe

Unknown Device Identifier

Huntersoft

The executable unknowndeviceidentifier.exe, “Install Unknown Device Identifier ” has been detected as malware by 6 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.zhangduo.com.
Publisher:
Huntersoft

Product:
Unknown Device Identifier

Description:
Install Unknown Device Identifier

Version:
Unknown Device Ident

MD5:
221eb61e9f73cd3b29defba31d876d1c

SHA-1:
fd8aed574d5f2890ccf96d15645794d936364b4f

SHA-256:
39254ff72aec22f3748d529f3e2f4871c83648b7d9dc6e0364b928cc4b892bfe

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
11/27/2024 10:29:44 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160503-1

Dr.Web
Win32.Sector.30
9.0.1.05190

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.E.gen
4.6.5.141

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.223.850.0

File size:
1.2 MB (1,268,134 bytes)

Product version:
8.02

Copyright:
Copyright © 1996-2015 Huntersoft. All Rights Reserved.

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\unknowndeviceidentifier.exe

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:dnayI2l4/av2ZbGQO8wnLTn9ihl0qd/tyGla7NS0/fvJGQJxkTC:da32l4/avwbGQIv4jf/a7NS0HJ

Entry address:
0x9C40

Entry point:
60, EB, 06, F7, C1, 24, E2, 1B, 11, 68, 39, ED, DE, 00, 69, FD, ED, 22, D9, 69, 81, FD, 30, 60, 00, 00, 76, 0A, F7, C5, 84, 81, E7, 09, F3, 0F, B6, FF, F6, C0, 8A, C6, C3, 1F, 76, 0E, F7, C7, 0F, 0D, DF, DC, 69, D0, 16, 57, 60, AF, FE, C2, 81, E9, 0A, CD, 00, 00, 89, DB, 81, C1, 2A, 35, 00, 00, EB, 09, 81, C3, C1, 26, D6, 00, 0F, AF, F8, 51, 68, B8, E1, 13, 00, 88, E3, 0F, AF, EB, FF, C9, 8B, DF, C7, C6, D1, 8C, 94, CC, 13, F5, 81, DB, 75, 2F, 0B, CD, B3, C1, 24, B4, E8, 12, 00, 00, 00, 73, 06, F7, C1, E3...
 
[+]

Entropy:
7.9866  (probably packed)

Code size:
37 KB (37,888 bytes)

The file unknowndeviceidentifier.exe has been seen being distributed by the following URL.

http://www.zhangduo.com/UnknownDeviceIdentifier.exe

Remove unknowndeviceidentifier.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.