» avg_tuh_stf_all_2013_2driver update.exe
Overview
Analysis
File Details
Downloads (6)

avg_tuh_stf_all_2013_2driver update.exe

DriverUpdate

SlimWare Utilities Inc.

The application avg_tuh_stf_all_2013_2driver update.exe, “DriverUpdate Setup” by SlimWare Utilities has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.avg.com and multiple other hosts.

File name:

Publisher:

SlimWare Utilities, Inc. (signed by SlimWare Utilities Inc.)

Product:

DriverUpdate

Description:

DriverUpdate Setup

Version:

2.2.21642.48889

MD5:

7ed94efee9e3cb9aefb223127540fef9

SHA-1:

4292a4d3ce978a129c5c811dd255d07723a52c20

SHA-256:

8c3512ac1e2a4ac7a935cc9cb6d8e1be428b8e7e07fb1c49a302803dda707c70

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 3:02:20 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Slimware.Installer

16.2.26.11

File size:

3.6 MB (3,788,216 bytes)

Product version:

2.2.0.0

Original file name:

7zS.sfx

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\avg\avg_tuh_stf_all_2013_2driver update.exe

Digital Signature

Signed by:

SlimWare Utilities Inc.

Authority:

VeriSign, Inc.

Valid from:

1/9/2011 4:00:00 PM

Valid to:

1/9/2013 3:59:59 PM

Subject:

CN=SlimWare Utilities Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SlimWare Utilities Inc., L=Ocean Springs, S=Mississippi, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7849657A1719539E1882587E1354B115

File PE Metadata

Compilation timestamp:

3/21/2011 10:48:56 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

98304:Pj2oInqp77MOTPSwHhinGsuuj+y+KO9cyFTfr/jU2ax1rEAP:PqKOwH03uUM9cofr7sx1Q+

Entry address:

0x14C7B

Entry point:

E8, 5D, 3A, 00, 00, E9, 16, FE, FF, FF, 55, 8D, AC, 24, 58, FD, FF, FF, 81, EC, 28, 03, 00, 00, A1, B0, 3A, 42, 00, 33, C5, 89, 85, A4, 02, 00, 00, F6, 05, 64, 30, 42, 00, 01, 56, 74, 08, 6A, 0A, E8, E5, 00, 00, 00, 59, E8, 07, 3B, 00, 00, 85, C0, 74, 08, 6A, 16, E8, 09, 3B, 00, 00, 59, F6, 05, 64, 30, 42, 00, 02, 0F, 84, A0, 00, 00, 00, 89, 85, 88, 00, 00, 00, 89, 8D, 84, 00, 00, 00, 89, 95, 80, 00, 00, 00, 89, 5D, 7C, 89, 75, 78, 89, 7D, 74, 66, 8C, 95, A0, 00, 00, 00, 66, 8C, 8D, 94, 00, 00, 00, 66, 8C... 
[+]

Entropy:

7.9932 (probably packed)

Code size:

109 KB (111,616 bytes)

The file avg_tuh_stf_all_2013_2driver update.exe has been seen being distributed by the following 6 URLs.

http://www.avg.com/.../download-file-stb-tridup.tpl-empty3

http://aa-download.avg.com/filedir/.../avg_dup_stb_all_2012_3.exe

http://aa-download.avg.com/filedir/.../avg_dupt_stb_all_2012_3.exe

http://download.avg.com/filedir/.../avg_dupt_stb_all_2012_3.exe

http://www.avg.com/.../download-file-stb-tridup.tpl-empty3

http://download.avg.com/filedir/.../avg_dup_stb_all_2012_3.exe

Remove avg_tuh_stf_all_2013_2driver update.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.