home

driver update.exe

The application driver update.exe has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup program which is used to install the application. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from instante.upgraderjudge.eu.
MD5:
64251384ee4bf18d4385f7e056922f12

SHA-1:
2e5dbb4b8629ea02dcd58c2189a20a49b9d30372

SHA-256:
7f53cb062306b67a82eea2e1488172886148f29542b91ff1bc294775e18add9c

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 5:30:54 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Adware-CAH [PUP]
150717-0

AVG
Adware BundleApp_r.D
2015.0.4545

Emsisoft Anti-Malware
Application.Bundler.AirInstaller
11.5.0.6191

Kaspersky
not-a-virus:AdWare.Win32.AirAdInstaller
15.0.0.562

Reason Heuristics
Adware.Generic.AT (M)
16.4.6.20

File size:
829.6 KB (849,512 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\driver update.exe

File PE Metadata
Compilation timestamp:
4/9/2014 4:13:37 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:DDIL3RXuGRx7xaYuvOFRr9p3HzHvUkKM1KfrOmZH1zWYWit2Xhhhnc3Ezv1j:DD6uExQmRzXz8knKjZVzWyGT1tj

Entry address:
0x26CFB0

Entry point:
D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, D0, BC, BC, BC, 98, 98, 98, E6, E6, E6, 00, 00, E0, E0, E0, 97, 97, 97, C5, C5, C5, D1, D1, D1, D1, D1, D1, D1...
 
[+]

Entropy:
7.8696  (probably packed)

Code size:
788 KB (806,912 bytes)

The file driver update.exe has been seen being distributed by the following URL.

http://instante.upgraderjudge.eu/AIRdrivercpaUS.html

Remove driver update.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.