home

Driver.EXE

Common Application

The executable Driver.EXE has been detected as malware by 12 anti-virus scanners. The file has been seen being downloaded from mobilidea.com.mx.
Product:
Common Application

Version:
2, 0, 1, 1

MD5:
604e1ba66d536ac3970eefcb1499f1f1

SHA-1:
894b62b4dad63ab95474cb28f774a761f1ecdcaa

SHA-256:
5c996b93dab4a3964337f7da3bcb885b21d54185fcd91c051fc317fdbab806e2

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
4/25/2024 8:16:12 AM UTC  (today)

Scan engine
Detection
Engine version

Bitdefender
Gen:Variant.Medfos.4
1.0.20.1180

Comodo Security
MalCrypt.Indus!
16814

Emsisoft Anti-Malware
Gen:Variant.Medfos
8.13.08.24.01

Fortinet FortiGate
W32/Medfos.IOE
8/24/2013

G Data
Gen:Variant.Medfos
13.8.22

Kaspersky
Trojan.Win32.Midhos
14.0.0.3773

Malwarebytes
Trojan.Medfos.RRE
v2013.08.24.01

McAfee
Artemis!604E1BA66D53
5600.7177

MicroWorld eScan
Gen:Variant.Medfos.4
14.0.0.708

Norman
Medfos.JMP
11.20130824

Vba32 AntiVirus
SScope.Trojan.Midhos.2513
3.12.22.3

VIPRE Antivirus
Trojan.Win32.Medfos.sd
20824

File size:
238.5 KB (244,224 bytes)

Product version:
2, 0, 1, 1

Copyright:
Copyright (C) 2009

Original file name:
Driver.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\driver.exe

File PE Metadata
Compilation timestamp:
6/11/2011 7:29:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:vbKkkTvZGp/smSgTzOz1JVmOnUnaemBnz2+ysjHiAlt8ZsiJzQQmrRZuDXl6bdJv:jYv8p0mSfLvUV2ykCAURzLSRkAbdJb

Entry address:
0x2BA4

Entry point:
6A, 40, 68, 58, A0, 42, 00, E8, 4E, 00, 00, 00, 8B, 55, 14, 33, C0, 39, 75, 0C, 0F, 9F, C0, 33, C9, 83, 3A, 2D, 0F, 94, C1, 8B, F8, 03, CB, 8B, C1, E8, 5C, FF, 01, 00, 8B, 7D, 14, 83, 3F, 2D, 8B, F3, 75, 20, C6, 03, 2D, 8D, 73, 01, 6A, 03, 8D, 44, 24, 3C, 8D, 51, 07, 89, 4C, 24, 3C, 50, 83, C1, 03, 56, 89, 54, 24, 4C, 89, 4C, 24, 54, FF, 15, AC, A3, 42, 00, 55, 8B, EC, 81, EC, 60, 00, 00, 00, 8B, 55, 08, 83, F9, 5D, 76, 02, 2B, D9, 83, A5, D0, FF, FF, FF, 00, 8B, 4D, 10, 89, 75, BC, 8B, 45, 08, C6, 45, D8...
 
[+]

Entropy:
5.9848

Code size:
163.5 KB (167,424 bytes)

The file Driver.EXE has been seen being distributed by the following URL.

http://mobilidea.com.mx/1wkYeV.exe

Remove Driver.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.