» driverpack-wget.exe
Overview
Analysis
File Details
Programs (1)
Network (6)

driverpack-wget.exe

Kuzyakov Artur Vyacheslavovich IP

The application driverpack-wget.exe by Kuzyakov Artur Vyacheslavovich IP has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program DriverPack Cloud by DriverPack Solution. While running, it connects to the Internet address redstation.com on port 80 using the HTTP protocol.

File name:

driverpack-wget.exe

Publisher:

Kuzyakov Artur Vyacheslavovich IP (signed and verified)

MD5:

f6c5ae08e9a36e38b7c38c8586f13c4b

SHA-1:

95c50f811d5cc6a4055a67339e153c5cd12bb915

SHA-256:

3cc36b297c2012b5a6a2d1568860380fa0a4a5992bc367d5e3a97c1abba633ac

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/23/2024 9:59:37 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic

16.2.20.19

File size:

406 KB (415,736 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\bin\tools\driverpack-wget.exe

Digital Signature

Signed by:

Kuzyakov Artur Vyacheslavovich IP

Authority:

Symantec Corporation

Valid from:

2/1/2016 12:00:00 AM

Valid to:

4/1/2018 11:59:59 PM

Subject:

CN=Kuzyakov Artur Vyacheslavovich IP, O=Kuzyakov Artur Vyacheslavovich IP, L=Moscow, S=Moscow, C=RU

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

158377DA2BD81EDC1F1DF9B7E343B3CB

File PE Metadata

Compilation timestamp:

4/25/2009 2:09:05 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

7.10

CTPH (ssdeep):

6144:poxkuaVJiysgokd+8L2LZ9aUedgk+TGk57rrpmNDEpO/YIPOWCiwYFnYab2:exkJLiynXvqjggpl57rrpmNQp2YIGRYe

Entry address:

0xED800

Entry point:

60, BE, 00, C0, 48, 00, 8D, BE, 00, 50, F7, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 19, 8B, 1E, 83, EE, FC, 11, DB, 72, 10, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 78, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11... 
[+]

Entropy:

7.9192

Packer / compiler:

UPX 2.90LZMA

Code size:

392 KB (401,408 bytes)

The file driverpack-wget.exe has been discovered within the following program.

DriverPack Cloud by DriverPack Solution

About 1% of users remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to redstation.com (188.227.170.13:80)

TCP (HTTP):

Connects to h188-227-175-225.host.redstation.co.uk (188.227.174.225:80)

TCP (HTTP):

Connects to h88-150-206-2.host.redstation.co.uk (88.150.206.2:80)

Remove driverpack-wget.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.