driversupport.exe

PC DRIVERS HEADQUARTERS I, INC

The application driversupport.exe, “This installer database contains the logic and data required to install Driver Support.” by PC DRIVERS HEADQUARTERS I, INC has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from secure.driversupport.com.
Remove driversupport.exe - Powered by Reason Core Security
Publisher:
Driver Support  (signed by PC DRIVERS HEADQUARTERS I, INC)

Product:
Driver Support

Description:
This installer database contains the logic and data required to install Driver Support.

Version:
8.1

MD5:
27c7c82aa8d2967719aa35f5f2f69c2e

SHA-1:
c75bd00eb22182db055114580d5306c400b37e54

SHA-256:
c781ff0193524541f94c7d954c2682fa3f4843dfe7de99fee128ea5f7e493838

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/10/2016 9:32:39 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.PC Drivers.Installer
15.10.11.0

Remove driversupport.exe - Powered by Reason Core Security
File size:
1.9 MB (2,001,384 bytes)

Product version:
8.1

Copyright:
Copyright (C) 2009 Driver Support

Original file name:
InstallShield Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/1/2014 2:00:00 AM

Valid to:
4/1/2017 1:59:59 AM

Subject:
CN="PC DRIVERS HEADQUARTERS I, INC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="PC DRIVERS HEADQUARTERS I, INC", L=Austin, S=Texas, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
232416539390C43928675201CA23CB3F

File PE Metadata
Compilation timestamp:
10/2/2013 7:23:06 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:NYIxpjIpAfA+mJYNVTdCuGXccoWcriuP5F:NY1pAfAxJAGscSriuRF

Entry address:
0x98FAB

Entry point:
E8, 4E, 28, 01, 00, E9, 79, FE, FF, FF, 85, C0, 74, 0D, 33, C9, 85, C0, 0F, 9F, C1, 8D, 4C, 09, FF, 8B, C1, C3, 0F, B6, 00, 0F, B6, 09, 2B, C1, 74, 0D, 33, C9, 85, C0, 0F, 9F, C1, 8D, 4C, 09, FF, 8B, C1, C3, 66, 8B, 06, 66, 3B, 01, 74, 35, 0F, B6, 11, 0F, B6, C0, 2B, C2, 74, 11, 33, D2, 85, C0, 0F, 9F, C2, 8D, 54, 12, FF, 8B, C2, 85, C0, 75, 1C, 0F, B6, 46, 01, 0F, B6, 49, 01, 2B, C1, 74, 10, 33, C9, 85, C0, 0F, 9F, C1, 8D, 4C, 09, FF, 8B, C1, C3, 33, C0, C3, 8B, 06, 3B, 01, 74, 6F, 0F, B6, 11, 0F, B6, C0...
 
[+]

Code size:
911 KB (932,864 bytes)

The file driversupport.exe has been seen being distributed by the following URL.

Remove driversupport.exe - Powered by Reason Core Security