» drivertoolkitinstaller.exe
Overview
Analysis
File Details
Downloads (1)

drivertoolkitinstaller.exe

DriverToolkit

Megaify Software

The executable drivertoolkitinstaller.exe, “DriverToolkit Setup ” has been detected as malware by 11 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.driverscape.com.

File name:

Publisher:

Megaify Software

Product:

DriverToolkit

Description:

DriverToolkit Setup

Version:

8.5

MD5:

31ce54c5f20c1c1f206707e05dba527e

SHA-1:

ee130c2a237d6c02dc1446d4022b9f532a4eb942

SHA-256:

0769f0d300f0ea0349738189f5aaae6551198dd93076e8ea681bfd1c82df2a57

Scanner detections:

11 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/26/2024 7:40:02 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160118-1

AVG

Win32/Sality

2015.0.4489

Clam AntiVirus

Win.Trojan.Application-1470

0.98/21324

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

10.0.0.5366

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.4702.0

Norman

Win32.Sality.3

11.01.2016 17:30:26

VIPRE Antivirus

Threat.4721115

46826

File size:

2.4 MB (2,523,104 bytes)

Product version:

8.5.0.0

File type:

Executable application (Win32 EXE)

Language:

Neovisno o jeziku

Common path:

C:\users\{user}\downloads\drivertoolkitinstaller.exe

File PE Metadata

Compilation timestamp:

10/13/2013 10:19:32 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:JkhLg3LcSpYqQLyUf42fy6A4OeOqdAIjtYKmbaS/0GfVfcDi9r:xLcSpd8yEzvPlK1JODiN

Entry address:

0x113BC

Entry point:

86, CB, F6, C5, 2A, B0, 8C, F7, C1, 89, 00, E9, BB, F6, C6, 96, 29, DA, 10, E1, 8D, 0D, AB, F0, 1D, 52, B0, 9C, 3C, 8F, FF, C2, F2, E8, 46, 00, 00, 00, 03, DB, F3, 81, EA, 30, 25, F1, E5, 8A, E3, 87, C0, F3, 86, FE, 49, C7, C6, 08, 9B, 21, D6, 11, DF, B3, D9, 30, DA, B8, 18, D4, 00, 00, 09, FF, 86, F7, 35, D6, 79, 00, 00, 32, F5, 19, FF, F3, C7, C2, 87, 5D, D2, B4, 8B, E8, BA, 98, CC, FF, 15, 11, EF, 43, 81, C5, 26, 0F, 00, 00, 0F, BE, D6, C6, C4, 4F, F7, C7, 5D, 5A, B8, 5B, 81, C1, 76, 52, 04, A8, B8, 43... 
[+]

Entropy:

7.9749 (probably packed)

Code size:

63.5 KB (65,024 bytes)

The file drivertoolkitinstaller.exe has been seen being distributed by the following URL.

http://www.driverscape.com/.../DriverToolkitInstaller.exe

Remove drivertoolkitinstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.