home

driverupdate.exe

SlimWare Downloader

SlimWare Utilities, Inc.

The application driverupdate.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from ak.ssl.imgfarm.com.
Publisher:
SlimWare Utilities, Inc.

Product:
SlimWare Downloader

Version:
2.3.0

MD5:
0bf942ef13aec8acb9f13a0d1efa04c9

SHA-1:
a14d4b7f692e8ad09ed5d57b4583dca06fad8e51

SHA-256:
ddf2e8f58f55e362e24cce3238c911867248a0133b59645110f48474dc8f9131

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/9/2024 12:49:02 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.SlimWare (L)
16.8.2.11

File size:
374 KB (382,940 bytes)

Product version:
2.3.0

Copyright:
Copyright 2014 SlimWare Utilities, Inc.

Original file name:
SlimWareDownloader.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\driverupdate.exe

File PE Metadata
Compilation timestamp:
8/27/2015 2:04:39 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:SZ7d93lEE5lj2UpA5p4946fJHJ9Ebn3nwjigrbcv0ir:SpnlEgKUpA5pwJx4qvcv0o

Entry address:
0x35000

Entry point:
90, 68, F0, 09, 4C, 00, 5B, BA, 22, 50, 43, 00, 90, 90, BF, 98, 05, 00, 00, FF, 34, 3A, 31, 1C, 24, 8F, 04, 3A, 83, EF, 04, 90, 90, 75, F0, 90, 90, 90, 18, 74, 4D, 00, F0, 09, 4C, 00, F0, 09, 0C, 00, 32, F5, 4C, 00, A0, 28, 4F, 00, 2C, 2E, 4F, 00, F0, B9, 4E, 00, F1, 09, 4C, 00, EC, F9, 0D, 00, 46, 8D, 0E, 00, 32, 8D, 0E, 00, CC, 65, 4E, 00, 44, 8D, 4E, 00, 30, 8D, 4E, 00, EC, D3, 4D, 00, 44, 8D, 4E, 00, 30, 8D, 4E, 00, F0, 09, 4C, 00, F0, 09, 4C, 00, F0, 09, 4C, 00, F0, 09, 4C, 00, F0, 09, 4C, 00, F0, 09...
 
[+]

Entropy:
7.3728

Code size:
117.5 KB (120,320 bytes)

The file driverupdate.exe has been seen being distributed by the following URL.

https://ak.ssl.imgfarm.com/images/nocache/mindspark/offers/slimware/driverupdate/v1/.../DriverUpdate.exe

Remove driverupdate.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.