home

driverupdater.exe

SuperEasy Driver Updater

SuperEasy Software GmbH & Co. KG

The application driverupdater.exe, “SuperEasy Driver Updater Setup ” by SuperEasy Software GmbH & Co. KG has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. This file is typically installed with the program Toolwiz BSafe by ToolWiz. The file has been seen being downloaded from arkiv.idg.se and multiple other hosts.
Publisher:
SuperEasy Software GmbH & Co. KG   (signed by SuperEasy Software GmbH & Co. KG)

Product:
SuperEasy Driver Updater

Description:
SuperEasy Driver Updater Setup

Version:
1.1.1

MD5:
e40877e2afbe8c6d2a6746b3f2b2527b

SHA-1:
82190b4d6fa75122de98b618b9af4fa62387335a

SHA-256:
10b29ed78479047e45ba5f7af08d079cb592ab9c560193b0b61582e22009fb7a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 12:46:14 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Installer.N
14.12.16.10

File size:
4.6 MB (4,826,960 bytes)

Product version:
1.1.1

Copyright:
SuperEasy Software GmbH & Co. KG

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\driverupdater.exe

Digital Signature
Signed by:
SuperEasy Software GmbH & Co. KG

Authority:
VeriSign, Inc.

Valid from:
9/3/2012 2:00:00 AM

Valid to:
9/3/2013 1:59:59 AM

Subject:
CN=SuperEasy Software GmbH & Co. KG, OU=www.supereasy.de, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SuperEasy Software GmbH & Co. KG, L=Dortmund, S=Nordrhein-Westfalen, C=DE

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
637BC8D2AC7EC84A3EE1611C0A3C5491

File PE Metadata
Compilation timestamp:
2/9/2011 1:43:39 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:hND1elRN9fN5JY+NgQmBUof//mR4rO6EGJd7pkBmCYDSPysTy:hNpelRP7+kuUo3/G4y6hTZCYDSPI

Entry address:
0x16478

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B0, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 4E, EC, FF, FF, E8, F5, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, AC, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, AC, D6, 41, 00, B2, 01...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
84 KB (86,016 bytes)

The file driverupdater.exe has been discovered within the following program.

Toolwiz BSafe  by ToolWiz
www.Toolwiz.com
About 9% of users remove it
 
Powered by Should I Remove It?

The file driverupdater.exe has been seen being distributed by the following 2 URLs.

http://arkiv.idg.se/pfa/.../driverupdater.exe

http://download.engelmann.com/driverupdater.exe

Remove driverupdater.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.