» driverwhiz.exe
Overview
Analysis
File Details
Downloads (1)

driverwhiz.exe

Driver Whiz

Secure Installer Inc

This is part of the Air Installer, a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application driverwhiz.exe by Secure Installer Inc has been detected as adware by 3 anti-malware scanners. The program is a setup application that uses the AirInstaller Download Manager installer. The file has been seen being downloaded from download.driverwhiz.com.

File name:

driverwhiz.exe

Publisher:

383 Media, Inc. (signed by Secure Installer Inc)

Product:

Driver Whiz

Version:

2.5.3

MD5:

4b14d4c23882fca8492890bf13bddfa1

SHA-1:

cb7dd53f5495d977bb89f7df77924fc314397e8c

SHA-256:

ade95ddadba73959f8e45ac19b2419aee2159c372a62e483b093b959cd816478

Scanner detections:

3 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 9:45:35 PM UTC (today)

Scan engine

Detection

Engine version

Clam AntiVirus

Win.Adware.Agent-59058

0.98/21511

Dr.Web

Program.Unwanted.796

9.0.1.0315

Reason Heuristics

PUP.Air Software.SecureInstaller.Installer (M)

15.11.11.8

File size:

8.8 MB (9,175,968 bytes)

Product version:

2.5.3

Trademarks:

Original file name:

DriverWhizSetup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

AirInstaller Download Manager (using Nullsoft Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\driverwhiz.exe

Digital Signature

Signed by:

Secure Installer Inc

Authority:

Symantec Corporation

Valid from:

11/6/2014 1:00:00 AM

Valid to:

11/7/2015 12:59:59 AM

Subject:

CN=Secure Installer Inc, O=Secure Installer Inc, L=Pleasanton, S=California, C=US, SERIALNUMBER=C3712890, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:

CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

2D22C5F63B1EEA2D802C435A5D079FDE

File PE Metadata

Compilation timestamp:

12/25/2013 6:01:35 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

196608:hL0QWPY5P8LRD5vgUoNGE8+euVCHYVoB2+:hL0QWA6RxAsE8+ng2H+

Entry address:

0x3219

Entry point:

81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 08, A3, 98, 37, 42, 00, E8, AD, 2D, 00, 00, A3, E4, 36, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, A0, EC, 41, 00, FF, 15, 64, 71, 40, 00, 68, E4, 91, 40, 00, 68, E0, 2E, 42, 00, E8, 57, 2A, 00, 00, FF, 15, B0, 70, 40, 00, BD, 00, 90, 42, 00, 50, 55, E8, 45, 2A... 
[+]

Entropy:

7.9998

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file driverwhiz.exe has been seen being distributed by the following URL.

http://download.driverwhiz.com/dw2/dwinternal2/dw2.5.4/.../Driverwhiz.exe

Remove driverwhiz.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.