» driverwhiz.exe
Overview
Analysis
File Details
Programs (1)
Downloads (1)

driverwhiz.exe

Driver Whiz

1NSTALL (383 MEDIA, INC.)

The application driverwhiz.exe by 1NSTALL (383 MEDIA, INC.) has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program Toolwiz Time Freeze 2015 by ToolWiz. The file has been seen being downloaded from download.driverwhiz.com.

File name:

driverwhiz.exe

Publisher:

383 Media, Inc. (signed by 1NSTALL (383 MEDIA, INC.))

Product:

Driver Whiz

Version:

1.0

MD5:

48be36de7968f265f02560a11ac15662

SHA-1:

cedee0e7bd7aa288f0dd8d83fd33ddacdc3feb86

SHA-256:

56a627045fdce7af9ac242f365e494c92824ac1e6c01496064d1a952a0f6e1e9

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 6:12:02 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Optional.Installer.K

14.7.16.17

File size:

6.7 MB (6,996,376 bytes)

Product version:

1.0

Trademarks:

Original file name:

DriverWhizSetup.exe

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\driverwhiz.exe

Digital Signature

Signed by:

1NSTALL (383 MEDIA, INC.)

Authority:

Symantec Corporation

Valid from:

7/31/2013 2:00:00 AM

Valid to:

5/25/2015 1:59:59 AM

Subject:

CN="1NSTALL (383 MEDIA, INC.)", O="1NSTALL (383 MEDIA, INC.)", L=Pleasanton, S=California, C=US, SERIALNUMBER=C3341789, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:

CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

059C2A47830CA2BB198B8CCF1DFBBA93

File PE Metadata

Compilation timestamp:

12/25/2013 6:01:35 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:cW72sZko5QQh1M17cD/nXW6/O3v2pUwJzBOafcpwa5VB0hF+kG:cO2sZbQQhA7cjXW66wz4afLSB2F+k

Entry address:

0x3219

Entry point:

81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 08, A3, 98, 37, 42, 00, E8, AD, 2D, 00, 00, A3, E4, 36, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, A0, EC, 41, 00, FF, 15, 64, 71, 40, 00, 68, E4, 91, 40, 00, 68, E0, 2E, 42, 00, E8, 57, 2A, 00, 00, FF, 15, B0, 70, 40, 00, BD, 00, 90, 42, 00, 50, 55, E8, 45, 2A... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file driverwhiz.exe has been discovered within the following program.

Toolwiz Time Freeze 2015 by ToolWiz

www.Toolwiz.com

About 5% of users remove it

The file driverwhiz.exe has been seen being distributed by the following URL.

http://download.driverwhiz.com/dw2/dwinternal2/.../Driverwhiz.exe

Remove driverwhiz.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.