» DrvUpdater.exe
Overview
Analysis
File Details
Behaviors (1)

DrvUpdater.exe

DRP Su Updater

Kuzyakov Artur Vyacheslavovich IP

The application DrvUpdater.exe by Kuzyakov Artur Vyacheslavovich IP has been detected as a potentially unwanted program by 18 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘DrvUpdater’.

File name:

DrvUpdater.exe

Publisher:

Kuzyakov Artur Vyacheslavovich IP (signed and verified)

Product:

DRP Su Updater

Version:

0, 0, 25, 0

MD5:

9a82a7dbf9a5d379dac0047f4d934122

SHA-1:

274ea3d098bd2ed69d2922b110271fec5fc5650d

Scanner detections:

18 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 6:06:40 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Kryptik

7.1.1

AhnLab V3 Security

Win32/Kashu.E

2014.07.11

avast!

Win32:Sality

2014.9-160207

AVG

Win32/DH{gRKBEwN5ATYgJCIlDw}

2017.0.2840

Bkav FE

HW32.CDB

1.3.0.4246

Clam AntiVirus

Win.Worm.Chir-1403

0.98/21511

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.9.5.0

K7 AntiVirus

Virus

13.180.12683

McAfee

Artemis!D519458155B6

5600.6496

Microsoft Security Essentials

Threat.Undefined

1.177.2145.0

Norman

Sality.ZHB

11.20160207

Qihoo 360 Security

Malware.QVM19.Gen

1.0.0.1015

Reason Heuristics

Win32.Generic

16.2.7.23

SUPERAntiSpyware

Trojan.Agent/Gen-Sisron

9337

Trend Micro House Call

TROJ_FORUCON.BMC

7.2.38

Trend Micro

TROJ_FORUCON.BMC

10.465.07

VIPRE Antivirus

Trojan.Win32.Generic

41826

ViRobot

Trojan.Win32.S.Agent.196256.A[h]

2014.3.20.0

File size:

14.1 MB (14,733,312 bytes)

Product version:

0, 0, 25, 0

DriverPack Solution

Original file name:

DrvUpdater.exe

File type:

Executable application (Win32 EXE)

Language:

Russe

Common path:

C:\Documents and Settings\{user}\Application data\drpsu\drvupdater.exe

Digital Signature

Signed by:

Kuzyakov Artur Vyacheslavovich IP

Authority:

COMODO CA Limited

Valid from:

2/28/2012 1:00:00 AM

Valid to:

2/28/2015 12:59:59 AM

Subject:

CN=Kuzyakov Artur Vyacheslavovich IP, O=Kuzyakov Artur Vyacheslavovich IP, STREET=24K1 Tashkentskaya ul., L=Moscow, S=Moscow, PostalCode=109472, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

008ED5EE3D985B31936DA24E4A4CC34419

File PE Metadata

Compilation timestamp:

4/28/2011 10:25:13 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:QdGvgKIR08uBlCfVOAIpl+4vcHz9ek6Rz6oSDWI:U9KtL+fVNID3Ueko6oSl

Entry address:

0x65BA0

Entry point:

60, BE, 00, F0, 43, 00, 8D, BE, 00, 20, FC, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 75, 33, 06, 00, 57, 83, C3, 04, 53, 68, 9B, 6B, 02, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Code size:

160 KB (163,840 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

DrvUpdater

Command:

C:\Documents and Settings\{user}\Application data\drpsu\drvupdater.exe

Remove DrvUpdater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.