home

DrvUpdater.exe

DRP Su Updater

Kuzyakov Artur Vyacheslavovich IP

The application DrvUpdater.exe by Kuzyakov Artur Vyacheslavovich IP has been detected as a potentially unwanted program by 2 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘DrvUpdater’. This file is typically installed with the program DriverPack Solution Updater by DriverPack Solution. While running, it connects to the Internet address redstation.com on port 80 using the HTTP protocol.
Publisher:
Kuzyakov Artur Vyacheslavovich IP  (signed and verified)

Product:
DRP Su Updater

Version:
0, 0, 24, 0

MD5:
09c027e45c184b7511880dfc1c975348

SHA-1:
a50dc83629638af7a4843b3cf4b4ae818fe7f3c8

SHA-256:
bde7ca432d62410139cfce0ab03d3c0bd79c870db6ea4ab73a27265255bfbf44

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/27/2024 3:18:30 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Kryptik
7.1.1

Reason Heuristics
PUP.KuzyakovArturVyacheslavovichIP.K
14.3.16.14

File size:
185.8 KB (190,296 bytes)

Product version:
0, 0, 24, 0

Copyright:
DriverPack Solution

Original file name:
DrvUpdater.exe

File type:
Executable application (Win32 EXE)

Language:
Russian (Russia)

Common path:
C:\users\{user}\appdata\roaming\drpsu\drvupdater.exe

Digital Signature
Signed by:
Kuzyakov Artur Vyacheslavovich IP

Authority:
The USERTRUST Network

Valid from:
2/2/2011 1:00:00 AM

Valid to:
2/3/2012 12:59:59 AM

Subject:
CN=Kuzyakov Artur Vyacheslavovich IP, O=Kuzyakov Artur Vyacheslavovich IP, STREET=24K1 Tashkentskaya ul., L=Moscow, S=Moscow, PostalCode=109472, C=RU

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
00E5C4EAB464541F8F7B626D48957E6605

File PE Metadata
Compilation timestamp:
3/18/2011 4:32:18 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:vd81yns6Dgi/OJAKuV+wbpWZYnfpZwHtnL0uTx5v6BoutqaWZDiLE:21QHg0O2HbpsYnhZwHthv6BoSVW4w

Entry address:
0x62060

Entry point:
60, BE, 00, C0, 43, 00, 8D, BE, 00, 50, FC, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, AA, 02, 06, 00, 57, 83, C3, 04, 53, 68, 5E, 60, 02, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.8711  (probably packed)

Code size:
156 KB (159,744 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
DrvUpdater

Command:
C:\users\{user}\appdata\roaming\drpsu\drvupdater.exe


The file DrvUpdater.exe has been discovered within the following program.

DriverPack Solution Updater  by DriverPack Solution
DriverPack Solution Updater is the updater program which runs with Windows (in the background as a service) and automatically starts up when your computer boots. It checks for updates and automatically downloads and installs them if found based on the user's settings.
56% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to redstation.com  (81.94.192.167:80)

TCP (HTTP):
Connects to h188-227-175-225.host.redstation.co.uk  (188.227.174.225:80)

TCP (HTTP):
Connects to h88-150-206-2.host.redstation.co.uk  (88.150.206.2:80)

Remove DrvUpdater.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.