» DrvUpdater.exe
Overview
Analysis
File Details
Behaviors (1)

DrvUpdater.exe

DRP Su Updater

Kuzyakov Artur Vyacheslavovich IP

The application DrvUpdater.exe by Kuzyakov Artur Vyacheslavovich IP has been detected as a potentially unwanted program by 18 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘DrvUpdater’.

File name:

DrvUpdater.exe

Publisher:

Kuzyakov Artur Vyacheslavovich IP (signed and verified)

Product:

DRP Su Updater

Version:

0, 0, 25, 0

MD5:

d4132bb503eaba43c55f3b7c7c0daf33

SHA-1:

cb394dcc9e6d5e422d09542bf36d704fc14d42f4

SHA-256:

7344784a82481a64fc865bc8f36b2bc77cb876cb38f9990990af9fd1c4ee6905

Scanner detections:

18 / 68

Status:

Potentially unwanted

Analysis date:

4/18/2024 12:22:18 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Kryptik

7.1.1

AhnLab V3 Security

Win32/Kashu.E

2014.07.11

avast!

Win32:Sality

2014.9-160214

AVG

Win32/DH{gRKBEwN5ATYgJCIlDw}

2017.0.2834

Bkav FE

HW32.CDB

1.3.0.4246

Clam AntiVirus

Win.Worm.Chir-1403

0.98/21511

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.9.5.0

K7 AntiVirus

Virus

13.180.12683

McAfee

Artemis!D519458155B6

5600.6490

Microsoft Security Essentials

Threat.Undefined

1.177.2145.0

Norman

Sality.ZHB

11.20160214

Qihoo 360 Security

Malware.QVM19.Gen

1.0.0.1015

Reason Heuristics

Win32.Generic

16.2.14.6

SUPERAntiSpyware

Trojan.Agent/Gen-Sisron

9324

Trend Micro House Call

TROJ_FORUCON.BMC

7.2.45

Trend Micro

TROJ_FORUCON.BMC

10.465.14

VIPRE Antivirus

Trojan.Win32.Generic

41826

ViRobot

Trojan.Win32.S.Agent.196256.A[h]

2014.3.20.0

File size:

190.7 KB (195,256 bytes)

Product version:

0, 0, 25, 0

DriverPack Solution

Original file name:

DrvUpdater.exe

File type:

Executable application (Win32 EXE)

Language:

Russian (Russia)

Common path:

C:\users\{user}\appdata\roaming\drpsu\drvupdater.exe

Digital Signature

Signed by:

Kuzyakov Artur Vyacheslavovich IP

Authority:

COMODO CA Limited

Valid from:

2/27/2012 4:00:00 PM

Valid to:

2/27/2015 3:59:59 PM

Subject:

CN=Kuzyakov Artur Vyacheslavovich IP, O=Kuzyakov Artur Vyacheslavovich IP, STREET=24K1 Tashkentskaya ul., L=Moscow, S=Moscow, PostalCode=109472, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

008ED5EE3D985B31936DA24E4A4CC34419

File PE Metadata

Compilation timestamp:

4/28/2011 1:25:13 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:Vj52RXf17lQSfIR08uBlCfsUaJAgtpl+xu+QXGOw07mEiEo+C9eIT6RfbtDw9ouJ:VdGvgKIR08uBlCfVOAIpl+4vcHz9ek6k

Entry address:

0x65BA0

Entry point:

60, BE, 00, F0, 43, 00, 8D, BE, 00, 20, FC, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 75, 33, 06, 00, 57, 83, C3, 04, 53, 68, 9B, 6B, 02, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Entropy:

7.8818 (probably packed)

Code size:

160 KB (163,840 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

DrvUpdater

Command:

C:\users\{user}\appdata\roaming\drpsu\drvupdater.exe \hide

Remove DrvUpdater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.