» DrvUpdater.exe
Overview
Analysis
File Details
Behaviors (1)

DrvUpdater.exe

DRP Su Updater

Kuzyakov Artur Vyacheslavovich IP

The application DrvUpdater.exe by Kuzyakov Artur Vyacheslavovich IP has been detected as a potentially unwanted program by 23 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘DrvUpdater’.

File name:

DrvUpdater.exe

Publisher:

Kuzyakov Artur Vyacheslavovich IP (signed and verified)

Product:

DRP Su Updater

Version:

0, 0, 25, 0

MD5:

1afd4c98346e424649ec79aad771291d

SHA-1:

ccbf37f5df79d27d8f4a7326c5da16e44486f4e2

Scanner detections:

23 / 68

Status:

Potentially unwanted

Analysis date:

4/18/2024 10:46:13 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Kryptik

7.1.1

AhnLab V3 Security

Win32/Kashu.E

2014.07.11

avast!

Win32:Sality

2014.9-160210

AVG

Win32/DH{gRKBEwN5ATYgJCIlDw}

2017.0.2837

Bkav FE

HW32.CDB

1.3.0.4246

Clam AntiVirus

Win.Worm.Chir-1403

0.98/21511

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.9.5.0

K7 AntiVirus

Virus

13.180.12683

McAfee

Artemis!D519458155B6

5600.6493

Microsoft Security Essentials

Threat.Undefined

1.177.2145.0

Norman

Sality.ZHB

11.20160210

Qihoo 360 Security

Malware.QVM19.Gen

1.0.0.1015

Reason Heuristics

Win32.Generic

16.2.10.15

SUPERAntiSpyware

Trojan.Agent/Gen-Sisron

9332

Trend Micro House Call

TROJ_FORUCON.BMC

7.2.41

Trend Micro

TROJ_FORUCON.BMC

10.465.10

VIPRE Antivirus

Trojan.Win32.Generic

41826

ViRobot

Trojan.Win32.S.Agent.196256.A[h]

2014.3.20.0

File size:

283.2 KB (289,947 bytes)

Product version:

0, 0, 25, 0

DriverPack Solution

Original file name:

DrvUpdater.exe

File type:

Executable application (Win32 EXE)

Language:

Russian

Common path:

C:\Documents and Settings\{user}\Application data\drpsu\drvupdater.exe

Digital Signature

Signed by:

Kuzyakov Artur Vyacheslavovich IP

Authority:

COMODO CA Limited

Valid from:

2/28/2012 7:00:00 AM

Valid to:

2/28/2015 6:59:59 AM

Subject:

CN=Kuzyakov Artur Vyacheslavovich IP, O=Kuzyakov Artur Vyacheslavovich IP, STREET=24K1 Tashkentskaya ul., L=Moscow, S=Moscow, PostalCode=109472, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

008ED5EE3D985B31936DA24E4A4CC34419

File PE Metadata

Compilation timestamp:

4/28/2011 3:25:13 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:QdGvgKIR08uBlCfVOAIpl+4vcHz9ek6RzGDWIvZ4zytbLiop:U9KtL+fVNID3UekoGlh4zkeop

Entry address:

0x65BA0

Entry point:

60, E8, 00, 00, 00, 00, 5B, 81, EB, D0, 48, 38, 00, 83, EC, 74, 8B, EC, 8B, 83, AB, 4B, 38, 00, 89, 45, 00, 8B, 83, B3, 4B, 38, 00, 03, 45, 00, 89, 45, 2C, 8B, 83, B7, 4B, 38, 00, 03, 45, 00, 89, 45, 30, C7, 45, 14, 00, 00, 00, 00, C7, 45, 18, 00, 00, 00, 00, C7, 45, 1C, 00, 00, 00, 00, 8B, 45, 14, FF, 45, 14, 66, 33, C9, 8A, 8C, 03, FF, 4B, 38, 00, 84, C9, 74, 7A, 8B, 45, 1C, 66, 01, 4D, 1C, 03, C3, 05, 13, 4C, 38, 00, 50, 8B, 45, 2C, FF, 10, 85, C0, 0F, 84, 5E, 02, 00, 00, 89, 45, 10, 8B, 45, 1C, 03, C3... 
[+]

Packer / compiler:

ASPack v1.08.04

Code size:

160 KB (163,840 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

DrvUpdater

Command:

C:\Documents and Settings\{user}\Application data\drpsu\drvupdater.exe

Remove DrvUpdater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.