» DrvUpdater.exe
Overview
Analysis
File Details
Behaviors (1)

DrvUpdater.exe

DRP Su Updater

Kuzyakov Artur Vyacheslavovich IP

The application DrvUpdater.exe by Kuzyakov Artur Vyacheslavovich IP has been detected as a potentially unwanted program by 18 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘DrvUpdater’.

File name:

DrvUpdater.exe

Publisher:

Kuzyakov Artur Vyacheslavovich IP (signed and verified)

Product:

DRP Su Updater

Version:

0, 0, 25, 0

MD5:

8f1c873a5b305431e8b44ed5ca2f425e

SHA-1:

f7b8a7d144e377fb2e136ed45bf713cee40c2d18

SHA-256:

7d7dd90188bbc88c178c666251fa1ea648932d2f8d95638985745eeb2b534bc8

Scanner detections:

18 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 6:52:24 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Kryptik

7.1.1

AhnLab V3 Security

Win32/Kashu.E

2014.07.11

avast!

Win32:Sality

2014.9-160214

AVG

Win32/DH{gRKBEwN5ATYgJCIlDw}

2017.0.2834

Bkav FE

HW32.CDB

1.3.0.4246

Clam AntiVirus

Win.Worm.Chir-1403

0.98/21511

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.9.5.0

K7 AntiVirus

Virus

13.180.12683

McAfee

Artemis!D519458155B6

5600.6490

Microsoft Security Essentials

Threat.Undefined

1.177.2145.0

Norman

Sality.ZHB

11.20160214

Qihoo 360 Security

Malware.QVM19.Gen

1.0.0.1015

Reason Heuristics

Win32.Generic

16.2.14.8

SUPERAntiSpyware

Trojan.Agent/Gen-Sisron

9324

Trend Micro House Call

TROJ_FORUCON.BMC

7.2.45

Trend Micro

TROJ_FORUCON.BMC

10.465.14

VIPRE Antivirus

Trojan.Win32.Generic

41826

ViRobot

Trojan.Win32.S.Agent.196256.A[h]

2014.3.20.0

File size:

357.7 KB (366,235 bytes)

Product version:

0, 0, 25, 0

DriverPack Solution

Original file name:

DrvUpdater.exe

File type:

Executable application (Win32 EXE)

Language:

Russian (Russia)

Common path:

C:\users\{user}\appdata\roaming\drpsu\drvupdater.exe

Digital Signature

Signed by:

Kuzyakov Artur Vyacheslavovich IP

Authority:

COMODO CA Limited

Valid from:

2/28/2012 5:30:00 AM

Valid to:

2/28/2015 5:29:59 AM

Subject:

CN=Kuzyakov Artur Vyacheslavovich IP, O=Kuzyakov Artur Vyacheslavovich IP, STREET=24K1 Tashkentskaya ul., L=Moscow, S=Moscow, PostalCode=109472, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

008ED5EE3D985B31936DA24E4A4CC34419

File PE Metadata

Compilation timestamp:

4/28/2011 1:55:13 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:QdGvgKIR08uBlCfVOAIpl+4vcHz9ek6Rz6oSDWI:U9KtL+fVNID3Ueko6oSl

Entry address:

0x65BA0

Entry point:

60, BE, 00, F0, 43, 00, 8D, BE, 00, 20, FC, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 75, 33, 06, 00, 57, 83, C3, 04, 53, 68, 9B, 6B, 02, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Entropy:

5.3232

Code size:

160 KB (163,840 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

DrvUpdater

Command:

C:\users\{user}\appdata\roaming\drpsu\drvupdater.exe \hide

Remove DrvUpdater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.