home

easydriverpro.exe

Easy Driver Pro

Probit Software LTD

The application easydriverpro.exe by Probit Software has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from s5930.chomikuj.pl and multiple other hosts. While running, it connects to the Internet address server-54-192-3-167.lhr5.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Probit Software LTD  (signed and verified)

Product:
Easy Driver Pro

Version:
8.0.3.0

MD5:
a06522dc345f229ea2895f78e83b9b7b

SHA-1:
3f153eaa7b622d2db842864c9af3087cad0ed468

SHA-256:
4e4a4886e6bd57b01a4dda68465588477d07e733127dfccc8a9d729a1c75f161

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/16/2024 5:46:33 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.ProbitSoftware.N
14.4.21.9

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

File size:
642.2 KB (657,592 bytes)

Product version:
8.0.3.0

Copyright:
Probit Software LTD

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\Program Files\easydriverpro.exe

Digital Signature
Signed by:
Probit Software LTD

Authority:
VeriSign, Inc.

Valid from:
10/23/2012 1:00:00 AM

Valid to:
11/22/2013 11:59:59 PM

Subject:
CN=Probit Software LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Probit Software LTD, L="Herzeliya ", S=Sharon, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
48F9535EDA4A26DA1B5DC764AEEE8209

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:5gn2ZWniJwYIczVmjuldONAvA7KGbNuwoafu+JIyYOa+aPuLRapJr:5g2Z6iJBSudONgA7XUCG+JIyd9aT

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9569

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file easydriverpro.exe has been seen being distributed by the following 2 URLs.

http://s5930.chomikuj.pl/File.aspx?e=Hr7AigQFq5PDOX2g1CEXT6O-aPow8n4LKf-4ylPQ8KztVnwMDTcN8CtTzJrv7MhzTORDZVETHZg4iTo9hxHlF697qqKaqsgf421fAx3-Zj-RoZ8xsWuCmtLKg33k3aI9Z0lAA4WplU8U7fUuh-NF9F3QuZiqngqwnTONrGjbMKjqDI2BIUTbYVtN1qb8K1Hv&pv=2

http://download.easydriverpro.com/publishers/3/.../EasyDriverPro.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-23-21-44-113.compute-1.amazonaws.com  (23.21.44.113:80)

TCP (HTTP):
Connects to server-54-192-3-167.lhr5.r.cloudfront.net  (54.192.3.167:80)

Remove easydriverpro.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.