ethernet_controller_e0000203.exe

oTweak Software LLC

The application ethernet_controller_e0000203.exe by oTweak Software has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.win7drivers.com and multiple other hosts.
Publisher:
oTweak Software LLC  (signed and verified)

MD5:
90ba739e345dca42e0cd638d4ff42ccc

SHA-1:
8a6b25d1409162b08faf7225e444c406b49a9cd2

SHA-256:
e558171587b80ef87d0761655b85b404d1792a0d0f31061f2a478cf8cd539b50

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
7/1/2026 11:15:03 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Program.Unwanted.257
9.0.1.0149

NANO AntiVirus
Riskware.Nsis.Unwanted.dpybkw
0.30.24.1636

Reason Heuristics
PUP.oTweak.Optional.Installer.Meta (L)
15.12.1.12

Trend Micro House Call
Suspicious_GEN.F47V0505
7.2.149

File size:
3.6 MB (3,751,448 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\programs\ethernet_controller_e0000203.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
3/5/2015 12:00:00 AM

Valid to:
3/4/2017 11:59:59 PM

Subject:
CN=oTweak Software LLC, O=oTweak Software LLC, L=Rostov-Na-Donu, S=Rostovskaya obl., C=RU

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
1BA315B89D1AF7C2CB153F29392B2B78

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:evdL+xLHqLS2GEygs29byZi0LGntb0NdZiK4iRPd:q6JqWfyQoKT4iP

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file ethernet_controller_e0000203.exe has been seen being distributed by the following 4 URLs.

Remove ethernet_controller_e0000203.exe - Powered by Reason Core Security