home

installdrv64.exe

Osirius bv

The executable installdrv64.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
Osirius bv  (signed and verified)

MD5:
5de6c81d5b586e33d34f46a6998a1be3

SHA-1:
3efc1e48786754e3dc7079affe7b31e84254acbb

SHA-256:
26c690cf47f0d80b33ab346d1d1c4824f3200cc71b87055fdf8118e789a37356

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/16/2024 6:50:45 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.1.30.12

File size:
35 KB (35,840 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\apps\2.0\26cdyhxq.jdz\9k641pjm.ljr\ritt...exe_c9b642e5b0c29bec_000c.0003_nl_cc3e2910d697c456\usb_driver\installdrv64.exe

Digital Signature
Signed by:
Osirius bv

Authority:
The USERTRUST Network

Valid from:
4/29/2009 2:00:00 AM

Valid to:
4/30/2011 1:59:59 AM

Subject:
CN=Osirius bv, O=Osirius bv, STREET=Emeraldpad 8, L=Rosmalen, S=Noord-Brabant, PostalCode=5247 KG, C=NL

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
38D71FB8894D3C9AC48A18359549B8A8

File PE Metadata
Compilation timestamp:
4/13/2007 9:03:32 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
768:UvTKKL56Sy03LfzOrXdlCg0aiALw4/9f6:OckLfzWdltLwof6

Entry address:
0x1DE0

Entry point:
48, 83, EC, 38, 48, 89, 5C, 24, 50, 48, 89, 7C, 24, 58, FF, 15, 2C, F2, FF, FF, 48, 8B, C8, 33, D2, 41, B8, 94, 00, 00, 00, FF, 15, 13, F2, FF, FF, 48, 8B, D8, 48, 85, C0, 75, 0A, B8, FF, 00, 00, 00, E9, 04, 02, 00, 00, C7, 00, 94, 00, 00, 00, 48, 8B, C8, FF, 15, EA, F1, FF, FF, 85, C0, 75, 1E, FF, 15, F0, F1, FF, FF, 48, 8B, C8, 4C, 8B, C3, 33, D2, FF, 15, CA, F1, FF, FF, B8, FF, 00, 00, 00, E9, D3, 01, 00, 00, 8B, 43, 10, 89, 05, 53, 6B, 00, 00, 8B, 43, 04, 89, 05, 56, 6B, 00, 00, 8B, 43, 08, 89, 05, 51...
 
[+]

Code size:
27 KB (27,648 bytes)

Remove installdrv64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.