home

installdrv64.exe

The executable installdrv64.exe has been detected as malware by 7 anti-virus scanners. This is a setup program which is used to install the application. Additionally, the file is typically installed by a number of programs including Phone Suite by Donin Chang and PC Sync Manager by Mobistel. The file has been seen being downloaded from doc-04-5s-docs.googleusercontent.com and multiple other hosts.
MD5:
b9a724abbba96c6b4c0d68f781f00257

SHA-1:
ff95c918708cf51d9110f3d9981d466903c1a222

SHA-256:
73c2f9b8e652699c583e469059c41f05c95206a01d215896c49355f78d0d7fb4

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
1/4/2026 3:45:03 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
W32/Slugin.A
7.11.217.198

avast!
Win32:Patched-HO [Trj]
2014.9-150522

Dr.Web
Trojan.MulDrop3.48024
9.0.1.0142

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.2002

Microsoft Security Essentials
Virus:Win32/Slugin.A!dll
1.1.11400.0

Norman
Troj_Generic.WUWEV
11.20150522

Reason Heuristics
Threat.Win.Reputation.IMP
15.5.22.10

File size:
32.5 KB (33,280 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\driver\installdrv64.exe

File PE Metadata
Compilation timestamp:
4/13/2007 3:03:32 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
384:5Y0LC+UKkohvpoL56qpny00mKgW+zOX7aordlkEIRfzK1my0kFiKlL/oRu:CvTKKL56Sy03LfzOrXdlCg0aiALw4

Entry address:
0x1DE0

Entry point:
48, 83, EC, 38, 48, 89, 5C, 24, 50, 48, 89, 7C, 24, 58, FF, 15, 2C, F2, FF, FF, 48, 8B, C8, 33, D2, 41, B8, 94, 00, 00, 00, FF, 15, 13, F2, FF, FF, 48, 8B, D8, 48, 85, C0, 75, 0A, B8, FF, 00, 00, 00, E9, 04, 02, 00, 00, C7, 00, 94, 00, 00, 00, 48, 8B, C8, FF, 15, EA, F1, FF, FF, 85, C0, 75, 1E, FF, 15, F0, F1, FF, FF, 48, 8B, C8, 4C, 8B, C3, 33, D2, FF, 15, CA, F1, FF, FF, B8, FF, 00, 00, 00, E9, D3, 01, 00, 00, 8B, 43, 10, 89, 05, 53, 6B, 00, 00, 8B, 43, 04, 89, 05, 56, 6B, 00, 00, 8B, 43, 08, 89, 05, 51...
 
[+]

Code size:
27 KB (27,648 bytes)

The file installdrv64.exe has been discovered within the following programs.

PC Sync Manager  by Mobistel
www.mobistel.com
About 8% of users remove it
Phone Suite  by Donin Chang
www.arimacomm.com.tw
About 1% of users remove it
z3x shell 4.4.1  by z3x-team
z3x-team.com
About 7% of users remove it
 
Powered by Should I Remove It?

The file installdrv64.exe has been seen being distributed by the following 12 URLs.

https://doc-04-5s-docs.googleusercontent.com/docs/securesc/4cog7m9nru7a5m9i9gerdam5lgfu03hl/l13ca8shp83r7r12hebs11utke9iu87s/1472781600000/05019473353936302415/.../0B_NPobQbXPpnLTdja1Qtbl9tVkE?e=download

https://mega.nz/temporary/.../CNx2SAaB

https://mega.nz/persistent/.../PM5jBZLL

https://docviewer.yandex.ru/source?id=5ueq-75u5r9qr1s8t8wtdtemtmxh1webyr6pcxx72b4dtjdihxppqymigcny6el8vm3tbzeqq6i3dyx3e99vrscjn6yxqa0oaev9geir&archive-path=//installdrv64.exe&ts=152a9023f7e&token=znL6zPdUdZL9VaXxy7S3jQ==&name=MT6577 USB VCOM drivers.7z

https://mega.nz/temporary/.../UZ4SEBDT

https://docviewer.yandex.com/source?id=b67k2-51ph12brqe476pfhjyd4dnqibqm87avg6b3n92w1l7dfwmqcq2nf3cvcc9d4z0wj19kyqxe7sxc5wy3gudv8f0lda21tjyi8icl&archive-path=//Drivers_P780/.../installdrv64.exe&ts=1505b3c7bb3&token=BZj50XtlUD4j5CznpWZhbg==&name=Drivers_P780.zip

temp:installdrv64.exe

https://mega.nz/temporary/.../FkUSEAwS

https://docviewer.yandex.ua/source?id=8u8l-4teeuwbhxnc1r7azm5allt8aryy55e2s6y0aoekxapbyg912pk6a8e48k9qtb8cgmny957o3iy2cno1zfc4m60lvbd6v3djobpx&archive-path=//.../installdrv64.exe&ts=14f371fa25d&token=zNkG4IcmtETa95DyZh7DrA==&name=MT6589.zip

https://mega.nz/temporary/.../oRsXBKSD

https://mega.nz/temporary/.../PM5jBZLL

https://doc-08-4c-docsviewer.googleusercontent.com/viewer/securedownload/vnklm187cij9vdnuvviqkok7vb7ndsbb/rkeo5ip8lb4agfsh7lbv152im485jqhj/1399304700000/ZXhwbG9yZXI=/.../MEIxb3phTEVNNmhBQ1gzTlBXVFJLY0U1a1JqUQ==?a=dl&filename=USB VCOM Driver MT6589.zip&sec=AHSqida9Dpt9JjjtMUpZTpgRm-L_XYrcsACf7Axl6_WI9oEtn8Hoon1GSQROPMqy1TsDOI8lyglP&rel=zip;z7;installdrv64.exe

Remove installdrv64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.