home

installdrv64.exe

The executable installdrv64.exe has been detected as malware by 7 anti-virus scanners. This is a setup program which is used to install the application. This file is typically installed with the program Phone Suite by Donin Chang. The file has been seen being downloaded from doc-04-5s-docs.googleusercontent.com and multiple other hosts.
MD5:
b9a724abbba96c6b4c0d68f781f00257

SHA-1:
ff95c918708cf51d9110f3d9981d466903c1a222

SHA-256:
73c2f9b8e652699c583e469059c41f05c95206a01d215896c49355f78d0d7fb4

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
4/19/2024 1:56:47 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
W32/Slugin.A
7.11.217.198

avast!
Win32:Patched-HO [Trj]
2014.9-150522

Dr.Web
Trojan.MulDrop3.48024
9.0.1.0142

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.2002

Microsoft Security Essentials
Virus:Win32/Slugin.A!dll
1.1.11400.0

Norman
Troj_Generic.WUWEV
11.20150522

Reason Heuristics
Threat.Win.Reputation.IMP
15.5.22.10

File size:
32.5 KB (33,280 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\driver\installdrv64.exe

File PE Metadata
Compilation timestamp:
4/13/2007 3:03:32 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
384:5Y0LC+UKkohvpoL56qpny00mKgW+zOX7aordlkEIRfzK1my0kFiKlL/oRu:CvTKKL56Sy03LfzOrXdlCg0aiALw4

Entry address:
0x1DE0

Entry point:
48, 83, EC, 38, 48, 89, 5C, 24, 50, 48, 89, 7C, 24, 58, FF, 15, 2C, F2, FF, FF, 48, 8B, C8, 33, D2, 41, B8, 94, 00, 00, 00, FF, 15, 13, F2, FF, FF, 48, 8B, D8, 48, 85, C0, 75, 0A, B8, FF, 00, 00, 00, E9, 04, 02, 00, 00, C7, 00, 94, 00, 00, 00, 48, 8B, C8, FF, 15, EA, F1, FF, FF, 85, C0, 75, 1E, FF, 15, F0, F1, FF, FF, 48, 8B, C8, 4C, 8B, C3, 33, D2, FF, 15, CA, F1, FF, FF, B8, FF, 00, 00, 00, E9, D3, 01, 00, 00, 8B, 43, 10, 89, 05, 53, 6B, 00, 00, 8B, 43, 04, 89, 05, 56, 6B, 00, 00, 8B, 43, 08, 89, 05, 51...
 
[+]

Code size:
27 KB (27,648 bytes)

The file installdrv64.exe has been discovered within the following programs.

PC Sync Manager  by Mobistel
www.mobistel.com
About 8% of users remove it
Phone Suite  by Donin Chang
www.arimacomm.com.tw
About 1% of users remove it
z3x shell 4.4.1  by z3x-team
z3x-team.com
About 7% of users remove it
 
Powered by Should I Remove It?

The file installdrv64.exe has been seen being distributed by the following 12 URLs.

https://doc-04-5s-docs.googleusercontent.com/docs/securesc/4cog7m9nru7a5m9i9gerdam5lgfu03hl/l13ca8shp83r7r12hebs11utke9iu87s/1472781600000/05019473353936302415/.../0B_NPobQbXPpnLTdja1Qtbl9tVkE?e=download

https://mega.nz/temporary/.../CNx2SAaB

https://mega.nz/persistent/.../PM5jBZLL

https://docviewer.yandex.ru/source?id=5ueq-75u5r9qr1s8t8wtdtemtmxh1webyr6pcxx72b4dtjdihxppqymigcny6el8vm3tbzeqq6i3dyx3e99vrscjn6yxqa0oaev9geir&archive-path=//installdrv64.exe&ts=152a9023f7e&token=znL6zPdUdZL9VaXxy7S3jQ==&name=MT6577 USB VCOM drivers.7z

https://mega.nz/temporary/.../UZ4SEBDT

https://docviewer.yandex.com/source?id=b67k2-51ph12brqe476pfhjyd4dnqibqm87avg6b3n92w1l7dfwmqcq2nf3cvcc9d4z0wj19kyqxe7sxc5wy3gudv8f0lda21tjyi8icl&archive-path=//Drivers_P780/.../installdrv64.exe&ts=1505b3c7bb3&token=BZj50XtlUD4j5CznpWZhbg==&name=Drivers_P780.zip

temp:installdrv64.exe

https://mega.nz/temporary/.../FkUSEAwS

https://docviewer.yandex.ua/source?id=8u8l-4teeuwbhxnc1r7azm5allt8aryy55e2s6y0aoekxapbyg912pk6a8e48k9qtb8cgmny957o3iy2cno1zfc4m60lvbd6v3djobpx&archive-path=//.../installdrv64.exe&ts=14f371fa25d&token=zNkG4IcmtETa95DyZh7DrA==&name=MT6589.zip

https://mega.nz/temporary/.../oRsXBKSD

https://mega.nz/temporary/.../PM5jBZLL

https://doc-08-4c-docsviewer.googleusercontent.com/viewer/securedownload/vnklm187cij9vdnuvviqkok7vb7ndsbb/rkeo5ip8lb4agfsh7lbv152im485jqhj/1399304700000/ZXhwbG9yZXI=/.../MEIxb3phTEVNNmhBQ1gzTlBXVFJLY0U1a1JqUQ==?a=dl&filename=USB VCOM Driver MT6589.zip&sec=AHSqida9Dpt9JjjtMUpZTpgRm-L_XYrcsACf7Axl6_WI9oEtn8Hoon1GSQROPMqy1TsDOI8lyglP&rel=zip;z7;installdrv64.exe

Remove installdrv64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.