home

sdi64-drv.exe

Snappy Driver Installer

www.SamLab.ws

The application sdi64-drv.exe by www.SamLab.ws has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. While running, it connects to the Internet address bfbd14da.virtua.com.br on port 15462.
Publisher:
www.SamLab.ws  (signed and verified)

Product:
Snappy Driver Installer

Version:
0.3 R526

MD5:
1afe43aec6cde4b2441a43f07440d0ee

SHA-1:
9b5b99d9e541758159008ecfc367e9a123a3743a

SHA-256:
2feeadd8de202e0f17e1a01f0c99249cb6d79fd23c021e4ece8d30cf52117a62

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/28/2024 2:41:44 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.12.11.11

File size:
1.5 MB (1,576,664 bytes)

Product version:
R526

Copyright:
GNU GPL v3

Original file name:
SDI_R526.exe

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\downloads\драивера\sdi64-drv.exe

Digital Signature
Signed by:
www.SamLab.ws

Authority:
www.SamLab.ws

Valid from:
3/8/2013 8:04:50 AM

Valid to:
1/1/2040 8:59:59 AM

Subject:
CN=www.SamLab.ws

Issuer:
CN=www.SamLab.ws

Serial number:
0F1AFC86B8806ABD46FF618899B7F7D9

File PE Metadata
Compilation timestamp:
12/8/2016 5:47:27 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
2.25

Entry address:
0x4FD3E0

Entry point:
53, 56, 57, 55, 48, 8D, 35, 3A, 5C, E8, FF, 48, 8D, BE, DB, DF, C7, FF, 48, 8D, 87, DC, BF, 4B, 00, FF, 30, C7, 00, 1C, 81, 65, B7, 50, 57, B8, 78, B1, 4F, 00, 50, 48, 89, E1, 48, 89, FA, 48, 89, F7, BE, AB, A3, 17, 00, 55, 48, 89, E5, 44, 8B, 09, 49, 89, D0, 48, 89, F2, 48, 8D, 77, 02, 56, 8A, 07, FF, CA, 88, C1, 24, 07, C0, E9, 03, 48, C7, C3, 00, FD, FF, FF, 48, D3, E3, 88, C1, 48, 8D, 9C, 5C, 88, F1, FF, FF, 48, 83, E3, C0, 6A, 00, 48, 39, DC, 75, F9, 53, 48, 8D, 7B, 08, 8A, 4E, FF, FF, CA, 88, 47, 02...
 
[+]

Code size:
1.5 MB (1,556,480 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to broadband-37.204-168-1.moscow.rt.ru  (37.204.168.1:16881)

TCP:
Connects to v-142755-unlim.vpn.mgn.ru  (188.68.213.16:33376)

TCP:
Connects to USER-Åè  (195.189.70.212:33151)

TCP:
Connects to pppoe-77-234-30-135.kosnet.ru  (77.234.30.135:41481)

TCP:
Connects to p5DEB5517.dip0.t-ipconnect.de  (93.235.85.23:61404)

TCP:
Connects to net176113016037.pskovline.ru  (176.113.16.37:51413)

TCP:
Connects to mail.prokservis.ru  (195.206.45.10:5000)

TCP:
Connects to host-156.199.187.235-static.tedata.net  (156.199.235.187:55512)

TCP:
Connects to clients.gtk.su  (91.151.203.30:46912)

TCP:
Connects to cable-251-108.cgates.lt  (79.133.254.108:17121)

TCP:
Connects to broadband-94-241-2-196.atc.tvcom.ru  (94.241.2.196:61658)

TCP:
Connects to broadband-188-32-174-102.moscow.rt.ru  (188.32.174.102:13279)

TCP:
Connects to bfbd14da.virtua.com.br  (191.189.20.218:15462)

TCP:
Connects to 88x87x92x61.static-customer.volgograd.ertelecom.ru  (88.87.92.61:62714)

TCP:
Connects to 31-220-160-169.rdtc.ru  (31.220.160.169:50336)

TCP:
Connects to 220-111-207-82.ip.ukrtel.net  (82.207.111.220:35816)

TCP:
Connects to 20.182.ptr.deozal.ru  (95.129.182.20:8999)

TCP:
Connects to 187-111-6-50.gotelecom.com.br  (187.111.6.50:24417)

TCP:
Connects to 178-16-157-254.obit.ru  (178.16.157.254:33151)

TCP:
Connects to 176-102-28-17-ptr.inmart.net.ua  (176.102.28.17:8999)

Remove sdi64-drv.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.