» drvhandler.exe
Overview
Analysis
File Details
Behaviors (1)

drvhandler.exe

Drivers Handler

The executable drvhandler.exe has been detected as malware by 29 anti-virus scanners.

File name:

drvhandler.exe

Product:

Drivers Handler

Version:

1.0.0.0

MD5:

551ff11ff8e312ec4a381a47d9a2a6f5

SHA-1:

a62d046e311a0a50b8ec6933ecb7321304f62fda

SHA-256:

2f326ead6e83eed74d5f5cbd592d1c7e57c9b921c004c222186af9df6a5538f1

Scanner detections:

29 / 68

Status:

Malware

Analysis date:

4/19/2024 2:49:34 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.101843

375

Agnitum Outpost

Trojan.Agent

7.1.1

AhnLab V3 Security

Trojan/Win32.Agent

2015.05.15

Avira AntiVirus

TR/ATRAPS.Gen

8.3.1.6

avast!

Win32:Malware-gen

2014.9-160125

AVG

MSIL4

2017.0.2853

Baidu Antivirus

Trojan.MSIL.Agent

4.0.3.16125

Bitdefender

Gen:Variant.Zusy.101843

1.0.20.125

Clam AntiVirus

Win.Trojan.Agent-795397

0.98/21511

Dr.Web

Trojan.DownLoader11.38015

9.0.1.025

Emsisoft Anti-Malware

Gen:Variant.Zusy.101843

8.16.01.25.02

ESET NOD32

MSIL/Agent.PJE (variant)

10.11626

Fortinet FortiGate

MSIL/Agent.PJE!tr

1/25/2016

F-Secure

Gen:Variant.Zusy.101843

11.2016-25-01_2

G Data

Gen:Variant.Zusy.101843

16.1.25

IKARUS anti.virus

Trojan-Dropper.Win32.Dapato

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.203.15910

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.762

Malwarebytes

Backdoor.Bot

v2016.01.25.02

McAfee

Bot-FKS!551FF11FF8E3

5600.6509

MicroWorld eScan

Gen:Variant.Zusy.101843

17.0.0.75

NANO AntiVirus

Trojan.Win32.ATRAPS.dkkqom

0.30.24.1357

Norman

BlueBotnet.PDB

11.20160125

Panda Antivirus

Trj/Zbot.M

16.01.25.02

Rising Antivirus

PE:Trojan.Win32.Generic.18A1DF23!413261603

23.00.65.16123

Sophos

Mal/Generic-S

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Zusy

9364

Vba32 AntiVirus

Trojan.MSIL.gen.b.7

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

40224

File size:

38.7 KB (39,678 bytes)

Product version:

1.0.0.0

Original file name:

file.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\ProgramData\microsoft\windows\start menu\programs\startup\drvhandler.exe

File PE Metadata

Compilation timestamp:

8/29/2014 1:08:35 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:P9r8vm0w2Fsd1eWBJVvz0X+8hgzuhjZd6XhkhGhDY6r1dQrLhx56ZVz9sYcpAvEl:Pavxw2uJ6Xh6CBnwiAhY6r1dQrL/56Zi

Entry address:

0x998E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.4455

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

30.5 KB (31,232 bytes)

All Users Start Menu Item

Name:

drvhandler.exe

Remove drvhandler.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.