Malware analysis driver-hub-install.exe Malicious activity

Add for printing

File name:	driver-hub-install.exe
Full analysis:	https://app.any.run/tasks/5a5cc2b1-d046-40c9-b65c-a65585885d45
Verdict:	Malicious activity
Analysis date:	April 10, 2026, 16:46:17
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:	auto generic
Indicators:
MIME:	application/vnd.microsoft.portable-executable
File info:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:	BBE50F050C7FB4A833EF8EC48B59E5CD
SHA1:	D7CF3CF327A25B2CD507106CFDA1B0EE587905A5
SHA256:	9CD82A50053EE9555D2B2DD68ACD0A52D998BF6299CDD46554EE1A57770CF6FE
SSDEEP:	12288:eushinDcVe6dGXZpM7pQfSe+v8Kk1P3r0yOTS423WBaQ7DY9dz3HSBI:ginIV3dIMKfSe+v8Kk13wZS423NwM9n

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

Client LanguagePack Package
Client Refresh LanguagePack Package
CodecPack Basic Package
Foundation Package
IE Hyphenation Parent Package English
IE Spelling Parent Package English
IE Troubleshooters Package
InternetExplorer Optional Package
InternetExplorer Package TopLevel
KB2479943
KB2491683
KB2506212
KB2506928
KB2532531
KB2533552
KB2533623
KB2534111
KB2545698
KB2547666
KB2552343
KB2560656
KB2564958
KB2574819
KB2579686
KB2585542
KB2604115
KB2620704
KB2621440
KB2631813
KB2639308
KB2640148
KB2653956
KB2654428
KB2656356
KB2660075
KB2667402
KB2676562
KB2685811
KB2685813
KB2685939
KB2690533
KB2698365
KB2705219
KB2719857
KB2726535
KB2727528
KB2729094
KB2729452
KB2731771
KB2732059
KB2736422
KB2742599
KB2750841
KB2758857
KB2761217
KB2770660
KB2773072
KB2786081
KB2789645
KB2799926
KB2800095
KB2807986
KB2808679
KB2813347
KB2813430
KB2820331
KB2834140
KB2836942
KB2836943
KB2840631
KB2843630
KB2847927
KB2852386
KB2853952
KB2857650
KB2861698
KB2862152
KB2862330
KB2862335
KB2864202
KB2868038
KB2871997
KB2872035
KB2884256
KB2891804
KB2893294
KB2893519
KB2894844
KB2900986
KB2908783
KB2911501
KB2912390
KB2918077
KB2919469
KB2923545
KB2931356
KB2937610
KB2943357
KB2952664
KB2968294
KB2970228
KB2972100
KB2972211
KB2973112
KB2973201
KB2977292
KB2978120
KB2978742
KB2984972
KB2984976
KB2984976 SP1
KB2985461
KB2991963
KB2992611
KB2999226
KB3004375
KB3006121
KB3006137
KB3010788
KB3011780
KB3013531
KB3019978
KB3020370
KB3020388
KB3021674
KB3021917
KB3022777
KB3023215
KB3030377
KB3031432
KB3035126
KB3037574
KB3042058
KB3045685
KB3046017
KB3046269
KB3054476
KB3055642
KB3059317
KB3060716
KB3061518
KB3067903
KB3068708
KB3071756
KB3072305
KB3074543
KB3075226
KB3078667
KB3080149
KB3086255
KB3092601
KB3093513
KB3097989
KB3101722
KB3102429
KB3102810
KB3107998
KB3108371
KB3108664
KB3109103
KB3109560
KB3110329
KB3115858
KB3118401
KB3122648
KB3123479
KB3126587
KB3127220
KB3133977
KB3137061
KB3138378
KB3138612
KB3138910
KB3139398
KB3139914
KB3140245
KB3147071
KB3150220
KB3150513
KB3155178
KB3156016
KB3159398
KB3161102
KB3161949
KB3170735
KB3172605
KB3179573
KB3184143
KB3185319
KB4019990
KB4040980
KB4474419
KB4490628
KB4524752
KB4532945
KB4536952
KB4567409
KB958488
KB976902
KB982018
LocalPack AU Package
LocalPack CA Package
LocalPack GB Package
LocalPack US Package
LocalPack ZA Package
Package 21 for KB2984976
Package 38 for KB2984976
Package 45 for KB2984976
Package 59 for KB2984976
Package 7 for KB2984976
Package 76 for KB2984976
PlatformUpdate Win7 SRV08R2 Package TopLevel
ProfessionalEdition
RDP BlueIP Package TopLevel
RDP WinIP Package TopLevel
RollupFix
UltimateEdition
WUClient SelfUpdate ActiveX
WUClient SelfUpdate Aux TopLevel
WUClient SelfUpdate Core TopLevel
WinMan WinIP Package TopLevel

Add for printing

MALICIOUS
- GENERIC has been found (auto)
  - driver-hub-install.exe (PID: 2012)
SUSPICIOUS
- Reads the Internet Settings
  - driver-hub-install.exe (PID: 2012)
  - DriverHub.exe (PID: 528)
  - DriverHub.exe (PID: 3676)
- Reads settings of System Certificates
  - driver-hub-install.exe (PID: 2012)
- The process drops C-runtime libraries
  - driver-hub-install.exe (PID: 2012)
- Executable content was dropped or overwritten
  - driver-hub-install.exe (PID: 2012)
- Searches for installed software
  - driver-hub-install.exe (PID: 2012)
INFO
- Reads the computer name
  - driver-hub-install.exe (PID: 2012)
  - DriverHub.exe (PID: 3676)
  - DriverHub.exe (PID: 528)
- Reads the machine GUID from the registry
  - driver-hub-install.exe (PID: 2012)
  - DriverHub.exe (PID: 528)
  - DriverHub.exe (PID: 3676)
- Checks supported languages
  - driver-hub-install.exe (PID: 2012)
  - DriverHub.exe (PID: 3676)
  - DriverHub.exe (PID: 528)
- Reads Environment values
  - driver-hub-install.exe (PID: 2012)
- Disables trace logs
  - driver-hub-install.exe (PID: 2012)
- The sample compiled with english language support
  - driver-hub-install.exe (PID: 2012)
- Creates files or folders in the user directory
  - driver-hub-install.exe (PID: 2012)
- Creates a software uninstall entry
  - driver-hub-install.exe (PID: 2012)
- Create files in a temporary directory
  - driver-hub-install.exe (PID: 2012)
- Reads security settings of Internet Explorer
  - driver-hub-install.exe (PID: 2012)
- Manual execution by a user
  - DriverHub.exe (PID: 528)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win64 Executable (generic) (64.6)
.dll	\|	Win32 Dynamic Link Library (generic) (15.4)
.exe	\|	Win32 Executable (generic) (10.5)
.exe	\|	Generic Win/DOS Executable (4.6)
.exe	\|	DOS Executable Generic (4.6)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2026:03:24 11:45:06+00:00
ImageFileCharacteristics:	Executable, Large address aware
PEType:	PE32
LinkerVersion:	48
CodeSize:	730112
InitializedDataSize:	85504
UninitializedDataSize:	-
EntryPoint:	0xb435e
OSVersion:	4
ImageVersion:	-
SubsystemVersion:	6
Subsystem:	Windows GUI
FileVersionNumber:	4.5.3.0
ProductVersionNumber:	4.5.3.0
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	Neutral
CharacterSet:	Unicode
Comments:	-
CompanyName:	ОБЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ РОСТПЭЙ
FileDescription:	DriverHub Installer
FileVersion:	4.5.3.0
InternalName:	DriverHubInstaller.exe
LegalCopyright:	© ОБЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ РОСТПЭЙ. All rights reserved.
LegalTrademarks:	-
OriginalFileName:	DriverHubInstaller.exe
ProductName:	DriverHub
ProductVersion:	4.5.3.0
AssemblyVersion:	4.5.3.0

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

528

"C:\Users\admin\AppData\Local\Programs\DriverHub\DriverHub.exe"

C:\Users\admin\AppData\Local\Programs\DriverHub\DriverHub.exe

explorer.exe

User:

admin

Company:

ОБЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ РОСТПЭЙ

Integrity Level:

MEDIUM

Description:

DriverHub

Exit code:

3762504530

Version:

2.0.2.0

Modules

Images
c:\users\admin\appdata\local\programs\driverhub\driverhub.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll

2012

"C:\Users\admin\AppData\Local\Temp\driver-hub-install.exe"

C:\Users\admin\AppData\Local\Temp\driver-hub-install.exe

explorer.exe

User:

admin

Company:

ОБЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ РОСТПЭЙ

Integrity Level:

MEDIUM

Description:

DriverHub Installer

Exit code:

Version:

4.5.3.0

Modules

Images
c:\users\admin\appdata\local\temp\driver-hub-install.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll

3676

"C:\Users\admin\AppData\Local\Programs\DriverHub\DriverHub.exe"

C:\Users\admin\AppData\Local\Programs\DriverHub\DriverHub.exe

driver-hub-install.exe

User:

admin

Company:

ОБЩЕСТВО С ОГРАНИЧЕННОЙ ОТВЕТСТВЕННОСТЬЮ РОСТПЭЙ

Integrity Level:

MEDIUM

Description:

DriverHub

Exit code:

3489660927

Version:

2.0.2.0

Modules

Images
c:\users\admin\appdata\local\programs\driverhub\driverhub.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll

Add for printing

Total events

5 852

Read events

5 799

Write events

Delete events

Modification events


(PID) Process:	(2012) driver-hub-install.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:	write	Name:	Name
Value: driver-hub-install.exe
(PID) Process:	(2012) driver-hub-install.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\driver-hub-install_RASAPI32
Operation:	write	Name:	EnableFileTracing
Value: 0
(PID) Process:	(2012) driver-hub-install.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\driver-hub-install_RASAPI32
Operation:	write	Name:	EnableConsoleTracing
Value: 0
(PID) Process:	(2012) driver-hub-install.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\driver-hub-install_RASAPI32
Operation:	write	Name:	FileTracingMask
Value:
(PID) Process:	(2012) driver-hub-install.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\driver-hub-install_RASAPI32
Operation:	write	Name:	ConsoleTracingMask
Value:
(PID) Process:	(2012) driver-hub-install.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\driver-hub-install_RASAPI32
Operation:	write	Name:	MaxFileSize
Value: 1048576
(PID) Process:	(2012) driver-hub-install.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\driver-hub-install_RASAPI32
Operation:	write	Name:	FileDirectory
Value: %windir%\tracing
(PID) Process:	(2012) driver-hub-install.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\driver-hub-install_RASMANCS
Operation:	write	Name:	EnableFileTracing
Value: 0
(PID) Process:	(2012) driver-hub-install.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\driver-hub-install_RASMANCS
Operation:	write	Name:	EnableConsoleTracing
Value: 0
(PID) Process:	(2012) driver-hub-install.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\driver-hub-install_RASMANCS
Operation:	write	Name:	FileTracingMask
Value:

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
2012	driver-hub-install.exe	C:\Users\admin\AppData\Local\Programs\DriverHub\Credits.txt		text
		MD5:6A43259C07E4578B58A9129B52B2F15F	SHA256:F7ECE4C1A73E8AD280C42CF9CE77EA7FDEDF2F585A59B2246F50BAE8B171DE0A
2012	driver-hub-install.exe	C:\Users\admin\AppData\Local\Programs\DriverHub\DriverHubUninstaller.exe		executable
		MD5:04D1EAF7D303B838836CB79FE2C0B65F	SHA256:79295CA6859EFC1B5CBC822A93067F61A3B8364FCB0DADB31C04102EC4E9AB07
2012	driver-hub-install.exe	C:\Users\admin\AppData\Local\Programs\DriverHub\DILib.dll		executable
		MD5:1B46DDDE584CB25AF4A893927FD0DBC9	SHA256:38FE70E5775D5422951A4187958CDE07CCA28825C662078352392AD6A25F031F
2012	driver-hub-install.exe	C:\Users\admin\AppData\Local\Programs\DriverHub\DriverInstaller32.exe		executable
		MD5:914DED5E145527F6FA37EE8D38B7DED8	SHA256:32E35BF1AE587B0D0100D339CC2B9E45D3A4DDEB0D82099291F21BE5FEA2FE4B
2012	driver-hub-install.exe	C:\Users\admin\AppData\Local\Programs\DriverHub\DriverHub.exe		executable
		MD5:B306741D1E8855C538B84C227F2E10A7	SHA256:E7F65BF3A5280D12D80FE0C33D6F5A4DA6C1DB4F5DA4393488D6232B4BC06873
2012	driver-hub-install.exe	C:\Users\admin\AppData\Local\Programs\DriverHub\Images\DriverHubLogo.png		image
		MD5:451B153070269850DA133D4E493A1BD6	SHA256:91D221FE4045038100274A1A32F8155C0195517C51A712B1F742A4F5BBB45E4B
2012	driver-hub-install.exe	C:\Users\admin\AppData\Local\Programs\DriverHub\vcruntime140.dll		executable
		MD5:C33386A6E67BE415A24D9C431FFD42AC	SHA256:EB5B47CCEDDB4A45E059C1E1FCD2EFB016CB2BD9FE1FC0FD3F4C3C4CAB04153A
2012	driver-hub-install.exe	C:\Users\admin\AppData\Local\Programs\DriverHub\PDInterface.dll		executable
		MD5:A494C22140B8F20669EB8CCAE69492DF	SHA256:3B6410E49D39F0A8BB87B9DE50775ADF61704DEFAB8505AC47AED87A8807F408
2012	driver-hub-install.exe	C:\Users\admin\AppData\Local\Programs\DriverHub\x64\vcruntime140.dll		executable
		MD5:E9B690FBE5C4B96871214379659DD928	SHA256:A06C9EA4F815DAC75D2C99684D433FBFC782010FAE887837A03F085A29A217E8
2012	driver-hub-install.exe	C:\Users\admin\AppData\Local\Programs\DriverHub\x64\DriverInstaller.exe		executable
		MD5:37DAD55ED6487D7F5A5383441BC3A732	SHA256:A10B380501CA6DC55ECC20E0A6DA5A85EEDF1D8508442941EB5184D5C4E6E47F

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
2012	driver-hub-install.exe	HEAD	301	188.130.153.32:443	https://drvhub.net/products/free/download	RU	—	—	unknown
2012	driver-hub-install.exe	HEAD	200	188.130.153.32:443	https://www.drvhub.net/products/free/download	RU	—	—	unknown
2012	driver-hub-install.exe	GET	301	188.130.153.32:443	https://drvhub.net/products/free/download	RU	html	426 b	unknown
2012	driver-hub-install.exe	GET	301	188.130.153.32:443	https://drvhub.net/products/free/download	RU	html	426 b	unknown
2012	driver-hub-install.exe	GET	206	188.130.153.32:443	https://<NULL>/products/free/download	RU	binary	193 Kb	unknown
2012	driver-hub-install.exe	GET	206	188.130.153.32:443	https://<NULL>/products/free/download	RU	binary	193 Kb	unknown
2012	driver-hub-install.exe	GET	206	188.130.153.32:443	https://<NULL>/products/free/download	RU	binary	193 Kb	unknown
2012	driver-hub-install.exe	GET	301	188.130.153.32:443	https://drvhub.net/products/free/download	RU	html	426 b	unknown
2012	driver-hub-install.exe	GET	206	188.130.153.32:443	https://<NULL>/products/free/download	RU	binary	193 Kb	unknown
2012	driver-hub-install.exe	GET	301	188.130.153.32:443	https://drvhub.net/products/free/download	RU	html	426 b	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:137	—	Not routed	—	whitelisted
—	—	224.0.0.252:5355	—	—	—	whitelisted
4	System	192.168.100.255:138	—	Not routed	—	whitelisted
1092	svchost.exe	224.0.0.252:5355	—	—	—	whitelisted
2012	driver-hub-install.exe	188.130.153.32:443	api.az-partners.net	ROSTPAY-AS	RU	whitelisted

DNS requests

Domain	IP	Reputation
google.com	142.251.20.113 142.251.20.139 142.251.20.100 142.251.20.101 142.251.20.102 142.251.20.138	whitelisted
api.az-partners.net	188.130.153.32	unknown
drvhub.net	188.130.153.32 188.130.153.33	whitelisted
www.drvhub.net	188.130.153.32 188.130.153.33	unknown

Threats

No threats detected

Add for printing

No debug info

General Info

driver-hub-install.exe

BBE50F050C7FB4A833EF8EC48B59E5CD

D7CF3CF327A25B2CD507106CFDA1B0EE587905A5

9CD82A50053EE9555D2B2DD68ACD0A52D998BF6299CDD46554EE1A57770CF6FE

12288:eushinDcVe6dGXZpM7pQfSe+v8Kk1P3r0yOTS423WBaQ7DY9dz3HSBI:ginIV3dIMKfSe+v8Kk13wZS423NwM9n

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

GENERIC has been found (auto)

SUSPICIOUS

Reads the Internet Settings

Reads settings of System Certificates

The process drops C-runtime libraries

Executable content was dropped or overwritten

Searches for installed software

INFO

Reads the computer name

Reads the machine GUID from the registry

Checks supported languages

Reads Environment values

Disables trace logs

The sample compiled with english language support

Creates files or folders in the user directory

Creates a software uninstall entry

Create files in a temporary directory

Reads security settings of Internet Explorer

Manual execution by a user

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings