Should I remove “Downloader.Win32.DriverHub.cd”?

The Downloader.Win32.DriverHub.cd is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Downloader.Win32.DriverHub.cd virus can do?

Sample contains Overlay data
CAPE extracted potentially suspicious content
Authenticode signature is invalid

How to determine Downloader.Win32.DriverHub.cd?


File Info:
name: 3CEAA16829F41E067714.mlw
path: /opt/CAPEv2/storage/binaries/e0b15130b61397fd8ab9a7aa50bdbdb4502b6735e8b755758b993404c89916c9
crc32: 77746A4D
md5: 3ceaa16829f41e0677142a53fd1d25b3
sha1: e7acd49303812175ccdbaecf05fa62662384fafb
sha256: e0b15130b61397fd8ab9a7aa50bdbdb4502b6735e8b755758b993404c89916c9
sha512: 46d9be20f2e2917b51d45ea5cf9ec7f67c5a9c6bd2bb30434be89ea591ce7da9ac43df128b4cb3092c47a55b24a2529ed2baf565f20c3cdf1bcee02b1e6ec34a
ssdeep: 98304:PZkRcZ0wIkp+ebyTMxx326zhrXdO7oSNGfdMsPVN9KeOfb8e5laNi/TFfRPCuu3:PwTsB261cdsAvT8e5ai/TF99u3
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T108768E107642C526DBB052F1CD299BA687787D2C5FF641DB72842EFE64303D2393AB26
sha3_384: 61980ca7bc43842c7f0d95bb06350351becacec650f3897f44fac27a3d328e5414bc5622aa2c30bba410ccd57fba45a9
ep_bytes: e873120000e97afeffffe9ed0f0000e8
timestamp: 2020-12-04 12:32:30

Version Info:
Comments: VideoFromDownloader
CompanyName: Rostpay ltd.
FileDescription: VideoFromDownloader
FileVersion: 0.11.8.2942
InternalName: VideoFrom
LegalCopyright: (C)2020 Rostpay ltd.
OriginalFilename: 
ProductName: VideoFromDownloader
ProductVersion: 0.11.8.2942
Translation: 0x0409 0x04b0

Downloader.Win32.DriverHub.cd also known as:

Bkav	W32.Common.F93D3137
Lionic	Riskware.Win32.Rostpay.1!c
Skyhigh	BehavesLike.Win32.BadFile.wh
McAfee	Artemis!3CEAA16829F4
Malwarebytes	PUP.Optional.Rostpay
Sangfor	Trojan.Win32.Rostpay.V12e
K7AntiVirus	Adware ( 005737731 )
K7GW	Adware ( 005737731 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Rostpay.G potentially unwanted
Kaspersky	not-a-virus:Downloader.Win32.DriverHub.cd
Rising	Trojan.Generic@AI.81 (RDML:HkD8Yd9hhtiOv/2aO42S9Q)
Trapmine	suspicious.low.ml.score
Sophos	Generic Reputation PUA (PUA)
Microsoft	Trojan:Win32/Wacatac.A!ml
ZoneAlarm	not-a-virus:Downloader.Win32.DriverHub.cd
VBA32	BScope.Downloader.Softrary
Cylance	unsafe
Ikarus	PUA.Yandex
Fortinet	Riskware/Rostpay
DeepInstinct	MALICIOUS

How to remove Downloader.Win32.DriverHub.cd?

Downloader.Win32.DriverHub.cd removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X