PUA

PUA:Win32/DriverUpdater information

Malware Removal

The PUA:Win32/DriverUpdater is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PUA:Win32/DriverUpdater virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Collects information about installed applications

How to determine PUA:Win32/DriverUpdater?



File Info:

name: 1D653FF4665E321DD3BB.mlw
path: /opt/CAPEv2/storage/binaries/c429da49c3257aef121d8d0bdce144cd311f578f8ac22a06056a87b3bd5d7178
crc32: 70371509
md5: 1d653ff4665e321dd3bb35acc8778729
sha1: 780fe29e0ed8c66930a51171be986bd1e7f2bd13
sha256: c429da49c3257aef121d8d0bdce144cd311f578f8ac22a06056a87b3bd5d7178
sha512: 1482b9e089fd1028c965bc3e22801190bef8f579ec7253d48a117682299ef1a7eeb5e1c99dd5ffb5bb0d54dc857f56ae05f2ea6689261b93f0d4576175c0cbe3
ssdeep: 98304:XVLnQfUwar47KHRKE8w19aczA0nc3Q+yKO9+5G2xyz:R4+xGw+czA0np+yKO86z
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A1E512655C89B8A2C0DD483EC1AF3AB611375FF0D87A0647DA7C3C6D397AA876237610
sha3_384: 76f38ea85528794576be5db2360724a04986820d400754e62609e4ee27a074b4e73f0a7fc002b09bacea167d1e14beac
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2009-12-05 22:50:46


Version Info:

CompanyName: diakov.net
FileDescription: Avast Driver Updater 2.5.6
FileVersion: 2.5.6.0
Translation: 0x0419 0x04e3

PUA:Win32/DriverUpdater also known as:

CylanceUnsafe
SangforCoinMiner.Win32.Agent.mt
ESET-NOD32multiple detections
APEXMalicious
AvastWin32:Adware-gen [Adw]
Kasperskynot-a-virus:UDS:AdWare.NSIS.Agent.kq
DrWebProgram.Unwanted.4851
ZillyaAdware.Agent.Win32.149589
McAfee-GW-EditionBehavesLike.Win32.Dropper.wc
SophosGeneric PUA HI (PUA)
Antiy-AVLTrojan/Generic.ASMalwS.2D04C32
ViRobotAdware.Agent.3319287
MicrosoftPUA:Win32/DriverUpdater
McAfeeArtemis!1D653FF4665E
VBA32Adware.Agent
MalwarebytesMalware.AI.4288351331
TrendMicro-HouseCallTROJ_GEN.R002H07GT21
eGambitUnsafe.AI_Score_71%
FortinetRiskware/UwS_SlimDrivers
AVGWin32:Adware-gen [Adw]

How to remove PUA:Win32/DriverUpdater?

PUA:Win32/DriverUpdater removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment