Summary

ASUS-DriverHub-Installer.exe

File ASUS-DriverHub-Installer.exe

Summary
Download Resubmit sample

Size 4.9MB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 076dfa6a182ee2dcff5b9d7ea2c6e307
SHA1 376950ac7211d447858ae7c29aae84493073aebc
SHA256 17714dc5c3c82f8d69cd4973716dec84ead5b51393e84e46326ae359cbb26fbf
SHA512
c02ddb9197b377e183d8ec1bb938dbce8a61386b0f9ed43c256446bd1cb3988fd8c36f0b87661157063540bf3b6023fac8f693fedc8f1bc122d75648f520998f
CRC32 2C91D1F6
ssdeep None
PDB Path D:\Jenkins\workspace\sw\CopycatAgent\installer\x64\Release\ASUS-DriverHub-Installer.pdb
Yara
  • Check_OutputDebugStringA_iat - (no description)
  • anti_dbg - Checks if being debugged
  • win_mutex - Create or check mutex
  • win_files_operation - Affect private profile

Score

This file shows some signs of potential malicious behavior.

The score of this file is 1.3 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

7469966

7469967

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE March 1, 2026, 4:49 p.m. March 1, 2026, 4:50 p.m. 69 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2026-03-01 15:49:22,015 [analyzer] DEBUG: Starting analyzer from: C:\tmp4w2pkt
2026-03-01 15:49:22,030 [analyzer] DEBUG: Pipe server name: \??\PIPE\jscntLhTYUbbizVUGMol
2026-03-01 15:49:22,030 [analyzer] DEBUG: Log pipe server name: \??\PIPE\vhOzQsSITeMyqoxZJwKaerZZjH
2026-03-01 15:49:22,296 [analyzer] DEBUG: Started auxiliary module Curtain
2026-03-01 15:49:22,296 [analyzer] DEBUG: Started auxiliary module DbgView
2026-03-01 15:49:22,671 [analyzer] DEBUG: Started auxiliary module Disguise
2026-03-01 15:49:22,858 [analyzer] DEBUG: Loaded monitor into process with pid 508
2026-03-01 15:49:22,858 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2026-03-01 15:49:22,858 [analyzer] DEBUG: Started auxiliary module Human
2026-03-01 15:49:22,858 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2026-03-01 15:49:22,858 [analyzer] DEBUG: Started auxiliary module Reboot
2026-03-01 15:49:22,921 [analyzer] DEBUG: Started auxiliary module RecentFiles
2026-03-01 15:49:22,921 [analyzer] DEBUG: Started auxiliary module Screenshots
2026-03-01 15:49:22,921 [analyzer] DEBUG: Started auxiliary module Sysmon
2026-03-01 15:49:22,921 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2026-03-01 15:49:23,078 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\ASUS-DriverHub-Installer.exe' with arguments '' and pid 1684
2026-03-01 15:49:23,312 [analyzer] DEBUG: Loaded monitor into process with pid 1684
2026-03-01 15:49:23,421 [analyzer] INFO: Added new file to list with pid 1684 and path C:\ProgramData\ASUS\AsusDriverHub\Log\ASUS-DriverHub-Installer.log
2026-03-01 15:49:23,578 [analyzer] INFO: Added new file to list with pid 1684 and path C:\Program Files\ASUS\AsusDriverHubInstaller\TempWorkingDirectory\data.zip
2026-03-01 15:50:07,806 [analyzer] INFO: Added new file to list with pid 1684 and path C:\Program Files\ASUS\AsusDriverHubInstaller\TempWorkingDirectory\ADU.exe
2026-03-01 15:50:20,056 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2026-03-01 15:50:20,306 [lib.api.process] ERROR: Failed to dump memory of 64-bit process with pid 1684.
2026-03-01 15:50:20,477 [analyzer] INFO: Terminating remaining processes before shutdown.
2026-03-01 15:50:20,477 [lib.api.process] INFO: Successfully terminated process with pid 1684.
2026-03-01 15:50:20,650 [analyzer] INFO: Analysis completed.

Cuckoo Log

2026-03-01 16:49:23,537 [cuckoo.core.scheduler] INFO: Task #7469965: acquired machine win7x6423 (label=win7x6423)
2026-03-01 16:49:23,540 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.223 for task #7469965
2026-03-01 16:49:24,118 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 116121 (interface=vboxnet0, host=192.168.168.223)
2026-03-01 16:49:26,097 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6423
2026-03-01 16:49:26,742 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6423 to vmcloak
2026-03-01 16:49:41,481 [cuckoo.core.guest] INFO: Starting analysis #7469965 on guest (id=win7x6423, ip=192.168.168.223)
2026-03-01 16:49:42,488 [cuckoo.core.guest] DEBUG: win7x6423: not ready yet
2026-03-01 16:49:47,786 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6423, ip=192.168.168.223)
2026-03-01 16:49:47,881 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6423, ip=192.168.168.223, monitor=latest, size=6660546)
2026-03-01 16:49:49,952 [cuckoo.core.resultserver] DEBUG: Task #7469965: live log analysis.log initialized.
2026-03-01 16:49:50,770 [cuckoo.core.resultserver] DEBUG: Task #7469965 is sending a BSON stream
2026-03-01 16:49:51,160 [cuckoo.core.resultserver] DEBUG: Task #7469965 is sending a BSON stream
2026-03-01 16:49:52,025 [cuckoo.core.resultserver] DEBUG: Task #7469965: File upload for 'shots/0001.jpg'
2026-03-01 16:49:52,056 [cuckoo.core.resultserver] DEBUG: Task #7469965 uploaded file length: 133453
2026-03-01 16:50:04,584 [cuckoo.core.guest] DEBUG: win7x6423: analysis #7469965 still processing
2026-03-01 16:50:19,684 [cuckoo.core.guest] DEBUG: win7x6423: analysis #7469965 still processing
2026-03-01 16:50:20,413 [cuckoo.core.resultserver] DEBUG: Task #7469965: File upload for 'curtain/1772376620.42.curtain.log'
2026-03-01 16:50:20,416 [cuckoo.core.resultserver] DEBUG: Task #7469965 uploaded file length: 36
2026-03-01 16:50:20,480 [cuckoo.core.resultserver] DEBUG: Task #7469965: File upload for 'sysmon/1772376620.48.sysmon.xml'
2026-03-01 16:50:20,486 [cuckoo.core.resultserver] DEBUG: Task #7469965 uploaded file length: 131006
2026-03-01 16:50:20,514 [cuckoo.core.resultserver] DEBUG: Task #7469965: File upload for 'files/58ab976dffcb5230_adu.exe'
2026-03-01 16:50:20,573 [cuckoo.core.resultserver] DEBUG: Task #7469965 uploaded file length: 4763648
2026-03-01 16:50:20,612 [cuckoo.core.resultserver] DEBUG: Task #7469965: File upload for 'files/0718ee8a62987356_data.zip'
2026-03-01 16:50:20,645 [cuckoo.core.resultserver] DEBUG: Task #7469965 uploaded file length: 4783419
2026-03-01 16:50:20,659 [cuckoo.core.resultserver] DEBUG: Task #7469965: File upload for 'files/46c4ea3b204fbe1f_asus-driverhub-installer.log'
2026-03-01 16:50:20,661 [cuckoo.core.resultserver] DEBUG: Task #7469965 uploaded file length: 1671
2026-03-01 16:50:20,788 [cuckoo.core.resultserver] DEBUG: Task #7469965 had connection reset for <Context for LOG>
2026-03-01 16:50:22,698 [cuckoo.core.guest] INFO: win7x6423: analysis completed successfully
2026-03-01 16:50:22,713 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2026-03-01 16:50:22,737 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2026-03-01 16:50:24,043 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6423 to path /srv/cuckoo/cwd/storage/analyses/7469965/memory.dmp
2026-03-01 16:50:24,045 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6423
2026-03-01 16:50:32,172 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.223 for task #7469965
2026-03-01 16:50:32,499 [cuckoo.core.scheduler] DEBUG: Released database task #7469965
2026-03-01 16:50:32,515 [cuckoo.core.scheduler] INFO: Task #7469965: analysis procedure completed

Signatures

Yara rules detected for file (4 events)
description (no description) rule Check_OutputDebugStringA_iat
description Checks if being debugged rule anti_dbg
description Create or check mutex rule win_mutex
description Affect private profile rule win_files_operation
This executable has a PDB path (1 event)
pdb_path D:\Jenkins\workspace\sw\CopycatAgent\installer\x64\Release\ASUS-DriverHub-Installer.pdb
The file contains an unknown PE resource name possibly indicative of a packer (1 event)
resource name FILE
A process attempted to delay the analysis task. (1 event)
description ASUS-DriverHub-Installer.exe tried to sleep 240 seconds, actually delayed analysis time by 0 seconds
Creates executable files on the filesystem (1 event)
file C:\Program Files\ASUS\AsusDriverHubInstaller\TempWorkingDirectory\ADU.exe
The binary likely contains encrypted or compressed data indicative of a packer (2 events)
section {u'size_of_data': u'0x00492a00', u'virtual_address': u'0x0005c000', u'entropy': 7.9961297770920465, u'name': u'.rsrc', u'virtual_size': u'0x004928a0'} entropy 7.99612977709 description A section with a high entropy has been found
entropy 0.930359626465 description Overall entropy of this PE file is high
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.