Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Driver Talent

PUP.Driver Talent

By CagedTech in Potentially Unwanted Programs

Threat Scorecard

Popularity Rank: 1,374
Threat Level: 10 % (Normal)
Infected Computers: 79,170
First Seen: March 27, 2019
Last Seen: February 6, 2026
OS(es) Affected: Windows

SpyHunter Detects & Remove PUP.Driver Talent

File System Details

PUP.Driver Talent may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. ldrvsvc.dll b366296720ac09d60d99c5d6bc716c3b 42,457
2. drivertalentxwebsetup_b2222b[1].exe d0de2ab20d4249e7d260efbf1add0468 132
3. DriverTalent_2222_10_0_23_74.exe 86984bb56b34d2fa777840cd252260e0 124
4. DriverTalent_2222_10_0_31_86.exe 731c772d5e1f63eb439d6b1857e7595e 56
5. drivertalentx.exe 0d7e2eacff9e93ef81a5894d9362dc3a 56
6. DriverTalent_setup_8.0.10.58.exe 5a66fd4bff264e8bfec4c0cd6d8c74af 36
7. DriverTalent.exe 52b796b868cbebb712a205aa2d39c461 25
8. DriverTalent_ostoto_setup_8_1_9.20.exe 7c3dc80884f2f6789c9dcf1370c4e0b7 11
9. DriverTalent_net_ostoto.exe 4e06dcfd0a4279408f5fdc2d0adf66a9 0
10. F799EC23A5C37B86C5098F13DD3E2E0ABF37EB3F f799ec23a5c37b86c5098f13dd3e2e0a 0
11. 3151_drivertalent-181031.exe da37771b8ad070a5afb2cee5a8a499d1 0
More files

Analysis Report

General information

Family Name: PUP.Driver Talent
Packers: UPX
Signature status: Root Not Trusted

Known Samples

MD5: 1467ca69d449586be2c4cab470d68afb
SHA1: 762e79f88b06cabb5b292b115390e8e3712c0388
SHA256: 756A5E07474D087060514B3B075B35D7EF7B95384E21A2D3BB4463E04F0AB046
File Size: 224.82 KB, 224824 bytes
MD5: 2727a7e702b6793c05a2196d22133614
SHA1: 08b5fe1fe1cb8b90a2b9d3cb6a9b604f967a7077
SHA256: D9665614EECE61A3815950DA8C1F264E55575AD1EC7BD6192B11F38BCFFE37C6
File Size: 204.09 KB, 204095 bytes
MD5: 0cfb657f96b5869f00a4f27523527f03
SHA1: 91a7f7431fc90741cab9e5486981a8431ce859ee
SHA256: DF319809D863C60BAE3A35D77D9F7C405E9FA2EC12CE2631EABB3015DE28728B
File Size: 9.92 MB, 9921327 bytes
MD5: 6ae7827aed6a0494c616b4f48845a553
SHA1: 39cc5251d819bbc4e5e10c10ea228dd2b6cf5fb7
SHA256: 9434C7E1D5A34B4AE216DCFE094169399177DA2BE612F641D8324252D04795BD
File Size: 4.80 MB, 4803880 bytes
MD5: fcab323433fd1346f1ce5f01c67998c8
SHA1: 2ca066d48f05382186829eb29da0c20afcc8548f
SHA256: A23EBB39DDFBC96585E706844DD8D1D95ACE7D80BF02BB416D8C9182E2CF2E88
File Size: 647.17 KB, 647168 bytes
Show More
MD5: 162752604bf81c68e22e4fd217f93e51
SHA1: 105f2050c1b59fe9cd18e7bd134a094708a6ccc4
SHA256: A6F40AE75373561910380269E9FC1874607E1A927A27ADEE31E04818B6715D1D
File Size: 5.08 MB, 5084464 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • Drive The Life Co., Ltd
  • Dtl
  • OSToto Co. , Ltd.
  • 深圳市驱动人生科技股份有限公司
File Description
  • CNICDriver
  • Driver Talent
  • OSTotoHotspot安装程序
  • 快速搜索 Setup
  • 驱动人生 Uninstaller
File Version
  • 8.1.3.14
  • 4.1.9.4
  • 2.0.0.25
  • 1.0.0.2
Internal Name
  • CNICDriv.dll
  • Driver Talent
  • DTLInstaller
Legal Copyright
  • Copyright (C) 2008-2022 OSToto. All rights reserved.
  • Copyright (C) 2018
  • Copyright (c) 2020 深圳市驱动人生科技股份有限公司。保留所有权利。
  • Copyright © 2015 | Drive The Life Co., Ltd. All Rights Reserved
Original Filename
  • CNICDriver.dll
  • Driver Talent
  • DTLInstaller.exe
Product Name
  • CNICDriver
  • Driver Talent
  • OSTotoHotspot
  • 快速搜索
  • 驱动人生
Product Version
  • 8.1.3.14
  • 4.1.9.4
  • 2.0.0.25
  • 1.0.0.2

Digital Signatures

Signer Root Status
Shenzhen DriveTheLife Software Technology Co.Ltd DigiCert Assured ID Code Signing CA-1 Self Signed
Shenzhen DriveTheLife Software Technology Co.Ltd DigiCert Assured ID Root CA Root Not Trusted
Shenzhen DriveTheLife Software Technology Co.Ltd DigiCert SHA2 Assured ID Code Signing CA Self Signed
Shenzhen DriveTheLife Software Technology Co.Ltd VeriSign Class 3 Code Signing 2010 CA Hash Mismatch
Shenzhen DriveTheLife Software Technology Co.Ltd VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted
Show More
Shenzhen DriveTheLife Software Technology Co.Ltd VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted

Block Information

Total Blocks: 1,875
Potentially Malicious Blocks: 84
Whitelisted Blocks: 1,103
Unknown Blocks: 688

Visual Map

0 ? ? ? ? ? 0 ? 0 0 0 ? 0 0 0 ? 0 0 x x x x 0 x 0 0 0 0 0 0 0 x 0 ? 0 ? 0 ? ? ? ? 0 ? 0 ? ? ? ? 0 0 0 ? ? 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 ? 0 x x ? ? 0 0 ? x ? ? ? ? 0 ? x x ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 x 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? ? ? ? ? ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? 0 ? 0 0 ? 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 ? ? 0 ? 0 0 ? 0 0 ? ? ? ? ? 0 0 0 ? 0 0 ? ? ? ? ? 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 ? ? 0 x x ? ? ? 0 ? x x ? ? x 0 x ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? 0 0 ? ? ? ? ? ? ? ? x ? ? ? ? x ? ? ? ? ? x ? ? x 0 x 0 ? ? ? x ? ? ? ? ? ? ? ? x ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? ? x x ? ? ? 0 ? x ? ? ? 0 0 ? ? ? 0 ? ? ? x ? ? ? ? x ? x ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? x 0 ? ? ? ? ? ? ? x ? ? 0 ? ? ? ? ? ? ? ? x x x ? x ? ? 0 ? ? ? ? ? ? ? ? x 0 0 x 0 0 ? ? 0 0 ? ? 0 ? x ? ? ? ? ? ? ? 0 ? ? x 0 ? 0 ? x ? ? ? ? ? ? x x ? ? ? ? ? ? x ? 0 0 x 0 0 ? ? 0 x ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? x ? ? ? ? 0 0 ? x 0 0 ? x ? ? ? x x ? ? x ? x ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? ? ? ? ? 0 ? ? x ? ? ? 0 0 0 0 0 ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? 0 ? 0 0 0 ? ? ? x ? ? ? 0 ? ? ? 0 0 ? ? ? ? ? ? 0 0 ? ? ? ? 0 ? ? x ? ? ? ? ? ? x 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? x 0 0 ? 0 x ? 0 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? x ? ? ? ? ? ? ? ? ? ? ? x x ? ? ? 0 0 ? x ? ? x x ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? 0 ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? 0 ? x ? 0 ? ? ? ? ? ? ? 0 ? x ? ? ? 0 ? 0 ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? x 0 ? ? ? ? 0 0 ? 0 ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? 0 0 0 ? ? ? 0 ? ? ? ? 0 ? 0 0 ? 0 ? 0 ? 0 ? ? 0 ? ? ? ? ? ? ? x ? ? ? ? 0 ? 0 0 0 ? 0 0 0 0 x ? 0 0 0 0 0 x ? ? ? 0 x ? 0 0 ? 0 0 0 ? ? 0 ? 0 0 0 ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? x 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 ? 0 ? 0 0 ? 0 ? 0 ? 0 0 0 0 ? ? ? 0 ? ? 0 ? ? 0 ? ? ? 0 0 x ? 0 0 0 0 ? ? 0 0 0 ? ? 0 0 ? ? 0 0 0 0 0 ? x x x ? 0 ? 0 0 0 0 ? ? ? ? ? ? 0 ? 0 0 ? ? ? 0 ? ? ? 0 ? 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 2 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 1 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 3 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\program files\common files\system\symsrv.dll Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll.000 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dtlbdf7.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\dtlbdf7.tmp\dtlinstui.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dtlbdf7.tmp\installheper.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dtlbdf7.tmp\libnetwork.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dtlbdf7.tmp\sqlite3.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dtlbdf7.tmp\uninstall.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dtlbdf7.tmp\zlibwapi.dll Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\ostotohotspot::newdriverflag  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtProtectVirtualMemory
Show More
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Process Shell Execute
  • CreateProcess
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
  • OutputDebugString
User Data Access
  • GetUserObjectInformation

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\762e79f88b06cabb5b292b115390e8e3712c0388_0000224824.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\08b5fe1fe1cb8b90a2b9d3cb6a9b604f967a7077_0000204095.,LiQMAxHB

Trending

Most Viewed

Loading...