» file_10924_i129875827_il345.exe
Overview
Analysis
File Details

file_10924_i129875827_il345.exe

PDFCreator

AITI Strim CONSULTING, TOV

The application file_10924_i129875827_il345.exe, “PDFCreator is the easy way of creating PDFs.” by AITI Strim CONSULTING, TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Publisher:

pdfforge GmbH (signed by AITI Strim CONSULTING, TOV)

Product:

PDFCreator

Description:

PDFCreator is the easy way of creating PDFs.

Version:

2.2.2

MD5:

4885a0de12d17c87c6dfec1092dbe40c

SHA-1:

e356c2e9484be678f15402c94332c2eb5b5c7b64

SHA-256:

9910705f6f3b9d708c09d9d1c9f3a03d17cc149aa9f26951d9604198054908ae

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/29/2024 4:01:57 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Amonetize (M)

16.11.2.10

File size:

2.1 MB (2,216,224 bytes)

Product version:

2.2.2

Original file name:

PDFCreator-2_2_2_1066-setup-pdfforge.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\file\file_10924_i129875827_il345.exe

Digital Signature

Signed by:

AITI Strim CONSULTING, TOV

Authority:

COMODO CA Limited

Valid from:

1/11/2016 1:00:00 AM

Valid to:

1/11/2017 12:59:59 AM

Subject:

CN="AITI Strim CONSULTING, TOV", OU=IT, O="AITI Strim CONSULTING, TOV", STREET="Bud. 53-55, vul.Pochainynska", L=Kyyiv, S=Kyyiv, PostalCode=04080, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

5A7A1CB365BD8EA3567456D3B8166630

File PE Metadata

Compilation timestamp:

1/26/2016 8:42:51 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

49152:EOqZOxnH9LFX9rPNlGMWXuJ1UZqx9UREH:EOqZOHlFtrPn/WwKKZ

Entry address:

0x44EC5B

Entry point:

68, C9, A8, EB, FD, E8, 93, DB, E5, FF, 47, 1B, 2B, F4, 15, DF, 86, 15, 23, 34, D1, D2, 15, 23, 26, F8, 63, D5, 0B, 9D, 6F, 79, EB, DC, 91, 6B, 7A, EA, DC, 04, 26, 92, 2A, F4, 6C, 8E, A4, 14, 23, 6F, 35, AA, 14, 23, AD, E4, 93, 15, 23, DB, 11, FC, D4, 0B, 43, B2, 45, EA, DC, 5B, AD, 5E, 2A, F4, 5D, BF, 22, 15, 23, 54, 77, 72, 15, 23, 79, 1F, C8, D5, 0B, 86, 75, 48, EA, DC, D4, F1, EA, DC, AA, A8, A2, 2B, F4, 50, 49, 5E, 95, 10, 1D, 54, 0B, 7D, 38, 8A, 6A, DC, A3, 65, C0, 6B, DC, 43, BB, AB, F4, 73, B1, 1C... 
[+]

Code size:

2.1 MB (2,199,552 bytes)

Remove file_10924_i129875827_il345.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.