» hexonicscantopdfsetup.exe
Overview
Analysis
File Details
Downloads (4)

hexonicscantopdfsetup.exe

Hexonic ScanToPDF

Hexonic Software

The application hexonicscantopdfsetup.exe, “Hexonic ScanToPDF Setup ” has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.

File name:

Publisher:

Hexonic Software

Product:

Hexonic ScanToPDF

Description:

Hexonic ScanToPDF Setup

MD5:

02eab361512b43f87edf166af8746c1f

SHA-1:

2d8593f39f7c8d6bd6cd9d8ca9447f283c79a5e0

SHA-256:

d2e703339cc83ae7e4b09cbeaf8f5a3643321d010ea972e4432a075ee815460d

Scanner detections:

2 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

4/27/2024 2:07:11 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/InstallMonetizer.AU

8.9801

Reason Heuristics

PUP.InstallMonetizer.Bundle (M)

16.3.10.15

File size:

1.3 MB (1,319,678 bytes)

Product version:

1.0

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:5nalk8DdzcivydQ6QzZT2dUF02hfnmKNJblm1p2X8E3I5kS3rJQBtUkBgJ:5aCkzczdbKZa+npnmKNJxGp2MninXBgJ

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file hexonicscantopdfsetup.exe has been seen being distributed by the following 4 URLs.

http://gsf-cf.softonic.com/2d8/593/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3342367&instance=softonic_en&type=PROGRAM&Expires=1435009849&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=JCGkMrEgZx-N~4Q6MFmh3stOk7GcXf0yk1tU1KdCeDNi-nDLAnEzYHjxwCu7DEfS1DBRie~YlQ6mfvc0~RgnA~KqvN0ajVZGLXMFqC6avARp1kiBegKXkdi5XcP0UmBMGuqlf1ntEaPQdVxtX0sAcZfWpyJ6vhTS3Qd5jGmdQuI_&filename=HexonicScanToPDFSetup.exe

http://gsf-cf.softonic.com/2d8/593/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3342367&instance=softonic_de&type=PROGRAM&Expires=1461640940&Signature=MOyH8EQCf4N5JeylorUZrz8AHdIx5~N2ps8vBFqufxyMab1AATbhAYwrrX5GXotVuAXja3i9dAC9VcbNqqjIs7tF9i-tJYZsEdNqf71i8T9HiiFw1Q5LDkAKyqb7FzHZ1iGkIyVrl~jak0Dbi-~lqLh6vE29H~oynp3oWM3xP88_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=HexonicScanToPDFSetup.exe

http://www.hexonic-software.com/.../HexonicScanToPDFSetup.exe

http://hexonic-scantopdf.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAPbOBb1tJINokZq5u/.../Gi8AFNxjs9Ggh8OUhJERe8eMMYROnZ8L uBoyk57xLiJYQGzLR aM08baJV9L7ehDgDiHGL ERpIGqE9mH69KzQHJmDD9VlWIg8Rg==

Remove hexonicscantopdfsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.