» icreinstall_pdfconvertersetup.exe
Overview
Analysis
File Details
Network (2)

icreinstall_pdfconvertersetup.exe

PDF Converter

Install Core

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_pdfconvertersetup.exe, “PDF Converter Installer” by Install Core has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address os.solvefile.com on port 80 using the HTTP protocol.

File name:

Publisher:

PDF Converter Technologies (signed by Install Core)

Product:

PDF Converter

Description:

PDF Converter Installer

Version:

3.1.0.0

MD5:

ddfe71ac4005e4c433b4438a8c5e635a

SHA-1:

7bca8a136325094870beb4028b7f5ba03707021a

SHA-256:

0efb169970e8d00a5136fc71af9b155e2926aadf3eb41e7eaa91bcac8a52e4a4

Scanner detections:

19 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

5/11/2024 2:38:57 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Adtool.InstallCore.Gen

7.1.1

AhnLab V3 Security

Adware/Win32.InstallCore

2014.12.14

Avira AntiVirus

ADWARE/Adware.Gen

7.11.30.172

avast!

Win32:InstallCore-F [PUP]

2014.9-160215

Clam AntiVirus

W32.Adware.InstallCore-2

0.98/19774

Comodo Security

ApplicUnwnt.Win32.AdWare.InstallCore.0

20360

Dr.Web

Adware.InstallCore.14

9.0.1.046

ESET NOD32

Win32/InstallCore.E potentially unwanted application

10.7.0.302.0

Fortinet FortiGate

Adware/InstallCore

2/15/2016

F-Prot

W32/Agent.MC.gen

v6.4.6.5.141

K7 AntiVirus

Trojan

13.187.14319

Malwarebytes

Adware.Agent

v2016.02.15.06

NANO AntiVirus

Trojan.Win32.InstallCore.wcycc

0.28.6.63850

Qihoo 360 Security

Malware.QVM11.Gen

1.0.0.1015

Reason Heuristics

PUP.installCore.PDFConverterTechnologies.Installer (M)

16.2.15.18

Sophos

PUA 'Install Core Installer'

Trend Micro House Call

HV_INSTALLCORE_CA224EDF.TOMC

7.2.46

Vba32 AntiVirus

BScope.Malware-Cryptor.Sinba.A

3.12.26.3

VIPRE Antivirus

Threat.4786018

35418

File size:

548.5 KB (561,672 bytes)

Product version:

3.1.0.0

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore

Common path:

C:\users\{user}\appdata\local\temp\icreinstall_pdfconvertersetup.exe

Digital Signature

Signed by:

Install Core

Authority:

The USERTRUST Network

Valid from:

2/2/2011 7:00:00 AM

Valid to:

2/3/2012 6:59:59 AM

Subject:

CN=Install Core, O=Install Core, STREET=Nisim Aloni 21, L=Tel Aviv, S=Tel Aviv, PostalCode=62919, C=IL

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

2BCA6BFDAB7E5637BA8E7E9C6400CC75

File PE Metadata

Compilation timestamp:

6/20/1992 5:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:VS0Br4skBIEgqw8nrnH8qXVviIFUG99bctTVJ3MMSZ:VNBr4VGEjw8bFZd99be3MMSZ

Entry address:

0x112510

Entry point:

60, BE, 00, 20, 49, 00, 8D, BE, 00, F0, F6, FF, C7, 87, 10, 27, 0C, 00, 4D, 45, 7C, C1, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

516 KB (528,384 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to os.solvefile.com (207.189.109.121:80)

TCP (HTTP):

Connects to cdnus.solvefile.com (207.189.109.121:80)

Remove icreinstall_pdfconvertersetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.