home

install_pdfr_v252.exe

PDF reDirect

EXP Systems LLC

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is installed with PDF reDirect (remove only). The file has been seen being downloaded from www.towerbitscenter.com and multiple other hosts.
Publisher:
EXP Systems LLC  (signed and verified)

Product:
PDF reDirect

Description:
Install program for PDF reDirect

Version:
v2.5.2

MD5:
d84bd466a4de9fbedaabaf9a366cf4e6

SHA-1:
57f93f838a7204f0fe455bace047aef250e6716d

SHA-256:
7ab20ca0107f85b5ec838b76474e2c49f1295041f637f6c7130b745acecebf8a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/27/2024 12:41:57 AM UTC  (today)

File size:
7.1 MB (7,451,448 bytes)

Copyright:
©2010 EXP Systems LLC

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\install_pdfr_v252.exe

Digital Signature
Signed by:
EXP Systems LLC

Authority:
The USERTRUST Network

Valid from:
6/28/2009 7:00:00 PM

Valid to:
6/28/2012 6:59:59 PM

Subject:
CN=EXP Systems LLC, O=EXP Systems LLC, STREET=11058 W 1st Street CT N, L=Wichita, S=KS, PostalCode=67212, C=US

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
00C6A73D9B22227C46AA75844411AD16C9

File PE Metadata
Compilation timestamp:
6/6/2009 4:41:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:WiT7e3WYVlue372YxgQugzoOBvAHG4mMA7mp/i/MWm8:1YVlNKYxugznBvAmIkmp/q7

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9986

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file install_pdfr_v252.exe has been discovered within the following program.

PDF reDirect (remove only)  by EXP Systems LLC
Publisher's description - “PDF ReDirect is a fast, free, and easy-to-use PDF creator. It has no restrictions, no watermarks, no spyware, no adware, and no pop-up advertisements. Create PDFs, Apply Stamps, Merge and Optimize. Lock your PDFs. Enter Metadata and set Font Options.”
www.exp-systems.com
8% remove it
 
Powered by Should I Remove It?

The file install_pdfr_v252.exe has been seen being distributed by the following 13 URLs.

http://www.towerbitscenter.com/AxDSS_DC0aGQ hsyueTuZF3gpLf8bE3DX8aDiD0VVD9RO274mhQ4BU2f6otUgdLj k3aspvzsHri0qJGydrX2TFRnsIbsp9c4s_KPkX_sWING6wbpnQ3slcAFQSRlCzX_fbrSJ4eeEBtuOd2LBgR9LnsYI5Fyy0N7i0hfCOSZW5evmmMO1gMmc4S1FlPAKMUfO7tCAj5wJRFnA2ZjZto1s2QHTkzAg==-G0QAAEQ3F5MKgqGJ8CYPxbR6zoWjYxywX9O1wO2D LAxdpYrg2ZcY8gv5hJRR1p6PHywWxxE1ummT6XHrq mjAE=

http://www.lo4d.com/get-file/pdf-redirect/.../

http://gsf-cf.softonic.com/57f/93f/.../file?SD_used=0&channel=WEB&fdh=no&id_file=40709&instance=softonic_en&type=PROGRAM&Expires=1441812488&Signature=HVNTucK19ycokuNM0yS9v3ujqhsxP4NBuqFtrYuW~2S04LBbFfiYetsaA~ZGBbCsEBL2VnJlgC8zVAkg3U5ifxCWT3A6jsLpxqC7VDxK7wcRXXrW-YSXn~TU71rqjsA-j8FDEBT7qIgYHnZxoscANUg3mtjPlmBa03SpDcceSUg_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Install_PDFR_v252.exe

http://gsf-cf.softonic.com/57f/93f/.../file?SD_used=0&channel=WEB&fdh=no&id_file=40709&instance=softonic_en&type=PROGRAM&Expires=1424806899&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=fimI-c98ebxqBjdAXk6Gjoa-rIr4m5XeZgdKQ~LIEt8r7YgJ53mEU6IQ1gEB488gagPG4wK5vuKKSb2OKz9CAn1A5oR1yPCVUgm68OUvkSv-cGIq8Ztppj4smeaLd4FSYTLWzBDr35VcXToCIkjzllgIWt0kbkGBsfYV8JhJElY_&filename=Install_PDFR_v252.exe

http://www.lo4d.com/get-file/pdf-redirect/.../

http://gsf-cf.softonic.com/57f/93f/.../file?SD_used=0&channel=WEB&fdh=no&id_file=40709&instance=softonic_en&type=PROGRAM&Expires=1423952848&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=E0JAsvz3DTDdYttz-QOibpWbphFKeaHJnPXOxfPcCkj5ND0lkSGI-kwf2mxldKyocdHb4RCwLxyEfBx9mi3EyivC4kOUQ8UJYiCB1bc5~JMbSSQymL5GbdO-hrJ6XcKS90G0U0tPfhn9cRiIZQO91v3sQhB1YM2XCBsbU8k~6C8_&filename=Install_PDFR_v252.exe

http://www.programosy.pl/.../pobierz,pdf-redirect,2.html

http://files.downloadnow-2.com/s/software/11/65/48/.../Install_PDFR_v252.exe

http://files.downloadnow.com/s/software/11/65/48/.../Install_PDFR_v252.exe

http://www.exp-systems.com/PDFreDirect/.../Install_PDFR_v252.exe

http://gsf-cf.softonic.com/57f/93f/.../file?SD_used=0&channel=WEB&fdh=no&id_file=40709&instance=softonic_it&type=PROGRAM&Expires=1423806739&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=cuXCyvl91VUKB1GhQocqIk8Asvj4Mnuzoa2u9IgxlCFvV0YHQnS24~lw1E8UyfbBP03Ig0Ii0bVEz9Q2DQps-YditDB9JlKJ2CBKgNcvHzHu7NFuHpQYfRBj88LzF1m2gHX3OXujCIubrKvuOco2KU00gKFgeyMzvytMarCnM~c_&filename=Install_PDFR_v252.exe

http://software-files-l.cnet.com/s/software/11/65/48/.../Install_PDFR_v252.exe

http://software-files-a.cnet.com/s/software/11/65/48/.../Install_PDFR_v252.exe

Scan install_pdfr_v252.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.