» macallister instruction m_10924_i129706149_il345.exe
Overview
Analysis
File Details

macallister instruction m_10924_i129706149_il345.exe

PDFCreator

AITI Strim CONSULTING, TOV

The application macallister instruction m_10924_i129706149_il345.exe, “PDFCreator is the easy way of creating PDFs.” by AITI Strim CONSULTING, TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Publisher:

pdfforge GmbH (signed by AITI Strim CONSULTING, TOV)

Product:

PDFCreator

Description:

PDFCreator is the easy way of creating PDFs.

Version:

2.2.2

MD5:

eecbf583553d8148b5ac8482434d4193

SHA-1:

67ceab7bb31ddd136826e8a09c0dc13f93b69091

SHA-256:

d47a2d84dc44d5c6c98a22cd4823ff77e61b903075d5a6e4b14cfec068ee149b

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/29/2024 4:20:58 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Amonetize.AITIStri.Installer (M)

16.5.28.11

File size:

2 MB (2,110,416 bytes)

Product version:

2.2.2

Original file name:

PDFCreator-2_2_2_1066-setup-pdfforge.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\macallister instruction m_10924_i129706149_il345.exe

Digital Signature

Signed by:

AITI Strim CONSULTING, TOV

Authority:

COMODO CA Limited

Valid from:

1/11/2016 12:00:00 AM

Valid to:

1/10/2017 11:59:59 PM

Subject:

CN="AITI Strim CONSULTING, TOV", OU=IT, O="AITI Strim CONSULTING, TOV", STREET="Bud. 53-55, vul.Pochainynska", L=Kyyiv, S=Kyyiv, PostalCode=04080, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

5A7A1CB365BD8EA3567456D3B8166630

File PE Metadata

Compilation timestamp:

1/25/2016 3:52:53 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

49152:6a3qeJvwNaFdGWoc5rOD++gCGm5GTx6i5ET//FQCtX:1aeOYr8c5rV+ghm52x6oWaO

Entry address:

0x29457A

Entry point:

68, D3, 71, 99, 06, E8, A0, CF, FF, FF, 8D, 08, 71, CA, 7A, 18, AE, 94, F5, EE, 8D, 1C, 1A, C5, 0E, 6B, 70, C1, 06, 00, 40, 2F, 05, E0, 55, 4E, 53, FE, E6, D6, 4F, AD, B9, 99, 69, 29, 66, 45, D4, 72, 27, FA, 2C, 8D, 9E, D6, AC, 0E, 57, BF, D4, CA, FD, BF, 76, 74, 22, A0, 4F, 3B, 63, BA, 36, 03, 60, 62, D8, 0D, EE, 7A, 7A, 59, B5, 5F, BC, 25, 9D, F6, 49, 36, 52, 0E, 17, B1, E1, 2B, 64, E8, 70, 20, F5, 0A, 51, 28, E8, 7A, 9B, DB, 7D, D6, 3E, EB, 1C, 17, 45, 13, 45, EC, 19, 74, C6, 24, 24, 82, 67, B2, 0E, 04... 
[+]

Entropy:

7.9850 (probably packed)

Code size:

2 MB (2,093,568 bytes)

Remove macallister instruction m_10924_i129706149_il345.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.