home

pdfcreator-2_1_1-setup.exe

PDFCreator

pdfforge GmbH

The application pdfcreator-2_1_1-setup.exe, “PDFCreator is the easy way of creating PDFs. ” by pdfforge GmbH has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. This file is typically installed with the program Cobian Backup 11 Gravity by Luis Cobian. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
pdfforge   (signed by pdfforge GmbH)

Product:
PDFCreator

Description:
PDFCreator is the easy way of creating PDFs.

Version:
2.1.1.820

MD5:
2fd629296abb423da0b48e822986ceed

SHA-1:
f218cb4810038f0b9e1daa6a8e73fa258d620a8c

SHA-256:
f0ff2b376e965e70587e95eb5d1c03b09ccf1c880d69a4b079f43d1a0b1cb561

Scanner detections:
7 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/24/2024 5:47:43 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.OpenCandy.39
9.0.1.094

ESET NOD32
Win32/InstallMonetizer.AQ potentially unwanted
9.11424

F-Prot
W32/OpenCandy.A2.gen
v6.4.7.1.166

NANO AntiVirus
Riskware.Win32.Downware.dgkmsw
0.30.8.659

Reason Heuristics
PUP.InstallMonetizer.Bundle (M)
16.3.10.15

Trend Micro House Call
Suspicious_GEN.F47V0401
7.2.94

VIPRE Antivirus
Opencandy
39048

File size:
26.5 MB (27,837,984 bytes)

Product version:
2.1.1.820

Copyright:
© pdfforge

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\pdfcreator-2_1_1-setup.exe

Digital Signature
Signed by:
pdfforge GmbH

Authority:
thawte, Inc.

Valid from:
3/10/2015 1:00:00 AM

Valid to:
4/9/2017 1:59:59 AM

Subject:
CN=pdfforge GmbH, O=pdfforge GmbH, L=Hamburg, S=Hamburg, C=DE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
4A0B7118F7483AE9BED26C9A1C65AD91

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
393216:Gget8OGmWo4dgnM93nKrqNXj82ITuBojVBwAt1wYa+f98+yILmPXXILjGfaOv:ut1GmWo4dNETu0B9KL+f9hPaPXojwaO

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file pdfcreator-2_1_1-setup.exe has been discovered within the following program.

Cobian Backup 11 Gravity  by Luis Cobian
Publisher's description - “Cobian Backup is a multi-threaded program that can be used to schedule and backup your files and directories from their original location to other directories/drives in the same computer or other computer in your network.”
www.cobiansoft.com/cobianbackup.htm
About 1% of users remove it
 
Powered by Should I Remove It?

The file pdfcreator-2_1_1-setup.exe has been seen being distributed by the following 50 URLs.

http://dw.jp.uptodown.com/dl/1430921422/.../pdfcreator-2-1-1-multi-win.exe

https://dw.uptodown.com/dwn/byxCkJ7TFQmUox0NO0SN7Og-D-XGuUSoovq6xAhfQtEYJOOlUaW2CKfYF35ZzJ8Dvr7mmiEmQkUGo-_7DUzWQntc5D2YA_7i1EVM1oq4N_DWU7YDUNl5jnQ82gOPASue/jDlqryzt5rYQ2eH3W59qjDiBMoYYgczaxS-uV-zgRofPN_KP3sXBPLy8koBwcFAEYmnoEAXgm6r0MKm7ZQOKOpmkrhzW84gEY8-B-93F3d4vscjHuHZ1eUfntChZjNpm/gu5x3_Bd9a-Jqlif4Mt-6efJwN4qKpajXpoTNzuMjdKZWm0Bn7K80jJsE1t92hdSzgYqoBdh_NGRwK3lT6Y9P6lpXWVr6-76v_NRSdNowu0laUjP5MuSFOolQRGKEvVb/.../

http://lb.cdn.m6web.fr/d/c/a/5c783739c12567c906049c0d8397b2b6/562e7188/soft/.../pdfcreator_2-1-1-807_fr_11085.exe

http://dw.uptodown.com/dwn/WSct06EvyCD93Oizza2_qz3K00BSfyaUHS-xWgBdDw51D26OgY0VlAlyuZGED1ixumObCXji13Bu5FFCXkOlOdN3WT2SaJsRogVdI9leD8wQnbIR94YmnMocvWfvkyN0/nR-QJdShAPUFP6hGLtrNReg2X2RL_OQseygv4DqqWWeX9kJORcb106e57O0sn0to5DDQuIVNPst0C5-yMgSaxDgODxMnDpzLNnyusznQ33430JayrT5fbFKPIkX7WXZH/.../

https://dw.uptodown.com/dwn/X3PSzttq2jwWexsXYS3-NipSXyBODSbOSGqjuO4MRIFUbzZocxWAypAiKWvpeTpQY6bD09NCPfzxMA5ggvoLJSA04bBEZ_yF7tW1R-EYVxaevdaH8D8Q7erjEBArvVqw/mI4zU-b-L8-MMJpN-aDXjsbxT4W3mSIl2H98Es60lLr8gzBzCoRQ5cnH7iBk1xJuvg0c1CvbvdS50bbNQWld85gReaOrhCggfvITLiFUzJNoMkX2jhZOwuA3PBjDGKd-/ENb05sLe8X057PH9z_MlaTAQQ0VJPTO60b7PcIMCgQ1WY7wcufU9JzOGuBxaw48IA3VZzVQxMsWBOhz675QRUU4AZB4rWBmi-OfyMVIT0Sc2CJxSaJz-P1ly3F_Rha9I/.../

http://dw.uptodown.com/dl/1429888738/.../pdfcreator-2-1-1-multi-win.exe

http://lb.cdn.m6web.fr/d/c/a/95f4b5ec4dcd3f7e5630dae654d43572/55b1fa05/soft/.../pdfcreator_2-1-1-807_fr_11085.exe

http://lb.cdn.m6web.fr/d/c/a/7528a46c1b89d089e4a6c8ff9c1f6676/5618b442/soft/.../pdfcreator_2-1-1-807_fr_11085.exe

http://lb.cdn.m6web.fr/d/c/a/5d90e8b4a2cff6d71aa3a1e8c921b806/5602e223/soft/.../pdfcreator_2-1-1-807_fr_11085.exe

http://lb.cdn.m6web.fr/d/c/a/0e8510b302df7ceda8593e8421bb6418/5618a071/soft/.../pdfcreator_2-1-1-807_fr_11085.exe

https://dw.uptodown.com/dwn/kbpnlxadgKQQNHskpuDgwpKNZYVf2RVfn1QwEN7nDLr7tz9Fb8K-s2MaNT63Nfblbot-Y3cOF0xtQ7rq_FTeRM5aiTU59Gshhz8tItyOFN6wxeurqL3a7ue0jSNLa77G/AXXORCwEryu8m6yQoW0QD6sHwKAQcu8QH_qbDn5TO6XsNHKys0yu2z43bNPCUxd31pzc_4PvWKxLIhiZk6NMeqyDDk3mZbcPQcFaZGhlnn8pxzQ3zYVU62H_S_gH54TI/NiXspjBLLK1jzzPxKfR-TVeUdGd7Z8qpSs1VAamrqT-RniFRUnhSNHWLAGABuC3C4XYB8A8Jyxc5C1EuJSDMGIPSeGSo2lMM8cJlKFe191AMPy0P7eioJBXzfSnUCIV-/.../

http://azure.download.pdfforge.org/pdfcreator/.../PDFCreator-2_1_1-setup.exe

http://lb.cdn.m6web.fr/d/c/a/9d2c277da016c7e72dbc0a9a378e1077/556cb1f2/soft/.../pdfcreator_2-1-1-807_fr_11085.exe

http://lb.cdn.m6web.fr/d/c/a/0994a60889ae7986234fdf7cf0cb7cee/556f8989/soft/.../pdfcreator_2-1-1-807_fr_11085.exe

http://lb.cdn.m6web.fr/d/c/a/6554d606c33435d64a95520fb953ec39/55eaa791/soft/.../pdfcreator_2-1-1-807_fr_11085.exe

http://lb.cdn.m6web.fr/d/c/a/6f9613840a009fda08dff4f3eaffeac8/55f5c1bf/soft/.../pdfcreator_2-1-1-807_fr_11085.exe

http://lb.cdn.m6web.fr/d/c/a/6a1a37c18a72554c83e22d7e4370d24d/55eade80/soft/.../pdfcreator_2-1-1-807_fr_11085.exe

http://lb.cdn.m6web.fr/d/c/a/74a19029388742fa8fb261ae46a30123/55c26b09/soft/.../pdfcreator_2-1-1-807_fr_11085.exe

http://filehippo.com/fr/download/file/.../

http://lb.cdn.m6web.fr/d/c/a/84958e11fc3210e22a8685cdc2d95fdd/560d4276/soft/.../pdfcreator_2-1-1-807_fr_11085.exe

http://lb.cdn.m6web.fr/d/c/a/8860a64e2aaaca244448c6cbd48ce0a2/557f1d42/soft/.../pdfcreator_2-1-1-807_fr_11085.exe

http://lb.cdn.m6web.fr/d/c/a/2aaf5ead12d980caad2ce347e545fc98/556d7e6b/soft/.../pdfcreator_2-1-1-807_fr_11085.exe

http://lb.cdn.m6web.fr/d/c/a/2f6b302a7cd102d899cc4ef43adb14b0/55f3db76/soft/.../pdfcreator_2-1-1-807_fr_11085.exe

http://lb.cdn.m6web.fr/d/c/a/721de97a568442acfc66f507dbd9895a/55f862a1/soft/.../pdfcreator_2-1-1-807_fr_11085.exe

http://ec.ccm2.net/it.ccm.net/download/.../PDFCreator-2_1_1-setup.exe

http://dw.uptodown.com/dl/1432704446/.../pdfcreator-2-1-1-multi-win.exe

http://lb.cdn.m6web.fr/d/c/a/bc6003379d763e0852552f0915ccbcab/55ca6e00/soft/.../pdfcreator_2-1-1-807_fr_11085.exe

http://www.download.fi/.../download.cfm?version_id=98240&software_id=688&mirror_id=0&installer=0&perion=0&air_installer=0

http://lb.cdn.m6web.fr/d/c/a/d486dbf0a1e9b3c6305f24ab5681c105/562fdd3c/soft/.../pdfcreator_2-1-1-807_fr_11085.exe

http://lb.cdn.m6web.fr/d/c/a/41100d399ce1e0d21df4a4f024d74ee4/562dfcb8/soft/.../pdfcreator_2-1-1-807_fr_11085.exe

Latest 30 of 58 download URLs

Remove pdfcreator-2_1_1-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.