home

pdfcreatorsetup.exe

The application pdfcreatorsetup.exe has been detected as a potentially unwanted program by 34 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
MD5:
30d4364d565b6145bbaa5959f731150e

SHA-1:
16d8d2e6ea93aafbfe2df45bd01d398a06a9145b

SHA-256:
ad4ed547b14fa5a3d19bcaaa2c02a64c1506590a41b9744aad7ebbe5991c4655

Scanner detections:
34 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/26/2024 9:21:39 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.62453
928

Agnitum Outpost
Trojan.Adware
7.1.1

AhnLab V3 Security
Adware/Win32.InstallCore
2014.07.22

Avira AntiVirus
Adware/InstallCore.5.41
7.11.30.172

avast!
Win32:InstallCore-HF [PUP]
140617-1

Bitdefender
Gen:Variant.Adware.Graftor.62453
1.0.20.1015

Bkav FE
W32.HfsAutoA
1.3.0.4959

Clam AntiVirus
W32.Adware.InstallCore-1
0.98/19168

Comodo Security
ApplicUnwnt.Win32.AdWare.InstallCore.2
18932

Dr.Web
Adware.InstallCore.53, Adware.InstallCore.43
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.62453
8.14.07.22.04

ESET NOD32
Win32/InstallCore.Q potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/InstallCore.AAAA
7/22/2014

F-Prot
W32/InstallCore.C.gen
4.6.5.141

F-Secure
Gen:Variant.Adware.Graftor.62453
11.2014-22-07_3

G Data
Gen:Variant.Adware.Graftor.62453
14.7.24

K7 AntiVirus
Trojan
13.181.12795

Malwarebytes
PUP.Adware.InstallCore
v2014.07.22.04

MicroWorld eScan
Gen:Variant.Adware.Graftor.62453
15.0.0.609

NANO AntiVirus
Trojan.Win32.WebToolbar.rkdmk
0.28.2.60990

Norman
InstallCore.BD
11.20140815

nProtect
Trojan-Clicker/W32.Graftor.1107336
14.07.21.01

Panda Antivirus
PUP/MultiToolbar.A
14.07.22.04

Qihoo 360 Security
Malware.QVM20.Gen
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.8.15.12

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14720

Sophos
Install Core
4.98

SUPERAntiSpyware
Adware.InstallCore
10469

Total Defense
Win32/InstallCore.A!Adware
37.0.11073

Trend Micro House Call
TROJ_SPNR.0BD314
7.2.203

Trend Micro
TROJ_SPNR.0BD314
10.465.22

Vba32 AntiVirus
Adware.InstallCore.gen
3.12.26.3

VIPRE Antivirus
Threat.4150696
31208

Zillya! Antivirus
Dropper.FrauDrop.Win32.6571
2.0.0.1844

File size:
1.1 MB (1,107,336 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\pdfcreatorsetup.exe

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:WtFLNV+/+iQdy9W3cs9jwv1RuXlCCT0Ulk2m6JuHMfMoh:GLCW3c0j2mkCTfle6JuHMfM

Entry address:
0xC1BFC

Entry point:
55, 8B, EC, 83, C4, F0, B8, 61, 33, 41, 00, E8, E7, E1, FF, FF, D8, 2F, FB, 82, EE, F5, AA, 10, 44, B9, 46, DD, 1B, 54, D0, 65, E3, 01, 2A, 5A, 7D, A4, 69, 16, C4, E7, 55, 8D, D2, A1, 59, ED, 78, 45, BB, 34, A6, 60, E5, 66, FD, 57, 00, 40, A0, D9, 42, 78, F7, D9, A9, F6, 24, F6, F7, 8D, 2D, 98, 34, 25, 3A, 39, 11, 6B, 61, 9D, E3, 5B, D3, ED, 1E, 48, 7B, F0, 70, 3D, 52, ED, 05, D5, F9, DC, 7F, E0, 6A, F5, A6, 73, B7, CD, EF, 41, 4B, 86, 4B, 5E, 03, BF, EC, B9, 21, 5A, E6, FB, 00, 33, DE, 98, E0, 66, 2B, 34...
 
[+]

Entropy:
6.8240

Developed / compiled with:
Microsoft Visual C++

Code size:
787 KB (805,888 bytes)

Remove pdfcreatorsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.