» pdfcreatorsetup.exe
Overview
Analysis
File Details
Downloads (1)

pdfcreatorsetup.exe

The application pdfcreatorsetup.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.coolpdfcreator.com.

File name:

pdfcreatorsetup.exe

MD5:

937ffa8c255d1eb7a5be6bf8d1058472

SHA-1:

9c3b564731758f9324e3c7cfc5a8fd9cde5631a9

SHA-256:

2b2de4f18a3e9053aac9fc043d4122fa26d55c6f0d0694f48ac56b3566174779

Scanner detections:

14 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/24/2024 2:52:41 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Adware.InstallCore

7.1.1

Avira AntiVirus

ADWARE/InstallCore.Gen

7.11.153.232

AVG

Adware InstallCore.KC

2014.0.3955

Bkav FE

HW32.Laneul

1.3.0.4959

Comodo Security

ApplicUnwnt.Win32.AdWare.InstallCore.3

18479

Dr.Web

Adware.InstallCore.53

9.0.1.05190

ESET NOD32

Win32/InstallCore.AF potentially unwanted application

7.0.302.0

F-Prot

W32/InstallCore.V2.gen

4.6.5.141

NANO AntiVirus

Trojan.Win32.InstallCore.crmllj

0.28.0.60100

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.14606

Sophos

Install Core

4.98

Trend Micro House Call

HV_INSTALLCORE_CA080344.TOMC

7.2.159

Vba32 AntiVirus

BScope.Malware-Cryptor.InstallCore.2691

3.12.26.0

VIPRE Antivirus

Threat.4786018

30086

File size:

1015.3 KB (1,039,632 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Documents and Settings\{user}\My documents\downloads\pdfcreatorsetup.exe

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:tkAor8GadpQO6HmtWsSvBoSDNF1qN2sEVLwbkeWd3V5oVq+RUy1:tk5IGR+9SlByNywbkeWd3Uwa

Entry address:

0xC2440

Entry point:

55, 8B, EC, 83, C4, F0, B8, 2C, 09, 42, 00, E8, 25, D7, FF, FF, 00, 00, E9, F5, 00, 00, 00, FF, 0D, B0, 45, 46, 00, 8B, C3, 25, FC, FF, FF, 7F, 83, E8, 04, 29, 05, B4, 45, 46, 00, F6, C3, 01, 74, 45, 8B, C6, 83, E8, 0C, 8B, 50, 08, 83, FA, 0C, 7C, 08, F7, C2, 03, 00, 00, 80, 74, 0F, C7, 05, C0, 45, 46, 00, 0A, 00, 00, 00, E9, B6, 00, 00, 00, 8B, C6, 2B, C2, 3B, 50, 08, 74, 0F, C7, 05, C0, 45, 46, 00, 0A, 00, 00, 00, E9, 9E, 00, 00, 00, 03, DA, 8B, F0, E8, 54, F8, FF, FF, 81, E3, FC, FF, FF, 7F, 8B, C6, 03... 
[+]

Entropy:

6.9119

Developed / compiled with:

Microsoft Visual C++

Code size:

788 KB (806,912 bytes)

The file pdfcreatorsetup.exe has been seen being distributed by the following URL.

http://www.coolpdfcreator.com/default/ga/.../?dl=1

Remove pdfcreatorsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.