» pdfcreatorsetup.exe
Overview
Analysis
File Details

pdfcreatorsetup.exe

IronSource Ltd

The application pdfcreatorsetup.exe by IronSource has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

pdfcreatorsetup.exe

Publisher:

IronSource Ltd (signed and verified)

MD5:

9f30ce04a8af41147edaf3c86d56a843

SHA-1:

c0525b94d82b76429e0d95651bc68465b46e6397

SHA-256:

0caf51d86ad669ccfc62084d4b5aee83bfe8128b756e025acd2726ea190381a4

Scanner detections:

8 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/19/2024 10:40:09 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:InstallCore-HF [PUP]

160126-1

AVG

Adware InstallCore.AXB

2015.0.4522

Dr.Web

Adware.InstallCore.30

9.0.1.05190

ESET NOD32

Win32/InstallCore.H potentially unwanted application

7.0.302.0

F-Prot

W32/InstallCore.B.gen

4.6.5.141

Norman

Adware.Generic.1056921

03.12.2014 13:20:04

Reason Heuristics

PUP.ironSource.Installer (M)

16.2.15.1

VIPRE Antivirus

Threat.4150696

46800

File size:

538.4 KB (551,304 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\pdfcreatorsetup.exe

Digital Signature

Signed by:

IronSource Ltd

Authority:

COMODO CA Limited

Valid from:

11/8/2011 12:00:00 AM

Valid to:

11/7/2012 11:59:59 PM

Subject:

CN=IronSource Ltd, O=IronSource Ltd, STREET=Namal 36 suit 1, L=Tel Aviv-Yafo, S=IL, PostalCode=68033, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

008E236034501AEA96AE96F0B0FD227271

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:cM4vdq1kwjdewDd9TLCsbPt1a8GRJw2CitUrmG9VR:8vdqawrDdlWcPt1a8Gzw3itwR

Entry address:

0x1000

Entry point:

B8, 00, B6, 51, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, E1, E6, 65, C1, 3A, F6, 83, 47, F1, 13, 84, EB, 86, C5, B7, 03, 04, AC, 84, C9, 50, 02, 0B, 36, B6, 07, 56, 0D, CA, 70, 14, C6, 31, EF, 58, 5C, 48, B0, D1, 15, 9B, D4, 11, B3, FB, 19, 9B, A5, 2C, 65, D5, 6D, 64, E0, A7, 8F, B9, 04, 1B, 18, E2, DA, 28, EC, EA, 44, 77, 5B, 66, 72, 3D, E4, 8D, F7, AF, 1A, 37, AB, 8C, F5, 55, A9, 8A, 15, 91, BF, 0E, AA, BE, 7A, DF, 7B, 8A... 
[+]

Packer / compiler:

PECompact v2

Code size:

783.5 KB (802,304 bytes)

Remove pdfcreatorsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.