» pdferaser.exe
Overview
Analysis
File Details
Downloads (16)

pdferaser.exe

PDF Eraser

Xi’an Zhihengyinwu Co., Ltd

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.

File name:

pdferaser.exe

Publisher:

http://www.PDFEraser.net (signed by Xi’an Zhihengyinwu Co., Ltd)

Product:

PDF Eraser

Description:

PDF Eraser Setup

Version:

1.0.3

MD5:

7d89a9f026d546541922b4d858264a3b

SHA-1:

575ba714bf14fdd5f701b863578f313e7bbac0b3

SHA-256:

13764ae98a7749f542335a221c2879dbb58628ee52cbc6b8cb05e16fbf3ee170

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/24/2024 4:22:41 PM UTC (today)

File size:

27.8 MB (29,131,416 bytes)

Product version:

1.0.3

http://www.PDFEraser.net

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\pdferaser.exe

Digital Signature

Signed by:

Xi’an Zhihengyinwu Co., Ltd

Authority:

Thawte, Inc.

Valid from:

9/30/2012 5:00:00 PM

Valid to:

10/1/2014 4:59:59 PM

Subject:

CN="Xi’an Zhihengyinwu Co., Ltd", O="Xi’an Zhihengyinwu Co., Ltd", L=Xi’an, S=shaanxi, C=CN

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7A32A2B6AAE468F04DDA0C777E497BD2

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

786432:Sp8ieX4aH82jihklV6TdZCvg0h/ZlC3vh+:JB4aHhlVuCvhlC3Z+

Entry address:

0x9B60

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 66, 95, FF, FF, E8, 6D, A7, FF, FF, E8, 98, C9, FF, FF, E8, DF, C9, FF, FF, E8, 0E, F3, FF, FF, E8, 75, F4, FF, FF, 33, C0, 55, 68, 17, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, E0, A1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 02, FA, FF, FF, 8D, 55, F0, 33, C0, E8, C8, CF, FF, FF, 8B, 55, F0, B8, F0, CD, 40, 00, E8, 17, 96, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, F0, CD, 40, 00, B2, 01, B8... 
[+]

Entropy:

7.9989

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file pdferaser.exe has been seen being distributed by the following 16 URLs.

http://gsf-cf.softonic.com/575/ba7/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69682012&instance=softonic_en&type=PROGRAM&Expires=1471939982&Signature=VkUiA99TYDn8kTMfjbSkwhpkKxK6bxXxrsswhZATDUtdfMAo~2fuRiQhLQ13GhUwrl2-Cga8rBiTav8SSxPY04UjnJazcpL~3lD6R8S0SY~8rBi77Lt9iXZXI-vlfQv5EYypCXhaqndjcdLNBCAtK2DkfBvHd9p0mTmpLff8dG8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=pdferaser.exe

http://gsf-cf.softonic.com/575/ba7/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69682012&instance=softonic_en&type=PROGRAM&Expires=1478248719&Signature=gAur38zpYWQOaHKa3M3DGA9bCuNy9dn2EPI3NfUj-7DO4jktD7-xfwd7H7kpMdtrh5o4ESTldfUgKaW6hHdAMiQwmCgysKwLJ4pTMOEteEp1Doi7UQ4AQ4CpWMDUHqISaJWaTL30QHGaM6IGB2a~7smTs1i4fHOJ06CxgbHeHdA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=pdferaser.exe

http://gsf-cf.softonic.com/575/ba7/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69682012&instance=softonic_es&type=PROGRAM&Expires=1480646667&Signature=EfCAvPbF9uGXaCDI8lGBgZlE9hiceayLPXKf6pqybCjEt6WWFUDy2DYUSaV-0dY5CtcD4g9LS4iwiM~zjU0TNyDFJwjyZvOJK~AYoDmDyEXQpwFrPcesE8GQEIYjGQNhyalEgxAqdeQBQRSaQAg7aHyHgffgurmNxw2Y4lv8f3c_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=pdferaser.exe

http://gsf-cf.softonic.com/575/ba7/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69682012&instance=softonic_en&type=PROGRAM&Expires=1476954481&Signature=iYBfGhBYzKfstnxiJYbs1fCPT8dWPA2958dxLxl1LQWHjLbCd-2lTiA0cFwBnPGQnXyU6Bs2JCWWMbcl7jJ1CYvGegVlH5twpKtPf6O0QtUDlz5AwnA7QWHzbx8Sg-jfgsm2wTAZAXkl10~to1afglRdXngSIA50-iWbGqgQuIM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=pdferaser.exe

http://gsf-cf.softonic.com/575/ba7/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69682012&instance=softonic_en&type=PROGRAM&Expires=1446964170&Signature=BN48OtG~bqv9ZPMgceXlN~mzTNZ33nfxFfADVV6kZMZD1nuffItFDbXJM8CFliCUfU6ujHjcQWLSyU-tzZIn4MbTe~qeWqZZDcXOLATVWt7cLcdRgNxrkwR2bl~rraXDowSYhssFfQ6Y7INzu071j1AWz4LJoQw1myueLfPt7xY_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=pdferaser.exe

http://gsf-cf.softonic.com/575/ba7/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69682012&instance=softonic_en&type=PROGRAM&Expires=1480983168&Signature=TXiy8psPisBDZllveMkxx6lJW1S4kiCfND3ZdQBx5Zq9dPuBzCsbzCQb4TGU~zZLkgy1AWLydajbMt1U-rCVdX2uEv-fI3nRpMF8XcaBEejmT3rH7I7x7fKCT92P~3i6zGxA4j6HFHxiy~KULHS-TQjl-aP5J7F1eLTIyFr55Fo_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=pdferaser.exe

http://gsf-cf.softonic.com/575/ba7/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69682012&instance=softonic_en&type=PROGRAM&Expires=1476569425&Signature=DvnAxnvUOWb9rCHj~cvFcG8V4OJ75bjDv-kMaVIGizCevnfhgtRuPX~kr6qsfOaUgfKaSDkMx2VIQJdTHk9RmWvyJqcCG5GDs9SYCJJHyw3dGsgeSymjjFWLrTLMQn~J0GWHfm-kuCby5Xg0PWoxaiNlV--yPUq0FsGAoyA8XvA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=pdferaser.exe

http://gsf-cf.softonic.com/575/ba7/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69682012&instance=softonic_en&type=PROGRAM&Expires=1477547118&Signature=DXoOLp8qCjWdLSQ2XM4hrN6n1fd9epJwCHxUxCNECrmAEr-ppoQcNfFSi0ejWe~WtALYNK75e~-gx~bB5gnOIAiJCDmWC1WgvnqEG7bSMR9nUNjxWHpO0~v6gBcCBO6N-zhhbeSlEX9D-J1vY21wzYf0uQ60h2NHibiQpHNvtb8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=pdferaser.exe

http://gsf-cf.softonic.com/575/ba7/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69682012&instance=softonic_en&type=PROGRAM&Expires=1432698877&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=DGcQhT2Ce1i9m2bUTXEqMRyt0FDxb2B8R7evZ2tFyoQekF2PfQJaVViZcEkVHepHSiAB3jTtBZsDnY-1bMf43oztyDPsYyN9nk6hPnbvaVr8xgISe3urfQrjEppqExtWvbNWBiMTVEU99eStXuD-rVymP2kDo8jYyRfPQ0~2qHQ_&filename=pdferaser.exe

http://gsf-cf.softonic.com/575/ba7/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69682012&instance=softonic_en&type=PROGRAM&Expires=1466358919&Signature=UFZ5ad8IL77S8~t3Xxf~CdQxB2TbEtN9bH-oBQjp-hkaWmQiydGdRELE0x4dF1SyUxZvknGdhi4J5FkqFepmyN7GgkfQElhRXSwiuYlKLtMKxzUZZqq1T3QtM4jGgVpKt4vd4MbAD2WpEMqsbUXPy2xBOYnzZzlmHwWMZ~8C5AU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=pdferaser.exe

http://gsf-cf.softonic.com/575/ba7/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69682012&instance=softonic_es&type=PROGRAM&Expires=1447218884&Signature=WrVYppqwjclK5-kqtCw7b7K0K7I2PeECrd7YSrVdoAJf7nB5wx0M-5Azlq5TxyLO2ASZyTspMNIHBpNbSwrN-QQpI8VudrgGboSK6Lkx75089c0HTZCAFCc2b-lvfNwOjfa5efjUYeXjJIoguLLdn6nL5MjhOmYawMsaNXpYMeQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=pdferaser.exe

http://gsf-cf.softonic.com/575/ba7/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69682012&instance=softonic_en&type=PROGRAM&Expires=1462900857&Signature=AuH9rzs~TvoGd~qXbTrQJE7vKhJg0rrHIiAqP5JJ-mPLUnhkDYsdmDc5A3g04BUn7PvK1RYyibWPmkYd-S5KRCvtL~OoMHchBZVOpW7lIXPnY0tVAu5covgnZ~sTtdbyZ5lzXCtH-CU9R1lNVlS9XqeIzfxLEh1p26~-xTGhKFk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=pdferaser.exe

http://gsf-cf.softonic.com/575/ba7/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69682012&instance=softonic_es&type=PROGRAM&Expires=1465990461&Signature=ClKH~nyNCuOhROLr3BssVjimf6BHtGe0U4Ruavf6V27Mg-xx6pssagSkc3iZtdSGpFwqPM6tTJ286OBul5DJm-xMO9LBNLffKSJsiqYYVZ3iS0Yrx1L~XE3cv5pU0njADx6De2SC8-QjnB~BC-arJBdnoYDv3rB15q3bDoG1EZI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=pdferaser.exe

http://gsf-cf.softonic.com/575/ba7/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69682012&instance=softonic_en&type=PROGRAM&Expires=1432250673&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=BJf8H-dG2hL-CqMAZ6qmirIye7KyuJT6rfk5X5qoe7uP0tMGdDv-~PFj4AIh02aI39RCMcZSXo6~f-4C3ku283QAW3nMQGEAW4PdydfzgwHgMKA5vqsgYxQG~vRm4o4qwvQnOHD~Lee~z2RE30j6X4iHtTNoJZa~ya0KJFQCAJo_&filename=pdferaser.exe

http://www.pdferaser.net/.../pdferaser.exe

http://gsf-cf.softonic.com/575/ba7/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69682012&instance=softonic_es&type=PROGRAM&Expires=1437791084&Signature=fmpPTP7lAGkSNDO0~2Rbkw4PbnCplwphgPcPD2GDRZEQnHbzE4KYbv9S4wHqBCY0Lz8Ut1TQHmqyMVP455Zu0ev-YeFXJxc55BsmpHnKiPac-nHCB1jgxbYeSSWxf0nZF3Gy0nLGVmGhkKlHgFWyfjzoVHldRgn6cLypHu91BiU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=pdferaser.exe

Scan pdferaser.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.