home

pdfgrabber_setup_32bit_fra.exe

NextInteractiveMedia

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application pdfgrabber_setup_32bit_fra.exe by NextInteractiveMedia has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
NextInteractiveMedia  (signed and verified)

MD5:
40bdfed1a4c62a6ec9fee00ab8a26004

SHA-1:
ec8ed1cb77e9c12b8b0246d899c76f921c128ed3

SHA-256:
8447cd86b2bf50a361ec0cd398eeb7ee5c89758a11fceec978fa856f7a10bf0d

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/18/2024 12:37:19 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
ADWARE/InstallCore.Gen7
7.11.206.64

AVG
Adware Generic5.AOQM
2014.0.4257

Comodo Security
Application.Win32.InstallCore.TBFG
20910

Dr.Web
Trojan.Packed.25266
9.0.1.05190

ESET NOD32
Win32/InstallCore.JE.gen potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/InstallCore
1/31/2015

F-Prot
W32/A-dbe1ec51
v6.4.7.1.166

G Data
Win32.Application.InstallCore.CZ
15.1.25

IKARUS anti.virus
Backdoor.Hupigon
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.193.14818

Malwarebytes
PUP.Optional.InstallCore.A
v2015.01.31.08

NANO AntiVirus
Riskware.Win32.InstallCore.dmkfmx
0.30.0.65070

Norman
Kryptik.CDMO
11.20150131

Reason Heuristics
PUP.Installer.NextInteractiveMedia
15.1.31.8

Sophos
PUA 'Install Core Click run software'
5.09

Vba32 AntiVirus
Downware.InstallCore
3.12.26.3

VIPRE Antivirus
Threat.5063361
36694

Zillya! Antivirus
Trojan.Injected.Win32.29
2.0.0.2049

File size:
598.7 KB (613,040 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\pdfgrabber_setup_32bit_fra.exe

Digital Signature
Signed by:
NextInteractiveMedia

Authority:
COMODO CA Limited

Valid from:
1/13/2014 1:00:00 AM

Valid to:
1/14/2015 12:59:59 AM

Subject:
CN=NextInteractiveMedia, O=NextInteractiveMedia, STREET=12 rue d Oradour sur Glane, L=PARIS, S=IDF, PostalCode=75015, C=FR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7BE20DA80D4D2D5DC477076191A6D03A

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:WQFagg7lePHhxOnqtsqB8asBqttBD1jSaDy5cAjqy5jRC8vn+D78FOW:WQFNgoPzJpB8asYt9R92KEa8f+0

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

Remove pdfgrabber_setup_32bit_fra.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.