» pdflionreader.exe
Overview
Analysis
File Details
Downloads (1)

pdflionreader.exe

PDFLionReader

PDF Lion Reader

The executable pdflionreader.exe, “Setup Launcher Unicode” has been detected as malware by 7 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from i1.superstoragemy.com.

File name:

pdflionreader.exe

Publisher:

PDF Lion Reader

Product:

PDFLionReader

Description:

Setup Launcher Unicode

Version:

1.0

MD5:

a6b28820ce446c97bf2f6227336c702b

SHA-1:

9f73e05645e230da1d55740f842cb4e5dbdb4fb4

Scanner detections:

7 / 68

Status:

Malware

Analysis date:

5/22/2024 3:30:02 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2131994

715

Bitdefender

Trojan.GenericKD.2131994

1.0.20.255

Emsisoft Anti-Malware

Trojan.GenericKD.2131994

8.15.02.20.05

F-Secure

Trojan.GenericKD.2131994

11.2015-20-02_6

G Data

Trojan.GenericKD.2131994

15.2.25

MicroWorld eScan

Trojan.GenericKD.2131994

16.0.0.153

nProtect

Trojan.GenericKD.2131994

15.02.12.01

File size:

2.7 MB (2,849,346 bytes)

Product version:

1.0

Original file name:

InstallShield Setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Local settings\temp\pdflionreader.exe

File PE Metadata

Compilation timestamp:

4/25/2012 6:46:12 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:lGW+n9O5OLieju6EcTW8PEZLoO/wR2sCTVL2d5jNtydF8x/nzasnhuhKBqx:AnA5OLieju63PEZLoCsCxOSyxa08uU

Entry address:

0x6AABB

Entry point:

E8, 6E, 27, 01, 00, E9, 79, FE, FF, FF, 85, C0, 74, 0D, 33, C9, 85, C0, 0F, 9F, C1, 8D, 4C, 09, FF, 8B, C1, C3, 0F, B6, 00, 0F, B6, 09, 2B, C1, 74, 0D, 33, C9, 85, C0, 0F, 9F, C1, 8D, 4C, 09, FF, 8B, C1, C3, 66, 8B, 06, 66, 3B, 01, 74, 35, 0F, B6, 11, 0F, B6, C0, 2B, C2, 74, 11, 33, D2, 85, C0, 0F, 9F, C2, 8D, 54, 12, FF, 8B, C2, 85, C0, 75, 1C, 0F, B6, 46, 01, 0F, B6, 49, 01, 2B, C1, 74, 10, 33, C9, 85, C0, 0F, 9F, C1, 8D, 4C, 09, FF, 8B, C1, C3, 33, C0, C3, 8B, 06, 3B, 01, 74, 6F, 0F, B6, 11, 0F, B6, C0... 
[+]

Entropy:

7.5931

Code size:

697 KB (713,728 bytes)

The file pdflionreader.exe has been seen being distributed by the following URL.

http://i1.superstoragemy.com/.../PDFLionReader.exe

Remove pdflionreader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.