home

pdfreadersetup.exe

JumpyApps

The file is a bundle distribution and utilizes the installCore download manager to distribute this potentially unwanted software. The application pdfreadersetup.exe by JumpyApps has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
JumpyApps  (signed and verified)

MD5:
bfdf2a9bd1aa1515a2b80958cefe9e7d

SHA-1:
08098abdd8752d30f0fd88bacb592a9db2490598

SHA-256:
4956d0a6cbad9381a98ed1017873e5ea3993edcd1f740d706cd66827cdef9650

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/19/2024 8:48:22 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

AVG
Adware InstallCore
2016.0.2948

Dr.Web
Trojan.Packed.24814
9.0.1.0296

ESET NOD32
Win32/InstallCore.IU potentially unwanted application
9.7.0.302.0

herdProtect (fuzzy)
variant of icreinstall_pdfreadersetup.exe (Adware)
2015.10.23.6

K7 AntiVirus
Trojan
13.1712358

NANO AntiVirus
Trojan.Win32.DP.cydaah
0.28.0.60253

Reason Heuristics
PUP.installCore.JumpyApps.Installer (M)
15.8.26.17

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.151021

Sophos
Install Core Click run software
4.98

VIPRE Antivirus
Threat.4786018
30086

File size:
1.3 MB (1,315,784 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Common path:
C:\users\{user}\downloads\pdfreadersetup.exe

Digital Signature
Signed by:
JumpyApps

Authority:
COMODO CA Limited

Valid from:
2/17/2013 7:00:00 PM

Valid to:
2/18/2014 6:59:59 PM

Subject:
CN=JumpyApps, O=JumpyApps, STREET=63 Rothschild Blvd., L=Tel Aviv, S=NA, PostalCode=65785, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6DB423F9C6473168CF486AAF112EDD5C

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:kyS/EevNAchU+JrpbCI6BW0+s/xSjAO/mQtwZcA1RQ62uSRNDcSy7/:3wN1pbv/AO/mQiZcA12lRDcT7/

Entry address:
0xBAB4

Entry point:
55, 8B, EC, 83, C4, F4, B8, 54, BA, 40, 00, E8, 70, 96, FF, FF, 68, E0, BA, 40, 00, E8, 72, 97, FF, FF, 68, E0, BA, 40, 00, 6A, 00, E8, 3E, 97, FF, FF, E8, 8D, 75, FF, FF, 00, 64, 73, 61, 64, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
43 KB (44,032 bytes)

Remove pdfreadersetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.