home

pdfreadersetup.exe

PDF Reader for Windows 10

PDFLogic Corporation

The executable pdfreadersetup.exe, “PDF Reader for Windows 10 Setup ” has been detected as malware by 10 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from pdf-reader-for-windows-10.en.softonic.com.
Publisher:
PDFLogic Corporation

Product:
PDF Reader for Windows 10

Description:
PDF Reader for Windows 10 Setup

Version:
PDF Reader for Windo

MD5:
380c8cb0cb642e69b169bba34409bdd0

SHA-1:
89c317a7f060144508487e528f67b87b5c5fd4d5

SHA-256:
3ae0b53975630897ccb4c13919df3de374ef02044f82c61763d80b75cf1f7c78

Scanner detections:
10 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
5/19/2025 5:35:02 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160214-1

AVG
Win32/Sality
2015.0.4522

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
10.0.0.5366

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Sality.gen2
4.6.5.141

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.6222.0

Norman
Win32.Sality.3
03.02.2016 10:30:35

Sophos
Virus 'Mal/Sality-D'
5.23

File size:
3.6 MB (3,807,460 bytes)

Product version:
PDF Reader for Windo

Copyright:
Copyright © 2005-2015 PDFLogic Corporation

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\pdfreadersetup.exe

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:6anlF9M3/TLOwdAwExaNRx3jtKI7dKjSLt3MPnWm+hXUiaZuBjsIfkW48lmUPKUo:ztG3OwdJEkNR3KIRKotcTSUiausiegJ6

Entry address:
0x9C40

Entry point:
8D, 1D, 46, E0, 71, 1D, 89, DE, BD, BE, D7, 5B, DD, 05, A5, 5A, D3, 57, 0F, B7, F9, 2D, CE, AA, 06, 38, C6, C3, 82, 8A, E8, 10, EE, 51, F2, 49, 80, D4, 69, 4F, FE, C7, C7, C6, 5A, 70, 3A, 6F, E8, 00, 00, 00, 00, 8B, F9, F2, 32, D1, 18, D9, B3, 3E, 0F, B6, FA, 89, D5, 3D, 66, 03, 00, 00, 5A, 71, 02, 31, F7, 19, CF, 12, EC, 88, DF, FE, CB, 8A, CF, 85, FA, 8D, 0D, EE, BC, C4, A7, 2B, F7, 8D, 05, 4A, 6A, BC, 99, 69, D8, 0A, F5, 74, E2, 8D, 05, 7E, 27, 6A, D9, FF, CB, F7, C0, D9, B7, 0B, 99, 50, 78, 03, 80, FC...
 
[+]

Entropy:
7.9980  (probably packed)

Code size:
37 KB (37,888 bytes)

The file pdfreadersetup.exe has been seen being distributed by the following URL.

http://pdf-reader-for-windows-10.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxANmFrgIixlXHsW75KghYmvjrVRoxWOFrb9/uiVpEIjy7IQLsYC3tDmgAaZBlw/CZZS3Wo9tkhMKIp5j7pFbvMWIIafbA55aNd8UKY/Rw/gk6nE/.../I cRe0Oi4Ab0Wbwk=

Remove pdfreadersetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.