home

pdfreadersetup.exe

ADLSoft

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application pdfreadersetup.exe by ADLSoft has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
ADLSoft  (signed and verified)

MD5:
897df1197dc30611ad8c0473bded0849

SHA-1:
d5d55ae8ee7a938b829e608a9da38312172c25b4

SHA-256:
47daf1f493120d81e6902a3694f20c20e4667d34d1d3d91bcda744924ae4a615

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Uses the InstallCore download and install manager which may bundle various potentially unwanted software offers during setup.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/24/2024 4:12:24 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/InstallCore.A.564
7.11.157.140

AVG
MalSign.InstallC
2015.0.3280

Dr.Web
Trojan.Packed.24524
9.0.1.05190

ESET NOD32
Win32/InstallCore.JP potentially unwanted application
7.0.302.0

K7 AntiVirus
Adware
13.183.13333

Malwarebytes
PUP.Optional.Adlsoft
v2014.11.24.03

McAfee
CryptInno
5600.6936

NANO AntiVirus
Riskware.Win32.InstallCore.ddoubp
0.28.2.61519

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.ADLSoft.O
14.11.24.15

Sophos
Install Core Click run software
4.98

VIPRE Antivirus
InstallCore.b
28872

Zillya! Antivirus
Trojan.Badur.Win32.4817
2.0.0.1917

File size:
778.3 KB (796,952 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\pdfreadersetup.exe

Digital Signature
Signed by:
ADLSoft

Authority:
Thawte, Inc.

Valid from:
6/21/2012 3:00:00 AM

Valid to:
7/26/2014 2:59:59 AM

Subject:
CN=ADLSoft, O=ADLSoft, L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
1C7950C7BFF384C5ABB93DD694E588E8

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:vjvy5VQW70njOywv43BWtozZpJbn+i/hCqKG92:v7AuW0jOBv43FzZpJZpCq592

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

Remove pdfreadersetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.