home

pdfunlocker_setup.exe

Fep

Hot

The application pdfunlocker_setup.exe, “Fep Setup ” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Hot

Product:
Fep

Description:
Fep Setup

Version:
2.0.2.7

MD5:
fae6b9e7db8cc17531e7bf3b8c7308f0

SHA-1:
7770f00e5d2b6d7e29129d9857d3811d5c3de74b

SHA-256:
1e9fd0700b0050f5a5f482fc6314dba8dfab904af9109352d8498b4fc793adc2

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
5/8/2024 7:34:06 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.RE11 (M)
16.3.9.1

File size:
1 MB (1,096,886 bytes)

Product version:
3.2

Copyright:
web

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\pdfunlocker_setup.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:plqDXK2qW8Rqx1yviG7o9EVttoyNbvpVER5AAebt5AYzo:pUbH+k1aiP9EVPBv4ALXAYs

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file pdfunlocker_setup.exe has been seen being distributed by the following 5 URLs.

http://in4p.com/red/out.php?to=http://.../?data=E0cQh2ZGtVUStKoe83ZQPbWQhhjp1uHaQZqOVLUw/I3He+VtM/nUSehkQ2lGP0VfhUDSSqiCeA5W4iDl56QF2YpoGKk/aPDKOjOGXYoaA8N/vdocaAJuBWaj0QvvN/facACEp0z+F6RbRjReKcenMwfMx1gfsoG04aI2Fx6muwC6Tc90h+OobeiOXVkE10faVDGOuUuVZQ3YK1s8uDRLqv86AByZ2wtX5mM8emQmaciVLTLHwRqDwBr/YeZ3m+TUKeZ5stFksMzRnY/YPjHu4T4sPcP6P3AF5jMPCfH1UB8NJ8qILKdh/wBjOFuc+daouSOzS7tRNqaNUKD1dPdBXJCMNipYuOQdJbPU+SFgFMLK3Ewrbt+zJwwMqd/3HV0eXBMpJNb3cN+S0HkHGFobGqd61fMQ9WVmKfkNnLKv1r21LZHMKyNHB6GUcLxCRCoOY6APW+tY1L9uj/ea6kp7e2RFa9XySxlb68JlIAOMQ/z2M1JaZD7s3KHckbNffXLKZkCMl70=&key=UNiSX2gZzhR3/kquXif2+DI/F13BY2s1LqbwhI0d7BiFMxxVwJerBH5EoZE+DWzMK5Pte/+3g1c+tk1mtpyvt/daYbZsn3CIWE829ApPqb/2rbMOAJpjDvS0bhHyHu3j2pGTrhaDsE04TIC7kiIrhUHcNj88Iq+XRMk8USOZ18/CmP6BmrKv29ogmXAEfSP0HYqlKjZK6rjZtylJe9U7vVNNYYfrKinm3VeDdv4UvkFTNfyCuGY4H12c8RUvunMgcbKKsLVfWhozbZ9NGBaKnXbmLvqEbhCUVUpMT6FcA7vzqIAakWNnk48yUV7c/Eh/JkmFNV3+6nlCVxV1Nt9

http://in4p.com/red/out.php?to=http://cdn.rsparkcontent.com/?data=E0cQh2ZGtVUStKoe83ZQPbWQhhjp1uHaQZqOVLUw/I3He VtM/nUSehkQ2lGP0VfhUDSSqiCeA5W4iDl56QF2YpoGKk/aPDKOjOGXYoaA8N/vdocaAJuBWaj0QvvN/facACEp0z F6RbRjReKcenMwfMx1gfsoG04aI2Fx6muwC6Tc90h OobeiOXVkE10faVDGOuUuVZQ3YK1s8uDRLqv86AByZ2wtX5mM8emQmaciVLTLHwRqDwBr/YeZ3m TUKeZ5stFksMzRnY/YPjHu4T4sPcP6P3AF5jMPCfH1UB8NJ8qILKdh/wBjOFuc daouSOzS7tRNqaNUKD1dPdBXJCMNipYuOQdJbPU SFgFMLK3Ewrbt zJwwMqd/3HV0eXBMpJNb3cN S0HkHGFobGqd61fMQ9WVmKfkNnLKv1r21LZHMKyNHB6GUcLxCRCoOY6APW tY1L9uj/ea6kp7e2RFa9XySxlb68JlIAOMQ/z2M1JaZD7s3KHckbNffXLKZkCMl70=&key=UNiSX2gZzhR3/kquXif2 DI/F13BY2s1LqbwhI0d7BiFMxxVwJerBH5EoZE DWzMK5Pte/ 3g1c tk1mtpyvt/daYbZsn3CIWE829ApPqb/2rbMOAJpjDvS0bhHyHu3j2pGTrhaDsE04TIC7kiIrhUHcNj88Iq XRMk8USOZ18/CmP6BmrKv29ogmXAEfSP0HYqlKjZK6rjZtylJe9U7vVNNYYfrKinm3VeDdv4UvkFTNfyCuGY4H12c8RUvunMgcbKKsLVfWhozbZ9NGBaKnXbmLvqEbhCUVUpMT6FcA7vzqIAakWNnk48yUV7c/.../JkmFNV3 6nlCVxV1Nt9

http://in4p.com/red/out.php?to=http://cdn.rsparkcontent.com/?data=E0cQh2ZGtVUStKoe83ZQPbWQhhjp1uHaQZqOVLUw/I3He VtM/nUSehkQ2lGP0VfhUDSSqiCeA5W4iDl56QF2YpoGKk/aPDKOjOGXYoaA8N/vdocaAJuBWaj0QvvN/facACEp0z F6RbRjReKcenMwfMx1gfsoG04aI2Fx6muwC6Tc90h OobeiOXVkE10faVDGOuUuVZQ3YK1s8uDRLqv86AByZ2wtX5mM8emQmaciVLTLHwRqDwBr/YeZ3m TUKeZ5stFksMzRnY/YPjHu4T4sPcP6P3AF5jMPCfH1UB8NJ8qILKdh/wBjOFuc daouSOzS7tRNqaNUKD1dPdBXJCMNipYuOQdJbPU SFgFMLK3Ewrbt zJwwMqd/3HV0eXBMpJNb3cN S0HkHGFobGqd61fMQ9WVmKfkNnLKv1r21LZHMKyNHB6GUcLxCRCoOY6APW tY1L9uj/ea6kp7e2RFa9XySxlb68JlIAOMQ/z2M1JaZD7s3KHckbNffXLKZkCMl70=&key=UNiSX2gZzhR3/kquXif2 DI/F13BY2s1LqbwhI0d7BiFMxxVwJerBH5EoZE DWzMK5Pte/ 3g1c tk1mtpyvt/daYbZsn3CIWE829ApPqb/2rbMOAJpjDvS0bhHyHu3j2pGTrhaDsE04TIC7kiIrhUHcNj88Iq XRMk8USOZ18/CmP6BmrKv29ogmXAEfSP0HYqlKjZK6rjZtylJe9U7vVNNYYfrKinm3VeDdv4UvkFTNfyCuGY4H12c8RUvunMgcbKKsLVfWhozbZ9NGBaKnXbmLvqEbhCUVUpMT6FcA7vzqIAakWNnk48yUV7c/.../JkmFNV3 6nlCVxV1Nt9

http://in4p.com/red/out.php?to=http://cdn.rsparkcontent.com/?data=E0cQh2ZGtVUStKoe83ZQPbWQhhjp1uHaQZqOVLUw/I3He VtM/nUSehkQ2lGP0VfhUDSSqiCeA5W4iDl56QF2YpoGKk/aPDKOjOGXYoaA8N/vdocaAJuBWaj0QvvN/facACEp0z F6RbRjReKcenMwfMx1gfsoG04aI2Fx6muwC6Tc90h OobeiOXVkE10faVDGOuUuVZQ3YK1s8uDRLqv86AByZ2wtX5mM8emQmaciVLTLHwRqDwBr/YeZ3m TUKeZ5stFksMzRnY/YPjHu4T4sPcP6P3AF5jMPCfH1UB8NJ8qILKdh/wBjOFuc daouSOzS7tRNqaNUKD1dPdBXJCMNipYuOQdJbPU SFgFMLK3Ewrbt zJwwMqd/3HV0eXBMpJNb3cN S0HkHGFobGqd61fMQ9WVmKfkNnLKv1r21LZHMKyNHB6GUcLxCRCoOY6APW tY1L9uj/ea6kp7e2RFa9XySxlb68JlIAOMQ/z2M1JaZD7s3KHckbNffXLKZkCMl70=&key=UNiSX2gZzhR3/kquXif2 DI/F13BY2s1LqbwhI0d7BiFMxxVwJerBH5EoZE DWzMK5Pte/ 3g1c tk1mtpyvt/daYbZsn3CIWE829ApPqb/2rbMOAJpjDvS0bhHyHu3j2pGTrhaDsE04TIC7kiIrhUHcNj88Iq XRMk8USOZ18/CmP6BmrKv29ogmXAEfSP0HYqlKjZK6rjZtylJe9U7vVNNYYfrKinm3VeDdv4UvkFTNfyCuGY4H12c8RUvunMgcbKKsLVfWhozbZ9NGBaKnXbmLvqEbhCUVUpMT6FcA7vzqIAakWNnk48yUV7c/.../JkmFNV3 6nlCVxV1Nt9

http://in4p.com/red/out.php?to=http://cdn.rsparkcontent.com/?data=E0cQh2ZGtVUStKoe83ZQPbWQhhjp1uHaQZqOVLUw/I3He VtM/nUSehkQ2lGP0VfhUDSSqiCeA5W4iDl56QF2YpoGKk/aPDKOjOGXYoaA8N/vdocaAJuBWaj0QvvN/facACEp0z F6RbRjReKcenMwfMx1gfsoG04aI2Fx6muwC6Tc90h OobeiOXVkE10faVDGOuUuVZQ3YK1s8uDRLqv86AByZ2wtX5mM8emQmaciVLTLHwRqDwBr/YeZ3m TUKeZ5stFksMzRnY/YPjHu4T4sPcP6P3AF5jMPCfH1UB8NJ8qILKdh/wBjOFuc daouSOzS7tRNqaNUKD1dPdBXJCMNipYuOQdJbPU SFgFMLK3Ewrbt zJwwMqd/3HV0eXBMpJNb3cN S0HkHGFobGqd61fMQ9WVmKfkNnLKv1r21LZHMKyNHB6GUcLxCRCoOY6APW tY1L9uj/ea6kp7e2RFa9XySxlb68JlIAOMQ/z2M1JaZD7s3KHckbNffXLKZkCMl70=&key=UNiSX2gZzhR3/kquXif2 DI/F13BY2s1LqbwhI0d7BiFMxxVwJerBH5EoZE DWzMK5Pte/ 3g1c tk1mtpyvt/daYbZsn3CIWE829ApPqb/2rbMOAJpjDvS0bhHyHu3j2pGTrhaDsE04TIC7kiIrhUHcNj88Iq XRMk8USOZ18/CmP6BmrKv29ogmXAEfSP0HYqlKjZK6rjZtylJe9U7vVNNYYfrKinm3VeDdv4UvkFTNfyCuGY4H12c8RUvunMgcbKKsLVfWhozbZ9NGBaKnXbmLvqEbhCUVUpMT6FcA7vzqIAakWNnk48yUV7c/.../JkmFNV3 6nlCVxV1Nt9

Remove pdfunlocker_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.