» settings.dll
Overview
Analysis
File Details

settings.dll

PDF24 Creator

Geek Software GmbH

The library settings.dll has been detected as malware by 3 anti-virus scanners.

File name:

settings.dll

Publisher:

Geek Software GmbH (signed and verified)

Product:

PDF24 Creator

Version:

3.0.0

MD5:

63e8b1ed9791c4330f0545b3977d1ff6

SHA-1:

f2c40e627bafffe9ac5bc598db24bc16cdd660e6

SHA-256:

4ae68055f97326aca54bad8f6509fc4fdc33677e5f21587600e2db3fa6875e11

Scanner detections:

3 / 68

Status:

Malware

Analysis date:

4/25/2024 3:07:52 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Win32/Floxif.A

2013.0.4477

ESET NOD32

Win32/Floxif.H virus

6.3.12010.0

F-Prot

W32/Floxif.B

4.6.5.141

File size:

194.3 KB (198,991 bytes)

Product version:

3.0.0

Geek Software GmbH

File type:

Dynamic link library (Win32 DLL)

Language:

German (Germany)

Common path:

C:\Program Files\pdf24\settings.dll

Digital Signature

Signed by:

Geek Software GmbH

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

6/30/2010 6:00:00 AM

Valid to:

9/3/2011 5:59:59 AM

Subject:

CN=Geek Software GmbH, OU=Secure Application Development, O=Geek Software GmbH, L=Berlin, S=Berlin, C=DE

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

473BA65D18251D4C8A6106F248F2C8B5

File PE Metadata

Compilation timestamp:

4/28/2011 1:45:42 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:XIR3IbVD46BFJ/FnaPBV+UdvrEFp7hKLbA:XIR3U46BFJRaPBjvrEH7KbA

Entry address:

0x8D85

Entry point:

E9, F1, BD, FF, FF, 83, 7D, 0C, 01, 75, 05, E8, 2F, 3D, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 83, 7D, 0C, 00, 74, 0B, 6A, 2D, 5A, 66, 89, 11, 83, C1, 02, F7, D8, 56, 8B, F1, 33, D2, F7, 75, 08, 83, FA, 09, 76, 05, 83, C2, 57, EB, 03, 83, C2, 30, 66, 89, 11, 83, C1, 02, 85, C0, 75, E4, 66, 89, 01, 83, E9, 02, 0F, B7, 01, 66, 8B, 16, 66, 89, 11, 66, 89, 06, 83, E9, 02, 83, C6, 02, 3B, F1, 72, EA, 5E, 5D, C2, 08, 00, 8B, FF, 55, 8B, EC, 83, 7D... 
[+]

Entropy:

7.1478

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

74 KB (75,776 bytes)

Remove settings.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.