home

setup-pdflite-ic-0.6.1.exe

The application setup-pdflite-ic-0.6.1.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from download.pdflite.com.
MD5:
736cd48a61b19aea2d867ebf5e24465e

SHA-1:
991a3310c1c036e20d3fd6070fb1fef837ce7884

SHA-256:
ab7212f8f02b30e674ce4e0800018f44adf16724d730686be60f06e831e6e2f4

Scanner detections:
10 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/18/2024 4:38:36 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.InstallCore
2013.08.29

Avira AntiVirus
ADWARE/InstallCore.Gen
7.11.98.212

AVG
Adware MultiBundle.Y
2015.0.4477

Clam AntiVirus
W32.Adware.InstallCore-1
0.98/21151

Comodo Security
UnclassifiedMalware
16843

Dr.Web
Adware.InstallCore
9.0.1.0345

ESET NOD32
Win32/InstallCore.T potentially unwanted application
7.0.302.0

NANO AntiVirus
Trojan.Win32.WebToolbar.rgwpp
0.26.0.54268

Trend Micro House Call
TROJ_GEN.RC1H1DR
7.2.345

Vba32 AntiVirus
Adware.InstallCore.gen
3.12.22.3

File size:
999.5 KB (1,023,488 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup-pdflite-ic-0.6.1.exe

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:b/nklxDatJDSd1qk4fLUWv199wq83auaelRL5i9eKoiwx05se:b/n6xDatJDpMco5KAiwx053

Entry address:
0xC1F73

Entry point:
55, 8B, EC, 83, C4, F0, B8, 6C, 75, 4E, 00, E8, 6F, DC, FF, FF, 92, 6F, AD, 18, D6, CC, 2D, 3C, AC, 8B, 87, 3B, C4, 92, 55, FC, 22, 0D, AF, 0A, 7A, 73, 57, 05, 00, B6, 8A, 78, E8, 0F, EB, 20, 3A, 1F, 35, FC, A0, 73, 91, D4, 6F, 8E, D6, 00, FE, 07, 04, 96, 05, 6B, B5, 5D, AE, F4, 78, 14, 84, 32, 24, F2, 70, 38, B1, 89, 58, 06, 35, 3F, 3E, 29, E0, 2C, CB, C7, 4A, 12, B3, A3, 54, 9E, 62, C1, 6A, 4A, CF, BA, FE, 78, 80, E8, 6E, A7, FD, FA, C3, E0, 5A, 9F, F6, A9, 78, 40, 9C, 31, 40, 18, 37, 7C, F1, 15, 86, B3...
 
[+]

Entropy:
6.9513

Developed / compiled with:
Microsoft Visual C++

Code size:
787 KB (805,888 bytes)

The file setup-pdflite-ic-0.6.1.exe has been seen being distributed by the following URL.

http://download.pdflite.com/setup-pdflite-ic-0.6.1.exe

Remove setup-pdflite-ic-0.6.1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.