home

setup-pdflite-ic-0.6.exe

IronSource Ltd

The application setup-pdflite-ic-0.6.exe by IronSource has been detected as a potentially unwanted program by 16 anti-malware scanners. This is a setup program which is used to install the application. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from download.pdflite.com.
Publisher:
IronSource Ltd  (signed and verified)

MD5:
120df9e3bdae078e8f5a215951d40c0c

SHA-1:
834bd309484c42dff7335104d20361ddaa5f8a8f

SHA-256:
09cd09ccf8887d15da3649598396ccb28eb1e0642814f336cec246ce6ff6bb6d

Scanner detections:
16 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/16/2024 9:46:40 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/InstallCore.Gen
7.11.122.154

avast!
Win32:InstallCore-HF [PUP]
2014.9-140718

Baidu Antivirus
Trojan.Win32.Agent
4.0.3.14718

Comodo Security
ApplicUnwnt.Win32.AdWare.InstallCore.1
17513

Dr.Web
Adware.InstallCore.58
9.0.1.0199

ESET NOD32
Win32/InstallCore.BP (variant)
8.9190

Fortinet FortiGate
Riskware/InstallCore.AAAA
7/18/2014

McAfee
RDN/Generic PUP.x!bfx
5600.7066

Norman
InstallCore.BD
11.20140718

Reason Heuristics
PUP.Installer.IronSource.T
14.8.7.20

Rising Antivirus
PE:AdWare.Win32.InstallCore.i!1075350952
23.00.65.14716

Total Defense
Win32/InstallCore!Adware
37.0.10498

Trend Micro House Call
TROJ_SPNR.02G813
7.2.199

Trend Micro
TROJ_SPNR.02G813
10.465.18

Vba32 AntiVirus
BScope.Malware-Cryptor.Sinba.A
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
24844

File size:
499.9 KB (511,880 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup-pdflite-ic-0.6.exe

Digital Signature
Signed by:
IronSource Ltd

Authority:
COMODO CA Limited

Valid from:
11/8/2011 12:00:00 AM

Valid to:
11/7/2012 11:59:59 PM

Subject:
CN=IronSource Ltd, O=IronSource Ltd, STREET=Namal 36 suit 1, L=Tel Aviv-Yafo, S=IL, PostalCode=68033, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
008E236034501AEA96AE96F0B0FD227271

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:zqNHJk/cJqIVThxCjKdaXTouD0q3Tlzpm8GjAgTdLGB:zqNHJhIIVTh0jOXU0KNpZGjAgBGB

Entry address:
0x106AD0

Entry point:
60, BE, 00, 00, 49, 00, 8D, BE, 00, 10, F7, FF, C7, 87, 10, D7, 0C, 00, 52, 82, BE, 2C, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Entropy:
7.9069

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
476 KB (487,424 bytes)

The file setup-pdflite-ic-0.6.exe has been seen being distributed by the following URL.

http://download.pdflite.com/setup-pdflite-ic-0.6.exe

Remove setup-pdflite-ic-0.6.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.