» soda_pdf_3d_reader_installer.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (2)

soda_pdf_3d_reader_installer.exe

Soda PDF 3D Reader Installer

LULU SOFTWARE LIMITED

This is a setup and installation application. This is the uninstaller utility registered in the Windows Control Panel for the program Soda PDF 3D Reader by LULU Software Limited. The file has been seen being downloaded from download3d.sodapdf.com and multiple other hosts.

File name:

Publisher:

LULU SOFTWARE LIMITED (signed and verified)

Product:

Soda PDF 3D Reader Installer

Version:

7.2.3.22591

MD5:

1cb5a492df749ab1979fb8f1fc145658

SHA-1:

a97d0f5a7db432f6980dd326e5719937baabc612

SHA-256:

d6703bf3bbb2071a564bf03109652f7bad2c8ed1449040bd66c68765afce9d88

Scanner detections:

19 / 68

Status:

Clean (19 possible false positive detections)

Analysis date:

4/30/2024 5:28:56 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.12426514

462

Agnitum Outpost

Riskware.Agent

7.1.1

Avira AntiVirus

W32/Neshta.a

7.11.30.172

avast!

Win32:Malware-gen

2014.9-151030

AVG

Worm/Delf

2016.0.2940

Bitdefender

Trojan.Generic.12426514

1.0.20.1515

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Program.Unwanted.919

9.0.1.0303

Emsisoft Anti-Malware

Trojan.Generic.12426514

8.15.10.30.08

ESET NOD32

Win32/InstallIQ (variant)

9.10967

Fortinet FortiGate

Riskware/InstallIQ

10/30/2015

F-Prot

W32/HLLP.41472

v6.4.6.5.141

F-Secure

Trojan.Generic.12426514

11.2015-30-10_6

G Data

Trojan.Generic.12426514

15.10.24

McAfee

Artemis!75ED88F1C57F

5600.6596

MicroWorld eScan

Trojan.Generic.12426514

16.0.0.909

nProtect

Trojan.Generic.12426514

15.01.05.01

Trend Micro House Call

Suspicious_GEN.F47V1218

7.2.303

VIPRE Antivirus

Trojan.Win32.Generic

36400

File size:

5.7 MB (6,003,800 bytes)

Product version:

7.2.3.22591

Original file name:

PDF Installer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\application data\soda pdf 3d reader\installation\soda_pdf_3d_reader_installer.exe

Digital Signature

Signed by:

LULU SOFTWARE LIMITED

Authority:

VeriSign, Inc.

Valid from:

10/20/2014 3:00:00 AM

Valid to:

1/19/2017 1:59:59 AM

Subject:

CN=LULU SOFTWARE LIMITED, O=LULU SOFTWARE LIMITED, L=Ta'Xbiex, S=XBX, C=MT

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0768200E7F5A53461703AE577D989C30

File PE Metadata

Compilation timestamp:

3/24/2015 5:54:23 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:Y0IB0N17mum19KQX6NWCj78tqbsSL2zZ5liEyy2g+tEhXw8cGfLDJQBzDUc:nISjmumrxGWNtq4SoZ8N0Dqzwc

Entry address:

0xAC7590

Entry point:

60, BE, 00, A0, 91, 00, 8D, BE, 00, 70, AE, FF, C7, 87, 30, AE, 51, 00, E1, D6, 36, 0C, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

5.7 MB (5,955,584 bytes)

Program Uninstaller

Program name:

Soda PDF 3D Reader

Display publisher:

LULU Software Limited

Display version:

7.2.3.22591

Uninstall string:

C:\ProgramData\Soda PDF 3D Reader\Installation\Soda_PDF_3D_Reader_Installer.exe /uninstall

The file soda_pdf_3d_reader_installer.exe has been seen being distributed by the following 2 URLs.

http://download3d.sodapdf.com/download.ashx?productcode=sodapdf3D$params=wid=1400&uid=1001962&googleid=default&cmp=direct&key1=default&key2=default&mkey1=reader$thx=$custlog=http://selfserve.upclick.com/index.aspx$support=$uninstall=$dwld=http://download3d.sodapdf.com/.../

http://sodapdf.com/get-free-pdf-reader

Scan soda_pdf_3d_reader_installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.