home

soda_pdf_3d_reader_installer.exe

Soda PDF 3D Reader Installer

LULU SOFTWARE LIMITED

The application soda_pdf_3d_reader_installer.exe by LULU SOFTWARE LIMITED has been detected as a potentially unwanted program by 10 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program Soda PDF 3D Reader by LULU Software Limited. The file has been seen being downloaded from download3d.sodapdf.com and multiple other hosts.
Publisher:
LULU SOFTWARE LIMITED  (signed and verified)

Product:
Soda PDF 3D Reader Installer

Version:
6.0.22.17373

MD5:
ccc44ebc12f79dc451f6099bd5d20497

SHA-1:
ed55927a4d240b73dc8bd8daf13193bf4a72b5e5

SHA-256:
e89de715882108298f77055e69b84729ecc7337949e88aeb19ad0856fcfd3a55

Scanner detections:
10 / 68

Status:
Clean  (10 possible false positive detections)

Explanation:
Uses the InstallIQ (by InstallX) software bundler that may include toolbars and other browser extensions offers.

Analysis date:
4/30/2024 3:51:00 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11647071
854

avast!
Win32:Malware-gen
140813-1

Bitdefender
Trojan.Generic.11647071
1.0.20.1385

Emsisoft Anti-Malware
Trojan.Generic.11647071
8.14.10.04.05

ESET NOD32
Win32/InstallIQ.A potentially unwanted application
7.0.302.0

F-Secure
Trojan.Generic.11647071
11.2014-04-10_7

G Data
Win32.Trojan.Agent.RMVQM3
14.8.24

McAfee
Artemis!CCC44EBC12F7
5600.6988

nProtect
Trojan.Generic.11647071
14.09.19.01

Trend Micro House Call
Suspicious_GEN.F47V0711
7.2.229

File size:
6.2 MB (6,452,872 bytes)

Product version:
6.0.22.17373

Copyright:
© "LULU Software Limited" 2010-2013. All rights reserved.

Original file name:
PDF Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\soda pdf 3d reader\installation\soda_pdf_3d_reader_installer.exe

Digital Signature
Signed by:
LULU SOFTWARE LIMITED

Authority:
VeriSign, Inc.

Valid from:
12/11/2012 1:00:00 AM

Valid to:
12/12/2014 12:59:59 AM

Subject:
CN=LULU SOFTWARE LIMITED, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=LULU SOFTWARE LIMITED, L=Ta'Xbiex, S=XBX, C=MT

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
24FE117F25418BBA37C999FEF144C83A

File PE Metadata
Compilation timestamp:
6/17/2014 5:30:44 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:Wqnyr7sRD9vO6ghXNKtQO4vg/BHMORpPbx1AHo:cSg6ghXw59xMOdSo

Entry address:
0xB61090

Entry point:
60, BE, 00, 50, 94, 00, 8D, BE, 00, C0, AB, FF, C7, 87, 3C, 52, 56, 00, E8, 96, 39, EA, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB...
 
[+]

Entropy:
7.7921

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
6.1 MB (6,410,240 bytes)

Program Uninstaller
Program name:
Soda PDF 3D Reader

Display publisher:
LULU Software Limited

Display version:
6.0.22.17373

Uninstall string:
C:\ProgramData\Soda PDF 3D Reader\Installation\Soda_PDF_3D_Reader_Installer.exe /uninstall


The file soda_pdf_3d_reader_installer.exe has been seen being distributed by the following 2 URLs.

http://download3d.sodapdf.com/download.ashx?productcode=sodapdf3D$params=uid=1001962&cmp=shell&mkey1=reader&mkey2=sodapdf.com/file-extension-cbr-cbz&key1=default&key2=default&keyb=default&partner=file_x_cbr_cbz_en$dwld=http://download3d.sodapdf.com/.../

http://sodapdf.com/.../download.aspx

Remove soda_pdf_3d_reader_installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.