home

sonicpdfcreator2.0link.txt.exe

Sergey Petrov

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application sonicpdfcreator2.0link.txt.exe by Sergey Petrov has been detected as adware by 27 anti-malware scanners. This is a setup program which is used to install the application. It uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme.
Publisher:
Sergey Petrov  (signed and verified)

MD5:
3ea3da69cec21bc1d21bbd8755a2fe97

SHA-1:
238377d584d7b9f485f9b101cee27f88d0a52976

SHA-256:
f9def50cf4a33f69fe5a7071d39662f649eb2436684bb5761e55f7a070700dee

Scanner detections:
27 / 68

Status:
Adware

Explanation:
Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.

Analysis date:
4/16/2024 8:54:52 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.139281
993

Agnitum Outpost
PUA.MultiPlug
7.1.1

AhnLab V3 Security
PUP/Win32.InstallRex
14.05.17

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.150.60

avast!
Win32:InstalleRex-BI [PUP]
140516-1

AVG
Generic_r.HY
2014.0.3950

Bitdefender
Gen:Variant.Adware.Dropper.101
1.0.20.685

Bkav FE
W32.MultiPlugAZ.Adware
1.3.0.4959

Comodo Security
Application.Win32.Multiplug.R
18286

Dr.Web
Trojan.Crossrider.7187
9.0.1.0137

Emsisoft Anti-Malware
Gen:Variant.Adware.Dropper.101
8.14.05.17.05

ESET NOD32
Win32/AdWare.MultiPlug (variant)
8.9814

F-Prot
W32/MultiPlug.C.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Dropper.101
11.2014-17-05_7

G Data
Gen:Variant.Adware.Dropper.101
14.5.24

IKARUS anti.virus
PUP.Downloader
t3scan.1.6.1.0

K7 AntiVirus
Adware
13.177.12109

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Agent
14.0.0.3851

Malwarebytes
PUP.Optional.MultiPlug.A
v2014.05.17.05

McAfee
PUP-FID!3EA3DA69CEC2
5600.7127

MicroWorld eScan
Gen:Variant.Adware.Dropper.101
15.0.0.411

NANO AntiVirus
Riskware.Win32.MultiPlug.cvshxw
0.28.0.59911

Panda Antivirus
PUP/TSUploader
14.05.17.05

Reason Heuristics
PUP.SergeyPetrov.Y
14.5.17.15

Rising Antivirus
PE:Malware.MultiPlug!6.13CF
23.00.65.14515

Sophos
InstallRex
4.98

VIPRE Antivirus
Installerex/WebPick
29314

File size:
683.9 KB (700,344 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\sonicpdfcreator2.0link.txt.exe

Digital Signature
Signed by:
Sergey Petrov

Authority:
COMODO CA Limited

Valid from:
8/21/2013 1:00:00 AM

Valid to:
8/22/2014 12:59:59 AM

Subject:
CN=Sergey Petrov, O=Sergey Petrov, STREET=Gaydara 13, L=Kyev, S=Kyev, PostalCode=01033, C=UA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0AD084E865D27CD546D21DB6EDF89D48

File PE Metadata
Compilation timestamp:
3/4/2014 11:14:50 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:RhC71idjZ4plbFC1hNG8Ph6oUGM5GZ7N/enA+kUaq+tGDyjJwWph:RhC6Z4/FH2jUGM5GZYZaVGWJdh

Entry address:
0x10A4B

Entry point:
E8, CE, 49, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F8, 21, 42, 00, E8, AF, 20, 00, 00, E8, E0, 07, 00, 00, 0F, B7, F0, 6A, 02, E8, 61, 49, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 20, 37, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
103 KB (105,472 bytes)

The file sonicpdfcreator2.0link.txt.exe has been seen being distributed by the following URL.

http://new.getapplicationmy.info/v945?preloader_version=1&installer_version=3&installer_type=IX_2013&q=appllicatiionew.com&product_name=SonicPDFCreator2.0link.txt&installer_file_name=SonicPDFCreator2.0link.txt&affiliate_id=v14new&aff_id=v14new&q=SonicPDFCreator2.0link.txt&external_id=1395470549462638317&self_redirect=1

Remove sonicpdfcreator2.0link.txt.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.