home

uninstall.exe

PDF Creator

Install Core

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application uninstall.exe, “PDF Creator Installer” by Install Core has been detected as adware by 26 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory.
Publisher:
PDF Creator Techn  (signed by Install Core)

Product:
PDF Creator

Description:
PDF Creator Installer

Version:
3.1.0.0

MD5:
8bd0fe25782d50d3a2742411c68f7ef5

SHA-1:
874957f0edd219640c3eb4aabb3b871052f0596d

SHA-256:
d9d0350a41c41e5b76439fcfb6afab9db9829b770c0b47b3ba1fb1af5a00fff2

Scanner detections:
26 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/25/2024 10:12:58 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.7352352
354

Agnitum Outpost
Adtool.InstallCore.Gen.2
7.1.1

Avira AntiVirus
ADWARE/InstallCore.Gen
7.11.127.252

avast!
Win32:InstallCore-F [PUP]
2014.9-160215

Bitdefender
Trojan.Generic.7352352
1.0.20.230

Comodo Security
ApplicUnwnt.Win32.AdWare.InstallCore.0
17695

Dr.Web
Adware.InstallCore.13
9.0.1.046

Emsisoft Anti-Malware
Trojan.Generic.7352352
8.16.02.15.02

ESET NOD32
Win32/InstallCore (variant)
10.9355

Fortinet FortiGate
Riskware/InstallCore
2/15/2016

F-Prot
W32/InstallCore.I.gen
v6.4.7.1.166

F-Secure
Trojan.Generic.7352352
11.2016-15-02_2

G Data
Trojan.Generic.7352352
16.2.24

K7 AntiVirus
Riskware
13.175.11003

Malwarebytes
Adware.InstallCore
v2016.02.15.02

MicroWorld eScan
Trojan.Generic.7352352
17.0.0.138

NANO AntiVirus
Trojan.Win32.InstallCore.vnwkg
0.28.0.57473

nProtect
Trojan/W32.Agent.485896
14.01.29.01

Qihoo 360 Security
Malware.QVM11.Gen
1.0.0.1015

Reason Heuristics
PUP.installCore.PDFCreatorTechn.Installer (M)
16.2.15.14

Rising Antivirus
PE:PUF.InstallCore!1.9DE1
23.00.65.16213

Sophos
Install Core Installer
4.97

Trend Micro House Call
TROJ_AGENT_0000bf2.TOMA
7.2.46

Trend Micro
HT_INSTALLCORE_BL210318.TOMC
10.465.15

Vba32 AntiVirus
WebToolbar.InstallCore
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
25950

File size:
474.5 KB (485,896 bytes)

Product version:
3.1.0.0

Copyright:
Copyright © InstallCore

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\uninstall.exe

Digital Signature
Signed by:
Install Core

Authority:
The USERTRUST Network

Valid from:
2/2/2011 3:00:00 AM

Valid to:
2/3/2012 2:59:59 AM

Subject:
CN=Install Core, O=Install Core, STREET=Nisim Aloni 21, L=Tel Aviv, S=Tel Aviv, PostalCode=62919, C=IL

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
2BCA6BFDAB7E5637BA8E7E9C6400CC75

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:DN+/Ciqt5sBAP83wQkDzpmJfkiU8OYef5HcQhMMys:EaizBc83wJzpWfki+L5LhMMys

Entry address:
0x1070C0

Entry point:
60, BE, 00, 00, 4A, 00, 8D, BE, 00, 10, F6, FF, C7, 87, 10, 87, 0B, 00, 16, 10, 1A, 43, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Entropy:
7.8646

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
416 KB (425,984 bytes)

Remove uninstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.