home

free pdf reader setup.exe

Fubager

Install Safer (Install Manager Limited)

The application free pdf reader setup.exe, “Fubager Setup ” by Install Safer (Install Manager Limited) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.grabcitygift.com.
Publisher:
Install Safer (Install Manager Limited)  (signed and verified)

Product:
Fubager

Description:
Fubager Setup

Version:
5.2.5.2

MD5:
10a3bf2c711edddadc29ff2aa1d0ba42

SHA-1:
8ac100415c59afa3d8179fa0de34e878de7e7d86

SHA-256:
1b9c63e9bc170688d975c8b14b0218b0d2490d1168726b0cd3739719ff00bbbe

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/16/2024 5:27:07 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.Installer (M)
17.3.16.4

File size:
947 KB (969,760 bytes)

Product version:
5.5

Copyright:
Program installer

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\free pdf reader setup.exe

Digital Signature
Signed by:
Install Safer (Install Manager Limited)

Authority:
COMODO CA Limited

Valid from:
5/17/2016 5:00:00 PM

Valid to:
5/18/2017 4:59:59 PM

Subject:
CN=Install Safer (Install Manager Limited), O=Install Safer (Install Manager Limited), STREET="Level 27, 188 Quay Street", STREET=Pwc Tower, L=Auckland, S=Auckland, PostalCode=1010, C=NZ

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3DFEAF63B1841C27FF7F4E168B93D45D

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9348

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file free pdf reader setup.exe has been seen being distributed by the following URL.

http://www.grabcitygift.com/wbFVK9uDQvLeG5pVkG Q0ANTapPevlcb6DVR3j7rGp QbKz7uXBujoUkRTtCspJ0zJ3yLLVPYjOCTKQrP4kV2yY5bGPMvDuwtiBhNfXjZf_mf5GkSVS5mmQN VReCAfHwHjyN4oBhmnVYufFkFqEsEj9V_XAo0rAI565cB9XnyX7K7LMbS36RlwUUuz83cFswJyIBBV5_QXC3Spk5xTb8Y5dD2vzBVpsCAGil95SkciPEzL0g5YjRiCZmZn5KUe2s146_b324dPG7Z2ZjaUKRcgaI0hzPD9uu4mJC4ZJBL aoil7HkJz3agfTZWj9EXwWTTI6QplmqqvCH ONobeHIycT9KqsHWUEL0YFXWmtoVVJhQouIfLoBXunrOQqEZ_N3rflCjmK1BqCaNoa_F1tqy gLY_3IHVAhBApSYSEBEkJLzid 3_LBCmj4nPTbsI sFH_8bmwUaTHmEdMZM4gS w3GsuSN1NKac7pcpRbsPq68ynrf4QIrVHri4ylxx8SHxIfF4ebis350sbj3jgbMejVekGh6YZm0CjrLafVL7iULuzMSK2LRhzw_3jgKWeyuqhEZbfk1NsBU0qpsqs_KmQzGOJCcG9EemYU8P0dN7TOueD9pD6yUob1BCrb isx1eXk8d9OgO0 NpTgyDRsmQ5JzX9 g==-GzcAAETdFtsfHoMcnBiHmyhswIFbIk0DDoDDxti5ikHdNi8RVWxmPwWB3iaSc3kvzhB8GfgA

Remove free pdf reader setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.