home

PDF Reader.exe

PDF Reader

Nummorum

The application PDF Reader.exe by Nummorum has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
NumSoft  (signed by Nummorum)

Product:
PDF Reader

Version:
1.0.0.0

MD5:
292ce647751026fb7f3af96f07c7beda

SHA-1:
f5287cacfd432aea4ea73ae1d55c05e7fa24e73e

SHA-256:
5d164ced16b14c4661de192f2714e6026b2aa8fcc117b3b7f9a48f4c1222d01d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
1/14/2025 11:52:57 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
16.9.24.0

File size:
44 KB (45,048 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
PDF Reader.exe

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\apps\2.0\k72c3g2w.71e\lel8b3y0.vj4\pdfr..tion_8ba5c9b6596cdd63_0001.0000_780aeaa379d4b121\pdf reader.exe

Digital Signature
Signed by:
Nummorum

Authority:
COMODO CA Limited

Valid from:
9/22/2016 1:00:00 AM

Valid to:
9/23/2017 12:59:59 AM

Subject:
CN=Nummorum, O=Nummorum, STREET=Beemden 13, L=Leusden, S=Noord-Holland, PostalCode=3831 GK, C=NL

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6BCE9BFBF8B324FDC559B4FD8E7EC561

File PE Metadata
Compilation timestamp:
9/22/2016 5:46:31 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
48.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:rvLxCrl8cERTDvAQXOr3Wl8cEYTDvAQXOrEAliiC:/xb1bJA8iC

Entry address:
0x7D72

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
23.5 KB (24,064 bytes)

Remove PDF Reader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.