pdfconv_64.dll

Polyanskaya Irina

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The module pdfconv_64.dll by Polyanskaya Irina has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Polyanskaya Irina  (signed and verified)

MD5:
5e58511d29161b72b7d62f9526f2d066

SHA-1:
cadcc0833b50f7beffeba2fa1722d15f7af59b30

SHA-256:
6de1b9ad10a24ba679a8ee964565c1479c8e1dc4cc2f813e179e0875b967251c

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 2:06:23 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WebPick
15.3.18.1

File size:
216.6 KB (221,776 bytes)

File type:
Dynamic link library (Win64 DLL)

Common path:
C:\users\{user}\appdata\roaming\pdfie\pdfconv_64.dll

Digital Signature
Authority:
COMODO CA Limited

Valid from:
8/24/2014 8:00:00 PM

Valid to:
8/25/2015 7:59:59 PM

Subject:
CN=Polyanskaya Irina, O=Polyanskaya Irina, STREET="Suhata Reka, Bl. 225A, Ap. 42", L=Sofia, S=Sofia, PostalCode=1517, C=BG

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A4C6F876119E08B1C5FF63372D64B83F

Registration
CLSID:
{934B156A-3D17-3981-B78A-5C138F423AD6}

ProgID:
adTech.adTech.1

COM registered:
Yes

File PE Metadata
Compilation timestamp:
12/9/2014 5:17:49 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
3072:0x8b6dOro3JSY1wnCCTNvFfbg4TxJ+ZQROJcTpgp5GGW:0x8b6dOraEhCCTTEAvvipY

Entry address:
0x10884

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 77, 8C, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 38, 2C, 02, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF...
 
[+]

Entropy:
6.0564

Code size:
125 KB (128,000 bytes)

Remove pdfconv_64.dll - Powered by Reason Core Security