pdfconvertor_17_03-45fff34b.exe

Polyanskaya Irina

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application pdfconvertor_17_03-45fff34b.exe by Polyanskaya Irina has been detected as adware by 14 anti-malware scanners. It is also typically executed from the user's temporary directory.
Publisher:
Polyanskaya Irina  (signed and verified)

MD5:
3f5c65e645804083f97a9d013c0df7a9

SHA-1:
c720b4ecf371395b19adea4c4894f75e647db1ef

SHA-256:
921f28fecb47248c066d88b0a465dc28cf984942c5d898bcad140693896dc1e3

Scanner detections:
14 / 68

Status:
Adware

Analysis date:
12/25/2024 1:56:01 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.POP
546

Avira AntiVirus
ADWARE/Vonteera.156240
8.3.1.6

avast!
Win32:Adware-gen [Adw]
2014.9-150807

Baidu Antivirus
Adware.Win32.Vonteera
4.0.3.1587

Bkav FE
W32.HfsAdware
1.3.0.7062

Comodo Security
ApplicUnwnt
22943

ESET NOD32
Win32/Adware.Vonteera (variant)
9.12053

Fortinet FortiGate
Riskware/Vonteera
8/7/2015

IKARUS anti.virus
PUA.Vonteera
t3scan.1.9.5.0

MicroWorld eScan
Adware.Agent.POP
16.0.0.657

Reason Heuristics
PUP.WebPick.PolyanskayaIrina (M)
15.8.7.22

Trend Micro House Call
ADW_Vonteera
7.2.219

Trend Micro
ADW_Vonteera
10.465.07

VIPRE Antivirus
Trojan.Win32.Generic
42660

File size:
2.3 MB (2,392,144 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\pdfconvertor_17_03-45fff34b.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
8/24/2014 8:00:00 PM

Valid to:
8/25/2015 7:59:59 PM

Subject:
CN=Polyanskaya Irina, O=Polyanskaya Irina, STREET="Suhata Reka, Bl. 225A, Ap. 42", L=Sofia, S=Sofia, PostalCode=1517, C=BG

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A4C6F876119E08B1C5FF63372D64B83F

File PE Metadata
Compilation timestamp:
3/17/2015 10:53:47 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:hrtJE6YxMRg1+tUtAQxxUhwc9NFp3KKGc0VEiFuYxr8rIYQM+xXnWUHKjP:TJQxMRg1+cAQxxXc9NFp3ww2uYxr8rI8

Entry address:
0xF9A4D

Entry point:
E8, C6, 88, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, 70, 15, 57, 00, 75, 02, F3, C3, E9, 4D, 89, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, 4A, 85, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, E0, 1E, 57, 00, 74, 12, 8B, 0D, 98, 1C, 57, 00, 85, 48, 70, 75, 07, E8, B7, 93, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, A0, 1B, 57, 00, 74, 16, 8B, 46, 08, 8B, 0D, 98, 1C, 57, 00, 85, 48, 70, 75, 08, E8, 16, 8C, 00, 00, 89, 46, 04, 8B, 46, 08, F6...
 
[+]

Entropy:
7.0512

Code size:
1.1 MB (1,196,544 bytes)

Remove pdfconvertor_17_03-45fff34b.exe - Powered by Reason Core Security