» pdfcreator-2_1_0-setup.exe
Overview
Analysis
File Details
Downloads (25)

pdfcreator-2_1_0-setup.exe

PDFCreator

pdfforge GmbH

The application pdfcreator-2_1_0-setup.exe, “PDFCreator is the easy way of creating PDFs. ” by pdfforge GmbH has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from high.software.dn.naver.com and multiple other hosts.

File name:

Publisher:

pdfforge (signed by pdfforge GmbH)

Product:

PDFCreator

Description:

PDFCreator is the easy way of creating PDFs.

Version:

2.1.0.807

MD5:

680a84d7cc40c7ba0c2023e93d444324

SHA-1:

3d67ebe717d9d2aa8bc3b7d13ab44add5a4df40e

SHA-256:

b1d47a519be972bcc219b3e195c5cf20181c13b14b1d5b93eed7d6ed706ff0d3

Scanner detections:

8 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

11/23/2024 1:43:34 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.OpenCandy.39

9.0.1.079

ESET NOD32

Win32/InstallMonetizer.AQ potentially unwanted

9.11351

F-Prot

W32/OpenCandy.A2.gen

v6.4.7.1.166

McAfee

Artemis!680A84D7CC40

5600.6821

NANO AntiVirus

Riskware.Win32.Downware.dgkmsw

0.30.8.659

Reason Heuristics

PUP.InstallMonetizer.Bundle (M)

16.3.10.15

Trend Micro House Call

Suspicious_GEN.F47V0319

7.2.79

VIPRE Antivirus

Opencandy

38600

File size:

26.5 MB (27,834,848 bytes)

Product version:

2.1.0.807

ï¿½ pdfforge

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\pdfcreator-2_1_0-setup.exe

Digital Signature

Signed by:

pdfforge GmbH

Authority:

thawte, Inc.

Valid from:

3/10/2015 1:00:00 AM

Valid to:

4/9/2017 1:59:59 AM

Subject:

CN=pdfforge GmbH, O=pdfforge GmbH, L=Hamburg, S=Hamburg, C=DE

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

4A0B7118F7483AE9BED26C9A1C65AD91

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

393216:Zget8CCmWo4dgnM93nKrqNXj82ITuBojVBwAt1wYa+fFNySAVasz6MFJ0952:pt5CmWo4dNETu0B9KL+fFZ4z6O+95

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file pdfcreator-2_1_0-setup.exe has been seen being distributed by the following 25 URLs.

http://high.software.dn.naver.com/f4b6ad4977ab8009690176bd4ebbf8c8/.../PDFCreator-2_1_0-setup.exe

https://www.downloadgg.com/go.php?u=aHR0cDovL29saXZlLmRvd25sb2FkLnBkZmZvcmdlLm9yZy9wZGZjcmVhdG9yLzIuMS4wL1BERkNyZWF0b3ItMl8xXzAtc2V0dXAuZXhl

http://lb.cdn.m6web.fr/d/c/a/68a59219ee3836dc702431fa9ba3d4c3/5511baf9/soft/.../pdfcreator_2-1-0-807_fr_11085.exe

http://pdf-creator.soft32.com.br/get/file/id/.../?no_download_manager=true

http://i.download.idg.pl/fannef/a8c6c0f609df4c92f93e60968d7234a3/56a7c662//vol2/w95/pdf/.../PDFCreator-2_1_0-setup.exe

http://i.download.idg.pl/fannef/6b7484be2eaafd677232380a2383d355/55faaa08//vol2/w95/pdf/.../PDFCreator-2_1_0-setup.exe

http://filehippo.com/pl/download/file/.../

http://i.download.idg.pl/fannef/4cc3dba431a017cf177149cd9db16fb2/56214993//vol2/w95/pdf/.../PDFCreator-2_1_0-setup.exe

http://www.filepuma.com/file/1429297286c8417/pdfcreator_2.1.0/.../0/

http://www.programs.pl/pobierz,599,link.html

http://i.download.idg.pl/fannef/340f8906ce5e045345fdaf10b2708fe7/564b2308//vol2/w95/pdf/.../PDFCreator-2_1_0-setup.exe

http://i.download.idg.pl/fannef/92b993c3869af2fac2f9329d0c387a5a/56708f07//vol2/w95/pdf/.../PDFCreator-2_1_0-setup.exe

http://soft.telecharger.com/PDFCreator-2_1_0-setup.exe

http://software-files-a.cnet.com/s/software/14/15/33/.../PDFCreator-2_1_0-setup.exe

http://i.download.idg.pl/fannef/a74b50ca16e4684465b0bb086f80ba79/569aad5c//vol2/w95/pdf/.../PDFCreator-2_1_0-setup.exe

http://white.download.pdfforge.org/pdfcreator/.../PDFCreator-2_1_0-setup.exe

http://orange.download.pdfforge.org/pdfcreator/.../PDFCreator-2_1_0-setup.exe

http://download.pdfforge.org/download/.../PDFCreator-stable?download&download&download

http://i.download.idg.pl/fannef/cd976771b03fd43c3a7ec0c21f34ea8d/56c44c5c//vol2/w95/pdf/.../PDFCreator-2_1_0-setup.exe

http://i.download.idg.pl/fannef/1a473177bd7f7d4037e780be1b6d9a02/56ae87b7//vol2/w95/pdf/.../PDFCreator-2_1_0-setup.exe

http://dl.cdn.chip.de/downloads/.../PDFCreator-2_1_0-setup.exe

http://www.downloadgg.com/go.php?u=aHR0cDovL29saXZlLmRvd25sb2FkLnBkZmZvcmdlLm9yZy9wZGZjcmVhdG9yLzIuMS4wL1BERkNyZWF0b3ItMl8xXzAtc2V0dXAuZXhl

http://download.pdfforge.org/download/.../PDFCreator-stable?download&download

http://olive.download.pdfforge.org/pdfcreator/.../PDFCreator-2_1_0-setup.exe

http://download.pdfforge.org/download/.../PDFCreator-stable?download

Remove pdfcreator-2_1_0-setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.