pdfcreator_setup_download.exe

DownloadGuide

The application pdfcreator_setup_download.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup program which is used to install the application. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. The file has been seen being downloaded from pdfcreator.pro.de.
Product:
DownloadGuide

Version:
9.9.9.9

MD5:
44cac8bcae6b754c13e14c18ffb5d66b

SHA-1:
65ae8e2e169959055ac71cdee5e2ea2f51b83ded

SHA-256:
cb7632298521bc98d0c9d25b618b19db114e6bdfdb353a558ae17e6e9a2982de

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Analysis date:
12/25/2024 5:51:23 PM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.Dropper.Gen
2.1.4+

ESET NOD32
MSIL/DownloadGuide (variant)
8.9627

G Data
Win32.Application.DownloadGuide
14.4.24

Malwarebytes
PUP.Optional.BundleInstaller.A
v2014.04.02.03

File size:
588.7 KB (602,856 bytes)

Product version:
9.9.9.9

Copyright:
Copyright © 2012

Original file name:
in.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
12/13/2013 1:43:08 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:soAG1DS9uHXaDTaZt1bd89y6U2ErV2RKRNEvLqAXjd9ELMu7m:pAwS9uHXaDTm4NU2EJ2oMWAb+Muy

Entry address:
0x6ACFE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
419.5 KB (429,568 bytes)

The file pdfcreator_setup_download.exe has been seen being distributed by the following URL.

Remove pdfcreator_setup_download.exe - Powered by Reason Core Security