» pdflite-200.exe
Overview
Analysis
File Details
Downloads (28)

pdflite-200.exe

Kemulaf

Beta Setup (Alpha Criteria Ltd.)

The application pdflite-200.exe, “Kemulaf Setup ” by Beta Setup (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.packagerepositorypackage.com and multiple other hosts.

File name:

pdflite-200.exe

Publisher:

Beta Setup (Alpha Criteria Ltd.) (signed and verified)

Product:

Kemulaf

Description:

Kemulaf Setup

Version:

4.0.5.5

MD5:

9a23e98d47e5e5ec6e2a6d61d35a3345

SHA-1:

6af361effb78380f6d5742da656cb10964fbc0b8

SHA-256:

46a21d315631bcfe6e1fdef5df995011407cc9710650db2e8c05d688b735f6ce

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

12/27/2024 6:58:56 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC.Installer (M)

16.7.7.14

File size:

947.1 KB (969,864 bytes)

Product version:

4.0.4

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\pdflite-200.exe

Digital Signature

Signed by:

Beta Setup (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

12/31/2015 1:05:12 PM

Valid to:

7/27/2016 6:04:14 PM

Subject:

CN=Beta Setup (Alpha Criteria Ltd.), O=Beta Setup (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121DBA9CC399DC1BEE2669DA6FF3ACD5A4E

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:bmiYVeWr1yz9xU1DVoYer+Fk6xcJ4MkdvuICc:b3CUhx8mYC+FnxbdvuIn

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9324

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file pdflite-200.exe has been seen being distributed by the following 28 URLs.

http://www.packagerepositorypackage.com/c?x=WKGuww9EmFUOJ24RShWmHOna8xCNUlM8OoBvnklh5B8=&e=0&c=Ip9P0OxmNPraVCnifbkeUFkQSDO6/Br9fZl63tvVcb6B6vQ79RAlQfujGOLYkapWc0JG DrgiBVHFm4QQT5OkBwIeprgF74cBkT8n4Ncszqj3yPfYhZMC/tJSogRA8tLBRsi1qbWS/24oyovPxAEv2oVaDsT0OzHM 0CUomv5C0=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=dEW2Ga 6H3T6V /gRwi85dN4d5lUO5D32cyXFaPy66M=&e=0&c=d2S2HeB7Xlk8aDAJzr7kYXtQ qjOvp8GFWwm95B/9daQDAEQ08Ha6LQWTpy52oMX1i6XO/1TqYvPE7JwL6zcdrihH5wujL/5Me7rv0y2vZlnECDVC1X4Zi7ja49CttJ4YSzQNhb2Qy1eQXszeRm3pWKyHtlTCKOpfAVUAhJiUAY=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=huKMWh7fSihqIw7iaCf6VdBZ0N4Wt2z 4OS7bFmB2LI=&e=0&c=BXinVd0nczAkK9ZGwSgTX3vdYToTvZeR5feTZmJvAhUc3vveO4KqLPAoQGsRYJJX6h3AIQTQPblQH96eazTtbgY9dDvPFbOjec1BkuvyHeF22IbH yrFYEgT3jV5f7sSVzVU3gvKhSQCsXdLAQX0x/QbPos1XXPXye8AQlCiXvw=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=JHoNTswjbrVwuUhRc8RKPY6i23x8PC0w0NfsoAsujwg=&e=0&c=AGd0kKIb8yhRL e1ydZN0t Oadz82ilJJTsRuHKCqzmlQgeH4U8RB gqMsaaDSNMyU8C9gSrGDbVtJO/bJGYAuHSaSiA8P8ML/NmoKi3lgkmaGBey/mo05YScaG2Xqdr5UFliRC0nW5ufxsLFQ5mBMETcGJV2BEg8bTPmo396V4=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=SVjrmGs0jS0LGyWJ0SBVxWKiIA7lNEABmh1eKDOeyG0=&e=0&c=ytQ55QKXIa1kInNW6bc6vICf55wQVtra bcQeESZAqzLBUuY3PQMTgTyOf2FchA5GGrbf1nZaLTnDYZwHLQvBTKKCNqP2vz9I8hGQXMpWvh10C8SEPK7661w7i3ssvfG7DSMTR275KEcO5HjkNnrK3SkgCekbSuZ9G/8AhADjI0=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=n/a41wkE H1RTlfOlio5tE 7dVyEDlTZN2XOK147Xdk=&c=LgiaZgcveM4zKrJWdDdhUuIUTCFWWIiPadFljfRxiDWVNe1d x2wUeYDb5KI79MXbRJtU7zyKNunkjOK733eqS5HDNzquQtuQHlCclPKU6aichizBawByZlaeKr/ze8HVsGRax0XmcnvszXxQJT2z2dw1z7e5H5bDhOHo7eicYo=&e=0&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=KNKFmyfpXmBjZXoXzeE0T1j9gvq0AdzusIsZ923Wo 0=&e=0&c=90Wdk99XuoikJR6tjPyQm7jje8niKb rxSYr5wG 174p4Q3rdg2C5D0K4R5RCrppvqQCU/jL GPZFpIGR0E04rPfSowfJKL692jou4QGvlIrmXv0JUx7tghQ y6P gkxgJfJEKd4SLym9lf4LkIc SrFE1Uxk/22Q3aPpwKewjc=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=DW2vmL0j0VUfKdjm r4uwKP08BIlK4thVfii/XBJIjo=&e=0&c=Mq5EKVjJvOgjijEKGXRQOqluwYsbeIuN1FiQBwUnp52pOC71MK0zfkMhmVYd0PtsHHb3bbmU8LYm020aGhWk6WC/YAkFUEYXjy6 y0PARvnFfnSjXODBm/lfObKD5FfM9fj6S3LdgTdGEr eSdpNvb W8GTJ0BX7hOUc3JyDbac=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=HfIUMwWBRT3zTPA5IMMHkfoLI4CwUQ5TYaKAs3r0YBg=&e=0&c=UyWqKNBU WKAOV8B3KQDU n7JJ47njk/LD0bdJb9MMBjXNVjoTEsDsAP OBmv2xOiP1SRovIDov4IwctrsH6QbUcCFbPHto8M5skqmDDGKN/aK77JmlZmtaCemoJrYum1gCxOmX4EIRJ32NYMwsevFN5uul5Ni6YKCUNrpyspew=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=fOHuBLC5PcWskGnCQuHIhExuZFMbpPnyrJdveRLIrbc=&e=0&c=SY2Pl9mjY58RY 6uNb3uyP19nu9wY2wEhwcOQkQJfhgrhcPKABY0goXx3E1UWuN47Wz27fKgevwqPOS/ZJcXWqFiANfgQ/5KWQXYnuMqJXZJOULM8tlEYS1gQOf2uFx3cMjAqk5QkvuYY1OdDGBziHGQjpdDcWxFA6rb9vgdUyk=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=ktOraZvN8YpF0mb4o jTuRS2mGS2DFq0O9 3flxhTA0=&e=0&c=E2cXeNjkLAAqSlhtuyz0vHHXElZvtZjv4SwxOpdkOhQC7vkni/S5Cbskry3f/LDodYkCuWJFwqJSpQSbslX67pmjze PqF9fSWNtiesQ fH5PenYDa1eztue GKcdxlMIBnRGw0owhTv5YJqDn3/o2ynObNLG/l6yUPM86knTE=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=7THXKHlJIQZXVcORlMc9StLhesup77BODA/w40KoGgo=&e=0&c=yRF5AWTWLRrAcjRtzZKoGNX0zcD/RmvP8Zxy5UP5nH fDCfcpb5XXKf86NzDNrwdI095Yeahhjoz r2RCp/P60/NSYgOM37n0WUU3/BYbEzBwaxIfxniD9XR1nDXj9fXkgujtLRoXLuh6HsdYoAFyiP8IebqIFiFqL91qDyYhsM=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe#pdfjs.action=download

http://www.packagerepositorypackage.com/c?x=BskhrS0bNlU9iH7DHQFcmOLETNO9WBtyC0SdGt/VgzU=&e=0&c=DdautDwYGj9WxQmYuEG4r5xVTCg0YL6JN6iEwJzGhLOZA5C6lnnLisgua44CI/oKnwLyXO9J rjRy EGLonoygcgiJyjw1uGAH4G6NzVHK1QICcQxzEVc5gWYAk5YxbZA4uzfP3yNLGDUqldNH8OVqXOKS/LTfwvgVatbuiBCZg=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=b1Op4eZlNu IPcK3vVHtxVCeHMMdPxlm5j6C y20mRQ=&e=0&c=QE89G6uZTTVNrxsqLbV2FpSUuZKeF9RKa aUoF3k4WQ/dQu23Dr2GRoxyvGgmKj1gSZLDd2OfgQSoTvy8 TKIemuoYkJ T87DMUMj/LUYQxFERxvRB0jLE u4ANAxtpaWYE0CvUwz/bC9JII5mtcurwLHCKZa4X4BBi5pHRZWSQ=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=TDHTFhaenT Klmk5U0hUT3nRnWOqt6hh6eOMvA2Yc1g=&e=0&c=7TCwDS3B1HVPKsjxPOAnvkTSb/94G4IloHK64uUWmHCd7FSuwRpTivg63dpIqFTpjTuwAhuHkqjGDgR2CeK/QPlETdSLc/TGIQil6T QG4mB/0RDcCve2oiFyJ0ay4DCMR7Btnk Xhxk0o4Uf8/0AnhSIhoKsMhIHxPUSkH18i0=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=0EpR2zn xEpxYvL8THoW/rYVHYeIrfEO5yqvFKICa8c=&e=0&c=UiwdlmXIyfPRD Nxg9T0QZPSdzWr0Zjctg0R0ODkzEy7AYIjj5tQ/3FC fgnkJMlTFftDZWzRmEqfbL2eCPqE3XR81n2mhkI o6qwwx2CGteW1jYvsJ6/Q5vFvHWpTtNPbFoGNIb0uz588V37QSlgj8jhgcYoGce vZav86L8L8=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=xFY S 0bcNuYIjGY7BR6W66k8DnOvyo5WwC KlvxXfo=&e=0&c=lpr64gy9eVMIKUX8bPD ycX/uqt75GTRjqoBnA MzCmXdkztIgSF5Cbab06YGHStrvSBmc14qZWRgU3zfrQM29lSQvuZIztqRLNcLBndVlfkgWzhpfQXT90yXKHFHNy/FJ4oOz5dLVnRuMyJDKyjQFmhVx9iKdSyNCn1ZL4jHRw=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=WjLy23rq0qBvFMwakuI7OcQq4ElRtT/yv5wwXU u/rs=&e=0&c=S4YBSLL1ebHDUrsefeAQGt4ywQbanyUpgYy9sZAOHORy 1hd77s098oRzavTQ2wD3H0AMfZv4ahEm9KYjxsrnBC6xZziI0vNCcslUxT 62BLPadftAuJ4uVf4zdzS2naGHrnaMfnX8kHGLIRkM3jn53w69KMhKg/VkBH HAVnhc=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=yvkP9aHHdxnTIpNZ1wVj8SRRogia6qLosDfmVIzGD14=&e=0&c=W4qSHJRAp5RaeXgUL3hjMi9ZuQyPLMTlFVGA0u3nI3HTCQoIkG9M b7/h2axuLVF4ApxPBgNTq4ip54jZ8LPcZxO837ebWz3e6s7J/HeBmnlfpm8ufLsmXvmE8iSuvJqHeZDLKY1dS8kwA c9zgA5sKaazsd12lhV77sYjmn7qQ=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=JLlbPhBhLBSQDZsf8Qd/fOdGSaxe7/ybstXc9zY28I0=&e=0&c=irYVUfIKOJB9o5f7xM1TOVOtO0lSRpXWpTlsayWfr/PQTDEf6/cacY QLgU1ZsDOLb/xdBzRJDeiPtHLN88wSupsQxKv8fnlgl5ptf08MtM50XqdjgJ2FpShAXuv15KELlmd5tkqMMmTHHMETY/Hoad BmQ71fWrGXktUTdijHE=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=FMzE98cxxQmMNKFqwiR1nL25WuUKaDLYCxb8MdNtrvM=&e=0&c=G8MK8r/Dht8Bdiv9l7ampAFZibQyE51XWClpW4FiBfDJXSWfsXgYUs6gI2g6Y1ZSpO7r13/NO22Ga0JXBtZ3XlmpB8AfH5S6wtN6LaGfFk29yVtGDBadABebu C1ogNj50LBai1P8AH9Ze1URLqUDjeaT3KZGy/zDSMavgRrKPw=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=Yoa86DrDMjzV5cT Mov4gv6X7BlnKNkxvOc7sB6Ldx0=&e=0&c=NFc7bq54Y1ka3ZRJSrZk4HfEFTWoehtYwwpvKArfqFfOyld Y8v3HrPg6XYMVpTkNwooSqhg7cPCiVsIF9Y3t6LCdUAJak4mR TDQNSGWlI5ZPrzERdX43dKhV Uw60U4Ke4hRp1qDuVlNmiONisHcjODMyecWXk5zB8MFbHKoM=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=qOcgwMAvF62uUSCGjVwKp2AIZ1mEVP hSYYdFzu8Y8o=&c=DyNMfxSiG63TUy17 V09tBYpMgxjwP4F /3bRtqBNt8jOE41xkFiKgCkYwUpEFtYaybJ7r31wfOv5mA5qOQCwm63ywX3VAXpsh5rBxEfvhkwv/tAVkmZtfdxp6rAX8BRpbti2YgcSBzoXwX25VPkg1QfgtyMVlqmiYsptvvTanQ=&e=0&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x= /h35QjUnaf251xICoN9Orz8dvAaCBv021Xy9AwhMDI=&e=0&c=hXR9YTaLf 6l1 pROMrBIB7/yDJ1HX0cR905JBZW4OmibusJa/bE2BIp h9VQbqTV7i4eDkI7qbGdmAkYGZbnB0UsaGuE8kAUID9KuaVorDb/4Ey8WPcbVs6 dMViXwXav6YHqPaGZYUb8GFYYSQUZ2PNmuAgbmJN/jkQLVs24=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=XRiTqy uPQOipLlw5he9yjmKHsbTbG3V86axqlOjWR4=&c=SCGOKZNb0HDOSO/biA GHLwBLDUUbHf5j9OXkqW AXvnerIGRfRz vUl8pkT3Thj/mPKtGWNN5SysjO22We5 gMAvtEwrtOr0tZYTzjwdk NljRTmeWlp8/tXCVCFJcQAjpK4RhL gGvpYj/0CxT TZm 2nAOH9C9NUdrB/VzTk=&e=0&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=4pzXXxYPPRt1YY5ddQuBsDQJZZd0Eab/bjkWvmzb1gQ=&e=0&c=kxFVstGph5ij2LBwQniOU7K0jo4m0z/ygIyQsu3/70/eDJvekW DsS1ZY2H0aLCnJZgFIj61vQ08oMuU1TgpO/WajNcgvBAC3PvbuIaZ5q/IzymdNQVpJY9/fHX9N6yGqZfAcvGTu7M/0tO7n083poZDoyMtlu1nScO3bmZIZgk=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=og1wQMPMmpQ0Xc0zPcgtAbMkUjyKtOr 7tjn8RGoKwI=&e=0&c=uoy659cxyFDhMWd4sh4pHfWsWCbzvnf3DnkA1F9Auva 5BpcQ4YozMe NPsY0WtJkXPFzH3niJ 8qJ1/CdwFOqsXofBZbbILSVM67a/Sjh7PbIQBxTEGvYiHw4t0hRIJv4V1dfzsM7jqMNUwZHhSHnlnA5 GRTEe5wPFGDpcNEY=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=QTR6XL1cSMuMvemxMDAPNpe2XuitmlNu4kGImoo62 g=&c=vpai7ZcUkRIstdnH6iuVCL2T5VksS/KMEtnCpO0UWxOxAcqh8eMlR47q3qpAU4nvO0RJJrTaG /80fk1Lkzxej61DuPIkud1jwxC7wg5tYLiIKdOtSbsBeQXo5DLbp2/QmcRFnroeHhULKPFbO3F/eCHeWCH01050pj2nLaQaAg=&e=0&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

Remove pdflite-200.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.