pdflite-200.exe

Golef

ConnectorPrompt (Alpha Criteria Ltd.)

The application pdflite-200.exe, “Golef Setup ” by ConnectorPrompt (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.packagerepositorypackage.com and multiple other hosts.
Publisher:
ConnectorPrompt (Alpha Criteria Ltd.)  (signed and verified)

Product:
Golef

Description:
Golef Setup

MD5:
6d8122ad063a32cd86f072fb3fb74298

SHA-1:
d3ddf08d5e2aadc0ddd8e69acce12a31c227686d

SHA-256:
d95e97ab0351bdb575b8df0ab819b6a969a1f0857a3ee461670729d64dcc4a23

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/28/2024 1:27:33 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
16.9.5.22

File size:
946.3 KB (968,992 bytes)

Product version:
3.1.9

Copyright:
Program Web

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 12:14:48 PM

Valid to:
9/2/2016 11:24:46 AM

Subject:
CN=ConnectorPrompt (Alpha Criteria Ltd.), O=ConnectorPrompt (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11217E0EDD2E1DDD472DD3F530839DDFB6DF

File PE Metadata
Compilation timestamp:
6/19/1992 10:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:UiGtw6r+nQQCSDHBphyg8CC+RYOV+Q/bxQhPXaRUy7tmq3qFWyTgcRl7q3C8pJt6:UiMwe+n5wrX+RlV+SRUWbsWpml7uW1

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file pdflite-200.exe has been seen being distributed by the following 11 URLs.

http://www.packagerepositorypackage.com/c?x=fvsuSXpeNjDK I4 AZiSSr7fD1xZkfKS9H1LQMHi09M=&e=0&c=cxgrq4zuUz1smzJ6uczA1UBCIRNsiMm/CLayaQ2GZpLYJanHdM9rP7n8WMKwwpVYmsQh2hlYWq7RC0zM/Yup432fAv xt3dqvqBygCeqGGmBT/16C2pqb 27CH4QeVXnc51Ai0aFnOS3nILpjrRFS iE9xVBGyQoUdfFQt9X/Go=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/WVl6OTRQV0p2VVU1WlIxVmlOMjB3VUhGcUpUSkdlVUZOVDNkbE5rc3ljQ1V5Um5rMGIyTlpWakY1TXpaUFdWVXpWWFZuSlRORUptVTlNQ1pqUFc5QmFWSjVSVWgyV1NVeVFreEhNbWgxTmlVeVJtTXljRGxCUjBOT1IwSkhSSGRSTmxRMmMyTTVSbFozT1ZjM1JXcERKVEpDUVV4UmVWbGpZMEZGZW1SbVNFUTNjVzU1TUZKdFkwNUpZekozVGtGcVl6aFNabXBIUjJSdEpUSkNZMGdsTWtKelZsRmtXSFZDYkRsdVRFNDRORU0yZEVWWFYxRlRjMk5DWWtGQ1JYZFRTRmR2WkRoMVRHRmFNbE5QZDFnbE1rWndaa2hCYkdKVmFsQnhjSFJxWnlVelJDVXpSQ1prYjNkdWJHOWhaRUZ6UFZCRVJteHBkR1V0TWpBd0xtVjRaU1ptWVd4c1ltRmphMTkxY213OWFIUjBjQ1V6UVNVeVJpVXlSbVJ2ZDI1c2IyRmtMbkJrWm14cGRHVXVZMjl0SlRKR2MyVjBkWEF0Y0dSbWJHbDBaUzB5TGpBdU1DNHdMWE5wYkdWdWRDNWxlR1U9

http://www.packagerepositorypackage.com/c?x=ZqD2aB43nBbIxJooXo4b5MrY4SqC7cArSWTa/9LxS/U=&e=0&c=cZWO0Sq2eyQkNcOqQ4HFz2Qa4NTmnMVZuzdoTnHaxMzFKFNosNs7P04GDcLIe6olalitPyVooU2b lN6pe7PqBcgHj69MXPpOvDb53AUt79K4VVrbUv4URE6FyxiOdPe14ffbCIAyR407Qv9/ekk9RW8GM/qMOGP8QlWD0qr3uM=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=tapXg1y7zYc50/pkajm/J69qFq7yTH/5RB4qtWxwNrU=&e=0&c=rXCqjnTtxfmkpr a3xnzJCMSWsGzkYYnAvfe5cVLBmE8Gu3YKdFLNtvZK4z2n7toQvWsRUuFmsTaHih9sGxo9u9tqBOGQZt7kEoMhtESngko0yYRDp AeRO5XWKZpYvGgFzNz/7OTmbkHAG3HRGsZKEgyYm pQJQkUnrUGJLjvU=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=MusnkNAiMO5BcN stwMg0REK991dPIuW4tsqPhC0K6g=&e=0&c=A6JXSyIbXmu7mVFozmWHII1MQEjIWgj18kH3UUYNaLPN7PhdbeKV40vnfQSSI20wmF4 u9Q1PXghubinKU2wX7FOjBSl23MgKm14HSjM1/7kOI3tekGUGQCMOWU0TRw KSy8oiMUgRORS5m2tlUC58w tXWKRFC11wBkKvr84jM=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/WVl6OTRQV0ppYjFwb1JrVmlZV2xRVW5Kc05ISm5iVTlJVVZSTlZGSk1OMDA1UVRNMVJHVmpNR1YwT1dwS2RXTWxNMFFtWlQwd0ptTTlWSGwzWlRWcVVubFlRVFFsTWtablJrVTVabTE2VlROa1YxSjFTbVJQVWlVeVJtdEtKVEpHTld0MGQwRkxVMUpvWm0wMmF6Wm5VVEZ6VFROdGEzVm1RVkpSUkZGcFVXUXhkMGhzZUZBNVRtMXpVWEZZV25WamJHRlVkVmwzSlRKR1pHb3lUQ1V5UmpaclZsVTVOMkZaVGlVeVFrSlZTRXhtVFRrNWNGcHZOREZ5V1ZoQk9UVlNOblI2VkdaSUpUSkNaRU5NVUZKTFYyTnZUMlIxUWpSdFkzUlNTWGNsTTBRbE0wUW1aRzkzYm14dllXUkJjejFRUkVac2FYUmxMVEl3TUM1bGVHVW1abUZzYkdKaFkydGZkWEpzUFdoMGRIQWxNMEVsTWtZbE1rWmtiM2R1Ykc5aFpDNXdaR1pzYVhSbExtTnZiU1V5Um5ObGRIVndMWEJrWm14cGRHVXRNaTR3TGpBdU1DMXphV3hsYm5RdVpYaGw=

http://www.packagerepositorypackage.com/c?x=XR1edxkbep3cQ7Ob5dlRStTjOP9qs26Rt6Cqn oN2uU=&e=0&c=A9ydDuU5NzWYBbig 0UbHikrXnE3DMfHIvbMZuZ4jRWAH1p3QSKFYgoMVuMy/7vGtCq RIT vb3R4VR9TgWvIV94PBTZRHBUw0gcy7c5wp3RvxNTfL2whQqIKMekmrX8UWG7KCLf1Tv87/4TfAeO7na AQnWqsD/uGex3voMhHI=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=FH4advFfuYDMCIz8DNp6D/02SAB4KH7aMwNmgNp5CJg=&e=0&c=m4mXxIIQ9nzcvC pZ4hqWJ84b39ve/htR9F06oIH1IFyMbPaWLgE3EueDtV0s/LlWK ooGafuVrdXItWgaEFW0m7mIJxH6467ZC uslgDxJVOn8C8TfYCgWJklHZJiEwrF5hWyYqQla GdhUYdwBWroEcZNvk/uAdNfzPD 3CpQ=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=G0nYkS9t1AWLG5tymbpry7pNf0j04FOYiS yn/orFAA=&e=0&c=MOnT 7mNSEaLKKi/BfLVR1FEMP5d 9pz8uljxjVEvyQhXpI82BZYl6pDOneWuajBMNwumZfzBDjIIl2F ZbV3IWIkLQdyak6CtQK13cOIjQ74JRtIHz9W32bV/9fLsXmzZjH0ANLvQDy25Lo94ereM86yP ZVTJWD3zNsta0q8o=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=WIdBcguPYvaKRU3h 607v4Td9GfrmtgrsPukcBDQE8o=&e=0&c=FXHrtMpInw7 HZkx8vRcPSifCwZk2mBpYe//tm58zBFoZpmP06mZWyBkwz5Skt ULYgYBSjcLEOjw7VfX4YjLji4GsW6NRoruOMmDGSh jPBy60YitOl3HYn2WdBh4oTuMPCqZg7G7g8aWXgzA P08n4APFnjoevPx0UL81BbE8=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

http://www.packagerepositorypackage.com/c?x=YXUmRgj8CySZgAUAPGAb45ijSvy4pHuzs3V7wPlut A=&e=0&c=CqzAV8601VnveQ4e/LUjHzy9UmkLkVmA6GFTutyeeBa2arTbbLqynZ626yKsVBRMoK0YQdWk6XJnd3cRR9jUuRT3l3iOdzJcPvI/dtGGrbg6uyz4PNEg9xNtW/6WwfgFOQm9C3gVDjWC89z9drimn1bX5e8q5m PhznKNNoxQNI=&downloadAs=PDFlite-200.exe&fallback_url=http://.../setup-pdflite-2.0.0.0-silent.exe

Remove pdflite-200.exe - Powered by Reason Core Security