» pdfmastersetupru.exe
Overview
Analysis
File Details
Downloads (1)

pdfmastersetupru.exe

Product Installer

ITVA

The application pdfmastersetupru.exe, “ITVA Software Installer” by ITVA has been detected as adware by 4 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from download.pdfmaster.ru.

File name:

Publisher:

ITVA LLC (signed by ITVA)

Product:

Product Installer

Description:

ITVA Software Installer

Version:

1.1.1.1

MD5:

9cf3516043173783d9bd690211f8a794

SHA-1:

182023c10deba2e954a024000cc8f98577599e13

SHA-256:

6784e9817b1215fd99c59b3a54c595e3e8b82b0e89af0907c4739ccbb2c550bc

Scanner detections:

4 / 68

Status:

Adware

Analysis date:

9/22/2024 9:31:45 AM UTC (today)

Scan engine

Detection

Engine version

IKARUS anti.virus

PUA.Itva

t3scan.1.8.6.0

NANO AntiVirus

Riskware.Win32.Downware.dlnonn

0.30.0.64448

Reason Heuristics

PUP.Installer.ITVA

15.6.5.21

Trend Micro House Call

Suspicious_GEN.F47V0105

7.2.11

File size:

19.6 MB (20,515,488 bytes)

Product version:

1.1.1.1

Trademarks:

ITVA,InstallTraffic.

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\pdfmastersetupru.exe

Digital Signature

Signed by:

ITVA

Authority:

COMODO CA Limited

Valid from:

9/26/2014 7:00:00 AM

Valid to:

9/27/2015 6:59:59 AM

Subject:

CN=ITVA, O=ITVA, STREET="27/2 Liter A Pom 6-N, prospekt Parkhomenko", L=Saint-Petersburg, S=RU, PostalCode=194356, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

303B020D4BEC85F9AC725DFC5A02D1E8

File PE Metadata

Compilation timestamp:

12/28/2014 5:41:14 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

393216:2TZ4SUUyvRqS4jKGJJ7nch68TYrXTvh4jey47PfbJejdfvQWapEc4b7Tb:i4SVyvlpanch5YzFiE7Pdex31amT7Tb

Entry address:

0x6B520

Entry point:

60, BE, 00, E0, 44, 00, 8D, BE, 00, 30, FB, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, E4, 95, 06, 00, 57, 83, C3, 04, 53, 68, 14, D5, 01, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Code size:

124 KB (126,976 bytes)

The file pdfmastersetupru.exe has been seen being distributed by the following URL.

http://download.pdfmaster.ru/pdfmaster_setup.exe

Remove pdfmastersetupru.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.