home

pdfsam manager.exe

Messenger

ANDREA VACONDIO

The executable pdfsam manager.exe, “Messenger service” has been detected as malware by 4 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “PDFsam Manager”.
Publisher:
ANDREA VACONDIO  (signed and verified)

Product:
Messenger

Description:
Messenger service

Version:
1.0.0.0

MD5:
68ae8f7458c361e9866c007424a4d71b

SHA-1:
cff5b13e88671874b1ea2dee5a0ae84e9ae2dcf1

SHA-256:
c8025229f3dd954e63da1d7e84142e70c6591d7e57a452be0b0d48968c44c8a7

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
11/15/2024 2:55:51 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Win32/Floxif.A
2013.0.4477

ESET NOD32
Win32/Floxif.H virus
6.3.12010.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.15.154

File size:
1.1 MB (1,128,503 bytes)

Product version:
1.0.0.0

Copyright:
ANDREA VACONDIO

Original file name:
Messenger

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\andrea vacondio\pdfsam manager\pdfsam enhanced\pdfsam manager.exe

Digital Signature
Signed by:
ANDREA VACONDIO

Authority:
GoDaddy.com, Inc.

Valid from:
10/13/2015 12:50:38 PM

Valid to:
10/13/2016 12:50:38 PM

Subject:
CN=ANDREA VACONDIO, O=ANDREA VACONDIO, L=Bibbiano, S=Reggio Emilia, C=IT

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
76EB5706FDB03A84

File PE Metadata
Compilation timestamp:
11/13/2015 12:48:55 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:HDPP2IpXItJW/kDfwp7I62R7ZVhImtMPmDY7OJ+XNFT+A7Z+L5kNrEH7pl:rPppYLqkDfOyMPmDY7wSTp7Z+Ll

Entry address:
0x58558

Entry point:
E9, 09, A9, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 51, 56, 8D, 45, F8, 50, FF, 15, 80, 32, 4A, 00, 8B, 4D, FC, 33, C0, 2B, 05, F8, 54, 4C, 00, 1B, 0D, FC, 54, 4C, 00, 33, F6, 03, 45, F8, 56, 68, 10, 27, 00, 00, 13, CE, 51, 50, E8, 87, BC, FF, FF, 5E, C9, C3, 8B, FF, 55, 8B, EC, 51, 51, 56, 8D, 45, F8, 50, FF, 15, 80, 32, 4A, 00, 8B, 4D, FC, 33, F6, 33, C0, 03, 45, F8, 13, CE, A3, F8, 54, 4C, 00, 89, 0D, FC, 54, 4C, 00, 33, C0, 5E, C9, C3, E8, F6, 32, 00, 00, 8B, C8, 8B, 41, 14, 69, C0, FD, 43...
 
[+]

Entropy:
6.4114

Packer / compiler:
Xtreme-Protector v1.05

Code size:
646.5 KB (662,016 bytes)

Service
Display name:
PDFsam Manager

Type:
Win32OwnProcess

Depends on:
RPCSS


Remove pdfsam manager.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.