pdmaker.exe

AnvSoft Co., Ltd.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
Publisher:
AnvSoft Co., Ltd.  (signed and verified)

MD5:
0f3eae7a1d78f778b388356df6508356

SHA-1:
95b0cf7cdbc00145282fc0c2078cfbd3118d4daf

SHA-256:
12d7dfed759a645a5e6300e330092829e7afb8a94fa701fd3cf3b83b91dbd751

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 10:07:39 PM UTC  (today)

File size:
29.8 MB (31,204,840 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\pdmaker.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/14/2012 5:00:00 PM

Valid to:
8/14/2014 4:59:59 PM

Subject:
CN="AnvSoft Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="AnvSoft Co., Ltd.", L=Shenzhen, S=Guang Dong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
765E3E079F21928954D8BEC66D023B52

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
786432:Qb3H6iLxR624Zskpw6Q/q9tNV/Imu/iX7776:Q7H6yxMZZdpVGIAjK7C

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9999

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file pdmaker.exe has been seen being distributed by the following 20 URLs.

http://dw.uptodown.com/dwn/_Td1e3hmG_Pq3rYZQKGqxI0uGw6naFFlM4HrKeMBPdies6F1aVt3aab2iEBZqMQR2etDst9aFJztTSKJmiE7_FUhmj2AX8AOXIjIOIi-dq9vmgDuGVNcSLjgd21zJm4m/PvMeUbWOykBMJhAl7_OScp48xv07lfGZ_UY5ZyjaS7kpqQ5EItkS3oMX5VbjLX3wR1C69yy7tIAgKx_B1rCwAM6NfnDLdJO41X80Ee7iWg5LpRL09Tt6zvgCZuSpy84l/t8z0eIUvq5wXTSQ5jDuMf5-bmhP9SLNQj8ExbOAzOIY2VEY7lFx0yP2kgRdDWqq9lEGRUWe_zAeCaFd18y9Hu-77WrAPjQFM-tGjD_OllAF-sAvPr6p9tsNxjvCf3CHl/.../

https://photo-dvd-maker.en.softonic.com/.../6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAM6VGwKff7AvGGEkAtopOYdJwJArb4LsWLsS0IZuhXpjiHKPpvJyza1pJNV48ZXV 4ZwIUbhkVEwKFjtyP5wbmt3JE1gSX 7MvW9IlGu4Fgc76LLSfH3AeBPCBQLGLUNzg=

http://dw.uptodown.com/dwn/4qPvQxjmU25VBGqdV719Mt2wYwpf2ZPBzmGMROUCGP_HQz_ljppcs1noWBukoYd01jKNSF5wtf0OMNQHxnApzcFNYw0VJo_L4qzXa1cAM-p3Czf2Q87SL9fUL9hOIxnA/Y486oXahxLPry3oHmCmnU2fql-zfwi7TO7Dj7gBLMiAJ3g4VssgxkkykLee9A2UNol9FDxKja2ZITmNsSiwFIHwdkL0xF1bkIJLw4NSINkrVzRo0FalkRYp_r5LHpC_z/fIMT0gB1jUcQCwV9AjDSa5Vd-ilpODRkZz_MD3XzpLs-jg2qQzD8JjE1img5XJRg642R9bBuW_awPZQ7zAs9wfC-J1R2AY8bNU2AbcFh7m_XvDQ4I3JrqfgQz1XM7iGd/.../

https://dw.uptodown.com/dwn/zaQs9_CZjg1KCnvlsz2VoLnuCmZi0bo6MNRle_HsPVq8v3d9vCNxXyQ2HrtjLToZ2x9gdi9Yv1JTAv6yGPGhoS3DGE6WvjhA3BotQalSkVEZzU0Ie9X9yWlcDrg5Imye/8_6ay5dFNzlnnA_PxhNgH-jozNqu9ez_VtzQkl5nddOzXrkoHi42oTc35f3pgqIEKMDY6LLG_t5-zRXmMZZbXj_APNt5wG0RGb2sVDEAvrUYxVSVusQF_I588YB8WpHY/aApKAE1_8AMMLQVS1Ugy-43At3EfOGH9rYJitkrfTSf0N2h38hqAokDLfLqK_EkrWZ_CseqRwXIQB-SRYWPGlNGt8Vfnz0-mVDRy0nqXB-qAzrNf3WmwIW19_kvKAdFy/.../

https://photo-dvd-maker.softonic.com/download-tracker?th=8yS3 KGEYLiw7GKMHzA/trmsvRChbxdrflJq3ZIylWuuNX l7t5tJvFIrrYJ6zgyHVoTMr/.../qDR54IH1wR7qWC4B0Q=

http://software-files-a.cnet.com/s/software/13/55/66/.../pdmaker.exe

http://dw.uptodown.com/dl/1437504815/.../photo-dvd-maker-8-53-en-fr-de-jp-win.exe

http://my-photo-slide-show.software.informer.com/.../

http://dw.uptodown.com/dwn/e4YRIW6t8sQDO7oSD6udBt2FCVOmFcMHNEpdEAA6PVry9TtXpoWi89TL8M9VGqbH-tcpbZsJAGPX9UTFq12H4CKWKkNUhGa6VHfADZ2XXuxYGYja-vDeDKYWMLl-NmTl/gTn2TN2AkRVd-3A1fui-PjWKulbTiabHt9CVagiEhw0VBWFtG5X7g4_B3-w284sp5GUM2DVFKuCO0qmuZpPnbj2hXuNtBTHdVjRTc7xly_p5aKY4z7Pqd7OnaOVJASj-/wpoVEWjPJPyha9N2qGYd18BeOJi5I5Y-EujabCLX8Xjz9VoA0NUM7f5dgw8ZMS0XJvJALUTSqT0tu1HY6R_zEsPMMcTirvr7S4M_C7XRhQK7zpdM-IlxwGjXxD6HtJAk/.../

https://download.heise.de/software/0676267e4ce741904a60e85c62106060/552c338b/.../pdmaker.exe

http://dw.uptodown.com/dwn/tw6zyl9cTRIG6RSM49fZVty8EiUtGIlsCGdUAq10v5WDD1yCt56NPfobS6SMeNzjN32FXfRkAgm2cPvvGecRBlU9bjABdJZH0ZH1O8ZFIJI_7t94wRnYlOYlNFkiDTaQ/sSXCcfPd_WG7W4sph9iNrjJsD-2lQmb1dqgRVo0hPSQ-33lyKhsZpjAtK_I_Vt6UdL9UvoEXVqPdGPP8W6ayEAXpFOy3hJkj6-xwUvwH6YW05-qkxiBUpg5l2Tt4zrFr/.../

Scan pdmaker.exe - Powered by Reason Core Security