unipdf_7975.exe

The application unipdf_7975.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from secured.cdnawbwest.us.
MD5:
d1934dce43ae4d486c0ccee5c0a40040

SHA-1:
447dd6c974fbfb5ef9c197dd464c5962f9bbb23d

SHA-256:
f8b245a78faa5b2b22a3f77bd5d5afe74355d5028eb2c4fafa21a2d7e1a9e252

Scanner detections:
19 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
12/25/2024 12:09:58 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
PUA/InstallMonetizer.Gen
8.3.2.2

avast!
Win32:PUP-gen [PUP]
2014.9-160609

Baidu Antivirus
PUA.Win32.InstallMonetizer
4.0.3.1669

Dr.Web
Adware.Downware.12736
9.0.1.0161

ESET NOD32
Win32/InstallMonetizer.AW potentially unwanted
10.12476

G Data
Win32.Trojan.Agent.EZUH50
16.6.25

K7 AntiVirus
Adware
13.212.17674

Kaspersky
not-a-virus:Downloader.NSIS.SilentInstall
14.0.0.83

Malwarebytes
PUP.Optional.CheckOffer
v2016.06.09.11

McAfee
Artemis!D1934DCE43AE
5600.6374

NANO AntiVirus
Trojan.Nsis.Downloader.djhpgw
0.30.26.3947

Panda Antivirus
Generic Suspicious
16.06.09.11

Qihoo 360 Security
Win32/Virus.Downloader.0ad
1.0.0.1015

Reason Heuristics
PUP.InstallMonetizer.ET (M)
16.6.9.11

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16607

Sophos
AppMonetizer Installer (PUA)
4.98

SUPERAntiSpyware
Adware.InstallMonetizer/Variant
9092

Vba32 AntiVirus
Downloader.SilentInstall
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
44866

File size:
223.3 KB (228,666 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\unipdf_7975.exe

File PE Metadata
Compilation timestamp:
12/6/2009 4:22:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:VFJ0698s0Pn7b7pJ59E6rTUadigTZyt5q2pd5A8Wwo:h9aH7pBxddZybJd5A8Y

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.8387

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file unipdf_7975.exe has been seen being distributed by the following URL.

Remove unipdf_7975.exe - Powered by Reason Core Security