PDFSuite20 exe PUP dd!c File Malware Analysis: 0d6c5a7e6278b95959ba1477c5a06768
Gridinsoft Logo
File Icon

PDFSuite20.exe PUP dd!c Analysis

Updated 2 years ago
Checked by Malware Check
PDFSuite20.exe

Technical Analysis

File Name PDFSuite20.exe
Scanner Version 1.0.136.174
Database Version 2023-09-09 03:55:42 UTC

PUP.Avanquest.dd!c

Malware family: Avanquest

Avanquest develops system utilities and software tools for computer performance and security. Some products are classified as potentially unwanted programs due to marketing practices and potential system performance impacts.
N/A
Detection Rate
14,997,504
File Size (bytes)
2023-09-09
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
0d6c5a7e6278b95959ba1477c5a06768
SHA1
7d113c5f6bf22c15e17530008581211e8d87d70d
SHA256
48b43f9e1308ed0494e2dd787ebdd49e82df42a453db99df8e0a53f03d024f60
SHA512
073451b348308078a208751ddf7a322585b28fe6d1b053a7c674843eacaff30a26b26a000c8d0156110c95703edbe84af84955e485821ed9096c2aec25766657
ImpHash
14e5f654a2f824adb344ab4d99b3b57e

PE Analysis

Basic Information

Icon
Hash: 4f76226c273711adcad863215fd5146c
Fuzzy: b072b2f279011ad36487bb03c55aee6f
dHash: 0024d4e8f49a8480
Image Base 0x00400000
Entry Point 0x00b67212
Compilation Time 2023-07-07 13:29:24
Checksum 0x00e5ccb5 (Actual: 0x00e54474)
OS Version 5.1
PEiD Signatures No signatures detected
PDB Path E:\TemporaryBuilds\azure-installer-pool-de-1\15\s\Installer\_bin\suite\Win32\PDFSuite20.pdb
Digital Signature OK
Imports 7 libraries
msi, KERNEL32, WINSPOOL, USERENV, gdiplus, UxTheme, USP10
Exports 163 functions
Resources 141 Resources
Sections 5 Sections

Digital Signatures

Entrust Root Certification Authority - G2 Entrust, Inc. (US)
Entrust Root Certification Authority - G2 Entrust, Inc. (US)
Entrust Code Signing Root Certification Authority - CSBR1 Entrust, Inc. (US)
Entrust Extended Validation Code Signing CA - EVCS2 Avanquest Software (7270356 Canada Inc) (CA)

Version Information

FileVersion 20.0.5.2954
ProductVersion 20.0.5.2954
CompanyName Avanquest Software
FileDescription PDF Suite 20 Installer
InternalName PDFSuite20.exe
LegalCopyright © 2007-2023 Avanquest Software (7270356 Canada Inc.). All rights reserved.
OriginalFilename PDFSuite20.exe
ProductName PDF Suite 20 Installer
CommitID c692fb773bc7489556def422eb965141bc3a49a0
Translation 0x0409 0x04e4
FileVersion 20.0.5.2954
ProductVersion 20.0.5.2954
CompanyName Avanquest Software
FileDescription PDF Suite 20 Installer
InternalName PDFSuite20.exe
LegalCopyright © 2007-2023 Avanquest Software (7270356 Canada Inc.). All rights reserved.
OriginalFilename PDFSuite20.exe
ProductName PDF Suite 20 Installer
CommitID c692fb773bc7489556def422eb965141bc3a49a0
Translation 0x0409 0x04e4

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 9,064,113 bytes 9,064,448 bytes 6.58 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 91C4559B2336CFBCEF8E8771289CECC3
.rdata 0x008a6000 1,808,156 bytes 1,808,384 bytes 5.28 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4D0DC4CA85B577CD16947E6E85F4B6D9
.data 0x00a60000 450,500 bytes 386,560 bytes 5.35 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 51F48EA207509E503901695286B48953
.rsrc 0x00ace000 3,184,764 bytes 3,185,152 bytes 7.06 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 39DCA009BD3C4819CAD3B5FE89E1A068
.reloc 0x00dd8000 538,832 bytes 539,136 bytes 6.56 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6A48A7E59AEB0ADD716C25301700F1D2
Entropy Analysis Alert

3 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 141 (3,171,310 bytes)
Resource Type Count Total Size Percentage
DLL 1 983,608 bytes
31%
DOWNLOAD 1 257 bytes
0%
REGISTRY 2 440 bytes
0%
SETTINGS 4 9,529 bytes
0.3%
TYPELIB 1 2,428 bytes
0.1%
UI-DATA 123 2,154,585 bytes
67.9%
RT_ICON 4 17,472 bytes
0.6%
RT_STRING 1 64 bytes
0%
RT_GROUP_ICON 1 62 bytes
0%
RT_VERSION 2 2,032 bytes
0.1%
RT_MANIFEST 1 833 bytes
0%

Certificate Chain Analysis

Certificate #1
Subject Entrust Root Certification Authority - G2
Entrust, Inc.
US
Issuer Entrust Root Certification Authority - G2
Serial Number 1246989352
Certificate #2
Subject Entrust Code Signing Root Certification Authority - CSBR1
Entrust, Inc.
US
Issuer Entrust Root Certification Authority - G2
Serial Number 104016719443392582891195013311543612543
Certificate #3
Subject Entrust Extended Validation Code Signing CA - EVCS2
Entrust, Inc.
US
Issuer Entrust Code Signing Root Certification Authority - CSBR1
Serial Number 71361457201517752660581604742734624043
Certificate #4
Subject Avanquest Software (7270356 Canada Inc)
Avanquest Software (7270356 Canada Inc)
CA
Issuer Entrust Extended Validation Code Signing CA - EVCS2
Serial Number 86567264048968947235244180863179642758
Certificate Verification Status

OK

PUP.Avanquest.dd!c Removal

Gridinsoft has the capability to identify and eliminate PUP.Avanquest.dd!c without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware