× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0cbb6cf70949811d2a0b8736456ae1e7fb4b2db7c34e5c8316140d97b5bf0760
File name: somepdfcreator_setup.exe
Detection ratio: 2 / 68
Analysis date: 2017-11-29 00:50:14 UTC ( 2 months, 3 weeks ago )
Antivirus Result Update
VBA32 Trojan.Bcex 20171128
Zillya Trojan.Bcex.Win32.166 20171128
Ad-Aware 20171128
AegisLab 20171128
AhnLab-V3 20171128
Alibaba 20171128
ALYac 20171129
Antiy-AVL 20171128
Arcabit 20171128
Avast 20171128
Avast-Mobile 20171128
AVG 20171128
Avira (no cloud) 20171128
AVware 20171128
Baidu 20171127
BitDefender 20171128
Bkav 20171128
CAT-QuickHeal 20171128
ClamAV 20171128
CMC 20171126
Comodo 20171128
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171129
Cyren 20171129
DrWeb 20171129
eGambit 20171129
Emsisoft 20171128
Endgame 20171024
ESET-NOD32 20171128
F-Prot 20171129
F-Secure 20171128
Fortinet 20171129
GData 20171129
Ikarus 20171128
Sophos ML 20170914
Jiangmin 20171129
K7AntiVirus 20171128
K7GW 20171129
Kaspersky 20171129
Kingsoft 20171129
Malwarebytes 20171129
MAX 20171129
McAfee 20171129
McAfee-GW-Edition 20171128
Microsoft 20171129
eScan 20171128
NANO-Antivirus 20171128
nProtect 20171128
Palo Alto Networks (Known Signatures) 20171129
Panda 20171128
Qihoo-360 20171129
Rising 20171129
SentinelOne (Static ML) 20171113
Sophos AV 20171129
SUPERAntiSpyware 20171128
Symantec 20171128
Symantec Mobile Insight 20171124
Tencent 20171129
TheHacker 20171126
TotalDefense 20171128
TrendMicro 20171128
TrendMicro-HouseCall 20171128
Trustlook 20171129
VIPRE 20171128
ViRobot 20171128
Webroot 20171129
WhiteArmor 20171104
Yandex 20171120
ZoneAlarm by Check Point 20171128
Zoner 20171128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Product SomePDF Creator
File version
Description SomePDF Creator Setup
Comments This installation was built with Inno Setup.
Packers identified
F-PROT INNO, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00009C40
Number of sections 8
PE sections
Overlays
MD5 e23a3ae814e859a987c00cb383984074
File type data
Offset 74752
Size 7738427
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_ICON 9
RT_STRING 6
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
NEUTRAL 7
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
35840

EntryPoint
0x9c40

MIMEType
application/octet-stream

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

ProductVersion
2.0.0201

FileDescription
SomePDF Creator Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SomePDF.com

CodeSize
37888

ProductName
SomePDF Creator

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 7f1a10b863d6fe1692a48f8f1fa142c8
SHA1 f3f70c5ed205b48be69d7c634afccb05a077f2fc
SHA256 0cbb6cf70949811d2a0b8736456ae1e7fb4b2db7c34e5c8316140d97b5bf0760
ssdeep
196608:dl3VN1VHLgaHuyTaefPIn4a/RLuFYYYce4sijmnMC4X:n/1BswTSBuqxWjQ4X

authentihash 7fdb9dfb67a7d178f488b5191aae0ed2799fea4f1f0274004e8fd46e35dc8d3b
imphash 884310b1928934402ea6fec1dbd3cf5e
File size 7.5 MB ( 7813179 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (77.7%)
Win32 Executable Delphi generic (10.0%)
Win32 Dynamic Link Library (generic) (4.6%)
Win32 Executable (generic) (3.1%)
Win16/32 Executable Delphi generic (1.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-03-29 13:38:21 UTC ( 5 years, 11 months ago )
Last submission 2017-01-04 08:07:28 UTC ( 1 year, 1 month ago )
File names somepdfcreator_setup.exe
somepdfcreator_setup.exe
Instalar.exe
somepdfcreator_setup.exe
somepdfcreator_setup.exe
315782
0cbb6cf70949811d2a0b8736456ae1e7fb4b2db7c34e5c8316140d97b5bf0760
filename
7f1a10b863d6fe1692a48f8f1fa142c8
somepdfcreator-setup.exe
somepdfcreator_setup.exe
file-4303041_
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!