× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 13892c8de9a13966b81a1fca281654fc125f933ab650eaf9d642d4bcb6cdd484
File name: PDFill_PDF_Tools_FREE.exe
Detection ratio: 1 / 57
Analysis date: 2016-04-02 23:22:09 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Zillya Trojan.Kryptik.Win32.813287 20160402
Ad-Aware 20160403
AegisLab 20160402
AhnLab-V3 20160402
Alibaba 20160401
ALYac 20160403
Antiy-AVL 20160402
Arcabit 20160402
Avast 20160402
AVG 20160402
Avira (no cloud) 20160402
AVware 20160402
Baidu 20160402
Baidu-International 20160402
BitDefender 20160402
Bkav 20160402
CAT-QuickHeal 20160402
ClamAV 20160402
CMC 20160401
Comodo 20160402
Cyren 20160402
DrWeb 20160402
Emsisoft 20160402
ESET-NOD32 20160402
F-Prot 20160402
F-Secure 20160402
Fortinet 20160402
GData 20160402
Ikarus 20160402
Jiangmin 20160402
K7AntiVirus 20160402
K7GW 20160402
Kaspersky 20160402
Kingsoft 20160403
Malwarebytes 20160402
McAfee 20160402
McAfee-GW-Edition 20160402
Microsoft 20160402
eScan 20160402
NANO-Antivirus 20160402
nProtect 20160401
Panda 20160402
Qihoo-360 20160403
Rising 20160402
Sophos AV 20160402
SUPERAntiSpyware 20160402
Symantec 20160331
Tencent 20160403
TheHacker 20160330
TotalDefense 20160402
TrendMicro 20160402
TrendMicro-HouseCall 20160402
VBA32 20160401
VIPRE 20160402
ViRobot 20160402
Yandex 20160316
Zoner 20160402
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) PlotSoft LLC

Product PDFill FREE PDF Tools
Original name PDFill_PDF_Tools_FREE.exe
Internal name PDFill_PDF_Tools_FREE
File version 12.0
Description FREE PDF Tools to Merge, Split, Encrypt, Rotate, Crop, Header, Watermark ...
Signature verification Signed file, verified signature
Signing date 10:00 PM 9/19/2015
Signers
[+] PlotSoft LLC
Status This certificate or one of the certificates in the certificate chain is not time valid., Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO Code Signing CA 2
Valid from 1:00 AM 2/10/2014
Valid to 12:59 AM 2/10/2017
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 7E5ADC6A2BEACB8EEB5394A432D6532B928B86AB
Serial number 33 8D 5E D9 70 CA 2B 60 F7 5A B9 27 D4 F1 E5 68
[+] COMODO Code Signing CA 2
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbprint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Counter signers
[+] COMODO Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 5/5/2015
Valid to 12:59 AM 1/1/2016
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint DF946A5E503015777FD22F46B5624ECD27BEE376
Serial number 00 9F EA C8 11 B0 F1 62 47 A5 FC 20 D8 05 23 AC E6
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Packers identified
F-PROT appended, 7Z, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-05-03 08:11:31
Entry Point 0x000245CF
Number of sections 4
PE sections
Overlays
MD5 daf7ca5dd65a1f719850467e4e23f0c5
File type application/x-ms-dos-executable
Offset 226816
Size 9477192
Entropy 8.00
PE imports
RegDeleteKeyA
CloseServiceHandle
LookupPrivilegeValueA
RegOpenKeyA
RegCloseKey
OpenServiceA
OpenProcessToken
RegSetValueExA
QueryServiceStatus
RegQueryValueExA
LockServiceDatabase
GetUserNameA
StartServiceA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
AdjustTokenPrivileges
RegEnumKeyExA
UnlockServiceDatabase
RegQueryInfoKeyA
OpenSCManagerA
CreatePropertySheetPageA
PropertySheetA
DestroyPropertySheetPage
GetObjectA
GetDeviceCaps
GetWindowExtEx
SetMapMode
DeleteDC
SetBkMode
SelectObject
GetStockObject
CreateFontIndirectA
GetMapMode
GetViewportExtEx
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetFileAttributesA
SetEvent
GetDriveTypeA
HeapDestroy
DebugBreak
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
lstrcatA
FindResourceExA
GetTempPathA
WideCharToMultiByte
InterlockedExchange
WriteFile
WaitForSingleObject
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
SetFileAttributesA
FreeLibrary
MoveFileA
ConnectNamedPipe
GetLogicalDriveStringsA
GetEnvironmentVariableA
LoadResource
FindClose
InterlockedDecrement
FormatMessageA
GetStringTypeExA
OutputDebugStringA
GetSystemTime
InitializeCriticalSection
GetUserDefaultLangID
CopyFileA
HeapAlloc
GetVersionExA
RemoveDirectoryA
LoadLibraryExA
MultiByteToWideChar
FlushInstructionCache
CreateMutexA
GetModuleHandleA
CreateThread
GetExitCodeThread
MulDiv
GetSystemDirectoryA
TerminateProcess
GlobalAlloc
SearchPathA
GetVersion
LeaveCriticalSection
SetCurrentDirectoryA
HeapFree
EnterCriticalSection
TerminateThread
lstrcmpiA
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
GetProcessHeap
lstrcmpA
FindFirstFileA
lstrcpyA
ResetEvent
GetTempFileNameA
FindNextFileA
GlobalMemoryStatus
GlobalLock
CreateEventA
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
GetSystemInfo
lstrlenA
GlobalFree
GetThreadLocale
GlobalUnlock
IsDBCSLeadByte
VirtualQuery
CreateNamedPipeA
GetModuleFileNameA
GetShortPathNameA
SizeofResource
GetCurrentProcessId
LockResource
lstrlenW
HeapSize
GetCommandLineA
GetSystemDefaultLangID
RaiseException
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetCurrentThreadId
GetDiskFreeSpaceA
CreateProcessA
Sleep
FindResourceA
VirtualAlloc
VarUI4FromStr
OleLoadPicture
ShellExecuteExA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SetFocus
RedrawWindow
GetForegroundWindow
GetParent
EmptyClipboard
SetPropA
EndDialog
LoadMenuA
CharNextA
KillTimer
GetDlgCtrlID
DestroyMenu
ShowWindow
DefWindowProcA
FindWindowA
GetPropA
MapWindowPoints
GetSystemMetrics
IsWindow
PostQuitMessage
GetWindowRect
DispatchMessageA
EnableWindow
UnregisterClassA
PostMessageA
LoadImageA
MessageBoxA
PeekMessageA
GetWindowDC
SetWindowLongA
wvsprintfA
TranslateMessage
DialogBoxParamA
GetWindow
GetDC
ReleaseDC
SystemParametersInfoA
RemovePropA
SetWindowTextA
GetWindowLongA
SetClipboardData
IsWindowVisible
SendMessageA
CloseClipboard
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
SetWindowPos
EnableMenuItem
ScreenToClient
InvalidateRect
GetSubMenu
SetTimer
LoadIconA
TrackPopupMenu
GetActiveWindow
LoadStringA
OpenClipboard
CopyRect
GetDesktopWindow
CallWindowProcA
GetSystemMenu
MsgWaitForMultipleObjects
SetForegroundWindow
ModifyMenuA
ExitWindowsEx
DestroyWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
Number of PE resources by type
RT_ICON 12
RT_DIALOG 10
RT_STRING 8
RTF_FILE 2
RT_MENU 2
IMAGE_FILE 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 39
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
12.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
FREE PDF Tools to Merge, Split, Encrypt, Rotate, Crop, Header, Watermark ...

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
75264

EntryPoint
0x245cf

OriginalFileName
PDFill_PDF_Tools_FREE.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) PlotSoft LLC

FileVersion
12.0

TimeStamp
2010:05:03 09:11:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PDFill_PDF_Tools_FREE

ProductVersion
12.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
PlotSoft LLC

CodeSize
150528

ProductName
PDFill FREE PDF Tools

ProductVersionNumber
12.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
File identification
MD5 fa15b7da39be3b72cce8f8c7a837d3e2
SHA1 c53aaaad29fbabba8bf36ecddd9e9aac81e33f9f
SHA256 13892c8de9a13966b81a1fca281654fc125f933ab650eaf9d642d4bcb6cdd484
ssdeep
196608:F3rxx8uLY7N9zsI19rVdkGkUinZx2O2JYCFVd7rEn2z48:F31quLY70I1Nn7J0253FVd7rEn2z

authentihash 8c0eb74d78cb9479b673a51fa84aa193c60ebabce91b3a788d254cc06fe677ee
imphash 0293778bc9a64bfd8aaca4cd46a22fe6
File size 9.3 MB ( 9704008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2015-09-21 14:58:53 UTC ( 3 years, 6 months ago )
Last submission 2018-09-01 03:50:57 UTC ( 6 months, 3 weeks ago )
File names 42_30#T21#25899
PDFill_PDF_Tools_FREE.exe.infected
PDFill_PDF_Tools_FREE.exe
PDFill_PDF_Tools_FREE (2016_07_31 05_13_36 UTC).exe
735497
PDFill_PDF_Tools_FREE.exe
PDFill_PDF_Tools_20150924.exe
PDFill_PDF_Tools_FREE
13892C8DE9A13966B81A1FCA281654FC125F933AB650EAF9D642D4BCB6CDD484
PDFill_PDF_Tools_FREE.exe
PDFill_PDF_Tools_FREE - Copy.exe
filename
pdfill_pdf_tools_free.exe
PDFill_PDF_Tools_FREE.exe
PDFill_PDF_Tools_FREE.exe
PDFill_PDF_Tools_FREE (1).exe
PDFill_PDF_Tools_FREE.exe
PDFill_PDF_Tools_FREE.exe
PDFill_PDF_Tools_FREE.exe
PDF Tools.exe
PDFill_PDF_Tools_FREE(1).exe
PDFill PDF Tools.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created mutexes
Runtime DLLs