× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 28de41558b3563019abb61d63d3d274d9bf66cbb5c7d426098bc47abf9df7447
File name: 83971a2b062133ee133989c211d0b147
Detection ratio: 44 / 57
Analysis date: 2016-05-24 08:45:48 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.62874 20160524
AegisLab Worm.W32.Ngrbot!c 20160524
AhnLab-V3 Trojan/Win32.Upbot 20160524
ALYac Gen:Variant.Symmi.62874 20160524
Antiy-AVL Trojan/Win32.SelfDel 20160524
Arcabit Trojan.Symmi.DF59A 20160524
Avast Win32:Dorder-Y [Trj] 20160524
AVG Ransom_r.HF 20160524
Avira (no cloud) TR/Crypt.Xpack.zoyo 20160524
AVware Trojan.Win32.Generic!BT 20160524
Baidu Win32.Trojan.Kryptik.yj 20160523
Baidu-International Adware.Win32.iBryte.ETKS 20160523
BitDefender Gen:Variant.Symmi.62874 20160524
Bkav W32.PatacodQ.Trojan 20160524
CAT-QuickHeal Ransom.Tescrypt.A4 20160524
Cyren W32/Trojan.VLGA-6807 20160524
DrWeb BackDoor.Andromeda.1430 20160524
Emsisoft Gen:Variant.Symmi.62874 (B) 20160524
ESET-NOD32 a variant of Win32/Kryptik.ETKS 20160524
F-Secure Gen:Variant.Symmi.62874 20160524
Fortinet W32/Kryptik.ETKS!tr 20160524
GData Gen:Variant.Symmi.62874 20160524
Ikarus Trojan.Win32.Crypt 20160524
K7AntiVirus Trojan ( 004e24721 ) 20160524
K7GW Trojan ( 004e24721 ) 20160524
Kaspersky Worm.Win32.Ngrbot.batb 20160524
Malwarebytes Backdoor.Bot 20160524
McAfee RDN/Generic.dx 20160524
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fh 20160523
Microsoft Worm:Win32/Dorkbot 20160524
eScan Gen:Variant.Symmi.62874 20160524
NANO-Antivirus Trojan.Win32.Andromeda.ebnbye 20160524
Panda Trj/GdSda.A 20160523
Rising Trojan.Bagsu!8.3B1-UCTrhGoQ21N (Cloud) 20160524
Sophos AV Mal/Generic-S 20160524
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20160524
Symantec Trojan.Gen.2 20160524
Tencent Win32.Trojan.Inject.Auto 20160524
TrendMicro TROJ_GEN.R00YC0DDA16 20160524
VBA32 Malware-Cryptor.Limpopo 20160523
VIPRE Trojan.Win32.Generic!BT 20160524
ViRobot Trojan.Win32.Z.Zusy.329216.D[h] 20160524
Yandex Worm.Ngrbot!uOn+yQQQIaM 20160523
Zillya Worm.Ngrbot.Win32.9320 20160523
Alibaba 20160524
ClamAV 20160524
CMC 20160523
Comodo 20160524
F-Prot 20160524
Jiangmin 20160524
Kingsoft 20160524
nProtect 20160523
Qihoo-360 20160524
TheHacker 20160523
TotalDefense 20160524
TrendMicro-HouseCall 20160524
Zoner 20160524
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2004-2015 Foxit Software Inc. All Rights Reserved.

Product Foxit Reader
File version 7.2.8.1124
Description Foxit Reader
Comments This installation was built with Inno
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-05 23:17:09
Entry Point 0x0000A8EB
Number of sections 4
PE sections
PE imports
ScaleViewportExtEx
SetMapMode
SetColorAdjustment
Polyline
Arc
GetOutlineTextMetricsW
GetDCPenColor
FixBrushOrgEx
ColorMatchToTarget
GetEnhMetaFilePaletteEntries
GetPixel
ColorCorrectPalette
CreateHatchBrush
ExtEscape
GetLastError
InterlockedDecrement
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetConsoleCP
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
ConvertFiberToThread
GetStartupInfoA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetFileSize
GetConsoleOutputCP
WriteConsoleW
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetNamedPipeHandleStateW
GetThreadContext
GetProcessHeap
SetStdHandle
SetFilePointer
InitializeCriticalSection
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
TlsFree
GetFileAttributesExW
TerminateProcess
QueryPerformanceCounter
WriteConsoleA
EncodeSystemPointer
HeapCreate
VirtualFree
IsDebuggerPresent
Sleep
GetFileType
GetTickCount
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
GetCurrentProcessId
SetLastError
LeaveCriticalSection
NetSetPrimaryComputerName
GetAsyncKeyState
UpdateLayeredWindow
ValidateRgn
TrackPopupMenu
VkKeyScanA
MoveWindow
WaitForInputIdle
CreateIconFromResourceEx
ChildWindowFromPoint
GetGuiResources
IsWindowEnabled
GetForegroundWindow
VkKeyScanW
ArrangeIconicWindows
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
TXT 4
RT_VERSION 1
RT_ANICURSOR 1
Number of PE resources by language
JAPANESE DEFAULT 31
ENGLISH US 5
SERBIAN ARABIC ALGERIA 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.2.8.1124

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
259072

EntryPoint
0xa8eb

MIMEType
application/octet-stream

LegalCopyright
Copyright 2004-2015 Foxit Software Inc. All Rights Reserved.

FileVersion
7.2.8.1124

TimeStamp
2016:04:06 00:17:09+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

ProductVersion
7.2.8.1124

FileDescription
Foxit Reader

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Foxit Software Inc.

CodeSize
69120

ProductName
Foxit Reader

ProductVersionNumber
7.2.8.1124

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 83971a2b062133ee133989c211d0b147
SHA1 076ce3cee8ea68e71a0613bf3ba312808af62f90
SHA256 28de41558b3563019abb61d63d3d274d9bf66cbb5c7d426098bc47abf9df7447
ssdeep
6144:/aH8RLrhTVFPP344CiVFXgDpgk3yqZFHoWyq7iFbS9cg:ic1rV34xXDpgkzZ37i8L

authentihash 73cc6e62083e279d134c287bd86b3696fbd849d5b78841cdfc0ae0571f30a108
imphash d8d3b0ce22e25a9706a58389ffc06097
File size 321.5 KB ( 329216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-11 22:03:13 UTC ( 2 years, 8 months ago )
Last submission 2018-01-30 02:13:37 UTC ( 10 months, 3 weeks ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications