× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2d0072c2effd5278d0211438fa9a29cf394f01857273a53b09a629977c024b30
File name: ConversionService.exe
Detection ratio: 2 / 62
Analysis date: 2019-02-17 22:02:09 UTC ( 2 months ago )
Antivirus Result Update
Microsoft PUA:Win32/CandyOpen 20190219
Rising PUA.CandyOpen!8.F604 (CLOUD) 20190219
Acronis 20190213
Ad-Aware 20190219
AegisLab 20190219
AhnLab-V3 20190219
Alibaba 20180921
Antiy-AVL 20190219
Arcabit 20190219
Avast 20190219
Avast-Mobile 20190218
AVG 20190219
Avira (no cloud) 20190218
Babable 20180918
Baidu 20190215
BitDefender 20190219
CAT-QuickHeal 20190218
ClamAV 20190218
CMC 20190218
Comodo 20190219
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190219
Cyren 20190219
DrWeb 20190219
eGambit 20190219
Emsisoft 20190219
Endgame 20190215
ESET-NOD32 20190219
F-Secure 20190219
Fortinet 20190219
GData 20190219
Sophos ML 20181128
Jiangmin 20190219
K7AntiVirus 20190218
K7GW 20190218
Kaspersky 20190218
Kingsoft 20190219
Malwarebytes 20190219
MAX 20190219
McAfee 20190219
McAfee-GW-Edition 20190218
eScan 20190219
NANO-Antivirus 20190219
Palo Alto Networks (Known Signatures) 20190219
Panda 20190218
Qihoo-360 20190219
SentinelOne (Static ML) 20190203
Sophos AV 20190219
SUPERAntiSpyware 20190213
Symantec 20190218
Symantec Mobile Insight 20190207
TACHYON 20190219
Tencent 20190219
TheHacker 20190217
TotalDefense 20190218
Trapmine 20190123
Trustlook 20190219
VBA32 20190218
ViRobot 20190218
Webroot 20190219
Yandex 20190215
ZoneAlarm by Check Point 20190219
Zoner 20190219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© "pdfforge GbR". All rights reserved.

Product ConversionService
Original name ConversionService.exe
Internal name ConversionService.exe
File version 1.0.52.8917
Description PDF Architect Conversion Service
Signature verification Signed file, verified signature
Signing date 4:21 PM 1/9/2013
Signers
[+] Chinery & Heindoerfer GbR
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Code Signing CA - G2
Valid from 11:00 PM 05/29/2012
Valid to 10:59 PM 05/30/2013
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha1RSA
Thumbprint 2014DB2DF8E9964AF9AB3805A0657247906DA935
Serial number 65 59 6C EC 84 2F 63 B3 9F 08 2A FB D5 D9 EA E1
[+] Thawte Code Signing CA - G2
Status Valid
Issuer thawte Primary Root CA
Valid from 12:00 AM 02/08/2010
Valid to 11:59 PM 02/07/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7
Serial number 47 97 4D 78 73 A5 BC AB 0D 2F B3 70 19 2F CE 5E
[+] thawte
Status Valid
Issuer thawte Primary Root CA
Valid from 12:00 AM 11/17/2006
Valid to 10:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 11:00 PM 10/17/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-09 14:29:40
Entry Point 0x0003043F
Number of sections 6
PE sections
Overlays
MD5 cdefd51487d6e4211c52061f24b46526
File type data
Offset 789504
Size 5704
Entropy 7.38
PE imports
RegCreateKeyExW
RegCloseKey
LookupAccountSidW
OpenServiceW
AdjustTokenPrivileges
ControlService
LookupPrivilegeValueW
RegDeleteKeyW
DeleteService
RegQueryValueExW
GetSecurityDescriptorLength
CloseServiceHandle
RegisterEventSourceW
OpenProcessToken
DeregisterEventSource
RegOpenKeyExW
CreateServiceW
GetTokenInformation
SetServiceStatus
RegQueryInfoKeyW
RegisterServiceCtrlHandlerW
RegEnumKeyExW
CreateProcessAsUserW
RegDeleteValueW
RevertToSelf
RegSetValueExW
OpenSCManagerW
ReportEventW
StartServiceCtrlDispatcherW
ImpersonateLoggedOnUser
GetStdHandle
WaitForSingleObject
EncodePointer
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
ExitProcess
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
WriteFile
GetTimeZoneInformation
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
TlsGetValue
MoveFileW
SetLastError
InterlockedDecrement
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
HeapSetInformation
EnumSystemLocalesA
GetUserDefaultLCID
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FormatMessageA
CreateThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
TerminateProcess
VirtualQuery
SetWaitableTimer
InterlockedIncrement
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetDateFormatA
OpenProcess
GetStartupInfoW
GetProcAddress
GetProcessHeap
CompareStringW
GetTimeFormatA
CreateWaitableTimerA
IsValidLocale
DuplicateHandle
WaitForMultipleObjects
CreateEventW
CreateFileW
CreateEventA
GetFileType
TlsSetValue
GetCurrentThreadId
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
lstrlenA
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
WaitForSingleObjectEx
lstrlenW
Process32NextW
SizeofResource
GetCurrentProcessId
ProcessIdToSessionId
GetCommandLineW
GetCPInfo
HeapSize
InterlockedCompareExchange
Process32FirstW
RaiseException
TlsFree
SetFilePointer
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
OpenEventW
Sleep
OpenEventA
VirtualAlloc
GetOEMCP
ResetEvent
NetUserGetInfo
NetApiBufferFree
LoadRegTypeLib
SysStringLen
UnRegisterTypeLib
RegisterTypeLib
VariantClear
SysAllocString
GetErrorInfo
SysFreeString
LoadTypeLib
VarUI4FromStr
MessageBoxW
PostThreadMessageW
TranslateMessage
CharUpperW
LoadStringW
GetMessageW
CharNextW
DispatchMessageW
CreateEnvironmentBlock
LoadUserProfileW
UnloadUserProfile
DestroyEnvironmentBlock
GetPrinterW
FindFirstPrinterChangeNotification
SetPrinterW
Ord(203)
FindClosePrinterChangeNotification
Ord(204)
FindNextPrinterChangeNotification
ClosePrinter
OpenPrinterW
WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory
CoInitializeEx
CoRegisterClassObject
CoInitialize
CoTaskMemAlloc
CoRevokeClassObject
CoAddRefServerProcess
CoUninitialize
CoCreateGuid
CoTaskMemRealloc
CoCreateInstance
CoInitializeSecurity
CoResumeClassObjects
OleRun
CoReleaseServerProcess
CoTaskMemFree
StringFromGUID2
PE exports
Number of PE resources by type
REGISTRY 2
RT_MANIFEST 1
TYPELIB 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL DEFAULT 5
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
308224

ImageVersion
0.0

ProductName
ConversionService

FileVersionNumber
1.0.52.8917

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
ConversionService.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.52.8917

TimeStamp
2013:01:09 15:29:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ConversionService.exe

ProductVersion
1.0.52.8917

FileDescription
PDF Architect Conversion Service

OSVersion
5.1

FileOS
Win32

LegalCopyright
"pdfforge GbR". All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
pdfforge GbR

CodeSize
480256

FileSubtype
0

ProductVersionNumber
1.0.52.8917

EntryPoint
0x3043f

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 e23ff9b2f8eeab2bdda681c21c48e843
SHA1 bb5a2a5f456018a2d6428e747f522952e7c6fc5b
SHA256 2d0072c2effd5278d0211438fa9a29cf394f01857273a53b09a629977c024b30
ssdeep
12288:q5Fz+riNgrFMHNR7BxW1WrWD8bJbSpRDUKY6gswzsdg22/D5:q6hFmNR7Bx0D8tnzsdgT/9

authentihash 7f2f956e18f1b3c3d04b1628b3c3e22b8a052f47ab17d721659be6ac9057af91
imphash f1e3e7c75b9a6d68a5536bbdfb0c181c
File size 776.6 KB ( 795208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (49.0%)
Win64 Executable (generic) (31.4%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
OS/2 Executable (generic) (2.3%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-01-24 14:13:18 UTC ( 6 years, 2 months ago )
Last submission 2018-05-17 00:37:56 UTC ( 11 months, 1 week ago )
File names conversionservice.exe
vt-upload-_pk0w7
ConversionService.exe
ConversionService.exe
conversionservice.exe
file-5238964_exe
CONVERSIONSERVICE.EXE
ConversionService.exe
ConversionService.exe
conversionservice.exe
ConversionService.exe
ConversionService.exe
ConversionService.exe
ConversionService.exe
ConversionService.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.