× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 416e1a76da9e8d64ada35fc226fe3d64ef26c69e7f3abbcfab36dcc4d9a01964
File name: PDFCompressor.exe
Detection ratio: 0 / 54
Analysis date: 2014-08-12 04:57:31 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware 20140812
AegisLab 20140812
Yandex 20140810
AhnLab-V3 20140811
AntiVir 20140811
Antiy-AVL 20140812
Avast 20140812
AVG 20140812
AVware 20140812
Baidu-International 20140811
BitDefender 20140812
Bkav 20140811
ByteHero 20140812
CAT-QuickHeal 20140812
ClamAV 20140811
CMC 20140809
Commtouch 20140812
Comodo 20140812
DrWeb 20140812
Emsisoft 20140812
ESET-NOD32 20140812
F-Prot 20140812
F-Secure 20140812
Fortinet 20140812
GData 20140812
Ikarus 20140812
Jiangmin 20140812
K7AntiVirus 20140811
K7GW 20140811
Kaspersky 20140812
Kingsoft 20140812
Malwarebytes 20140812
McAfee 20140812
McAfee-GW-Edition 20140811
Microsoft 20140812
eScan 20140812
NANO-Antivirus 20140812
Norman 20140811
nProtect 20140811
Panda 20140811
Qihoo-360 20140812
Rising 20140811
Sophos AV 20140812
SUPERAntiSpyware 20140804
Symantec 20140812
Tencent 20140812
TheHacker 20140808
TotalDefense 20140811
TrendMicro 20140812
TrendMicro-HouseCall 20140812
VBA32 20140811
VIPRE 20140812
ViRobot 20140812
Zoner 20140811
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
PDF Compressor

Publisher PDFCompressor.net
Product PDF Compressor
Original name PDFCompressor.exe
Internal name PDFCompressor
File version 3.00
Description Compress Scanned PDF and reduce the PDF file size.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-12 02:34:24
Entry Point 0x00003098
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
Ord(546)
Ord(518)
__vbaGenerateBoundsError
__vbaStrFixstr
__vbaInputFile
Ord(616)
__vbaRedimPreserveVar
_adj_fprem
__vbaR4Var
__vbaAryMove
__vbaObjVar
Ord(580)
__vbaStopExe
__vbaUI1Var
__vbaVarAnd
__vbaRedim
__vbaForEachCollObj
__vbaRefVarAry
__vbaRecDestruct
__vbaCyVar
_adj_fdiv_r
_allmul
__vbaUI1I2
__vbaRecAnsiToUni
Ord(320)
__vbaChkstk
__vbaObjSetAddref
__vbaFixstrConstruct
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaI2Var
__vbaR8Str
_CIlog
__vbaVarMul
__vbaRecAssign
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
Ord(581)
__vbaDerefAry
__vbaI4Var
__vbaFPInt
__vbaRecUniToAnsi
Ord(608)
__vbaFreeStr
Ord(670)
__vbaLateIdCallLd
Ord(631)
__vbaVarNot
__vbaStrI2
__vbaStrR8
Ord(588)
__vbaFPFix
Ord(709)
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
Ord(655)
EVENT_SINK_QueryInterface
__vbaFpUI1
Ord(516)
__vbaStrVarCopy
__vbaR8Cy
Ord(531)
__vbaVarInt
Ord(607)
__vbaLenBstr
Ord(525)
Ord(617)
Ord(561)
Ord(681)
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
Zombie_GetTypeInfoCount
__vbaUbound
__vbaVarTstLt
__vbaDerefAry1
__vbaFreeVar
__vbaBoolVarNull
Ord(556)
__vbaStrI4
__vbaLbound
__vbaFileOpen
Ord(571)
__vbaI2Str
Ord(321)
_CIsin
__vbaStrR4
Ord(606)
__vbaNew
__vbaAryLock
__vbaLsetFixstr
__vbaVarTstEq
__vbaStrMove
__vbaVarDiv
Ord(711)
__vbaOnError
_adj_fdivr_m32i
Ord(579)
__vbaInStrVar
__vbaStrCat
__vbaVarDup
_adj_fdiv_m32
__vbaVarNeg
__vbaPrintFile
EVENT_SINK_Release
__vbaStrCmp
__vbaErase
__vbaBoolVar
__vbaVarLateMemSt
__vbaAryVarVarg
__vbaFreeObjList
Ord(650)
Ord(592)
__vbaVarIndexLoad
EVENT_SINK_GetIDsOfNames
Ord(319)
Ord(666)
__vbaVar2Vec
__vbaVarForNext
__vbaFreeVarList
Ord(657)
__vbaStrVarMove
Ord(618)
__vbaExitProc
__vbaRaiseEvent
__vbaVarOr
__vbaVarTstNe
EVENT_SINK_Invoke
__vbaCastObj
__vbaLateMemCallLd
Ord(529)
__vbaVarTstGe
__vbaAryConstruct2
Ord(520)
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
Ord(660)
Ord(532)
_CIcos
Zombie_GetTypeInfo
Ord(651)
Ord(528)
__vbaStrErrVarCopy
__vbaVarCmpNe
__vbaVarMove
Ord(646)
__vbaErrorOverflow
__vbaNew2
__vbaR8IntI4
__vbaLateIdSt
__vbaR8IntI2
__vbaAryUnlock
__vbaVarCmpEq
__vbaAryDestruct
__vbaAryCopy
_adj_fprem1
Ord(619)
Ord(537)
Ord(563)
__vbaWriteFile
Ord(712)
__vbaLenVar
__vbaEnd
Ord(644)
__vbaI4Abs
Ord(685)
__vbaLateMemSt
__vbaVarIndexStore
__vbaVarLateMemCallLdRf
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarIndexLoadRefLock
__vbaVarForInit
__vbaObjIs
__vbaVarVargNofree
__vbaCyMulI2
Ord(591)
__vbaI4ErrVar
Ord(632)
Ord(645)
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
Ord(100)
__vbaRecDestructAnsi
__vbaCastObjVar
Ord(519)
__vbaNextEachCollObj
__vbaUI1I4
Ord(526)
_CIsqrt
__vbaVarCopy
__vbaLenBstrB
__vbaStrCopy
_CIatan
__vbaI2Abs
__vbaLateMemCall
_CItan
__vbaR8Var
__vbaLateMemStAd
__vbaObjSet
__vbaRedimVar
__vbaVarCat
_CIexp
__vbaStrToAnsi
__vbaFpR4
__vbaFpR8
__vbaFpI4
Ord(598)
__vbaFpI2
Number of PE resources by type
RT_ICON 10
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
135168

ImageVersion
3.0

ProductName
PDF Compressor

FileVersionNumber
3.0.0.0

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
PDFCompressor.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3.0

TimeStamp
2014:08:12 03:34:24+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PDFCompressor

FileAccessDate
2014:08:12 05:55:04+01:00

ProductVersion
3.0

FileDescription
Compress Scanned PDF and reduce the PDF file size.

OSVersion
4.0

FileCreateDate
2014:08:12 05:55:04+01:00

FileOS
Win32

LegalCopyright
PDF Compressor

MachineType
Intel 386 or later, and compatibles

CompanyName
PDFCompressor.net

CodeSize
1130496

FileSubtype
0

ProductVersionNumber
3.0.0.0

EntryPoint
0x3098

ObjectFileType
Executable application

File identification
MD5 f130bba2ab46a570329d2b8ab9e5e506
SHA1 a92c603ce13412a166ccb76acb93a3029ba25bd2
SHA256 416e1a76da9e8d64ada35fc226fe3d64ef26c69e7f3abbcfab36dcc4d9a01964
ssdeep
6144:X7Yohf2zGR+ic2nkZFj/hlke5tSk/iX7X5eIsRS3TJtR+iDz+:rYo16GR+Z2aX5tSkyEIuSDJtR+k+

imphash 3d4069298f9cc5c87c14212f0da05a2c
File size 1.2 MB ( 1257472 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (63.9%)
Win32 Executable MS Visual C++ (generic) (24.3%)
Win32 Dynamic Link Library (generic) (5.1%)
Win32 Executable (generic) (3.5%)
Generic Win/DOS Executable (1.5%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-12 04:57:31 UTC ( 3 years, 2 months ago )
Last submission 2014-08-12 04:57:31 UTC ( 3 years, 2 months ago )
File names PDFCompressor
PDFCompressor.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.