× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4cbf6b53ec3be0c5940124281ee5de9bcfae5c3c9b8ee1565890cc917c7fb055
Detection ratio: 0 / 62
Analysis date: 2018-01-05 02:46:05 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20171225
AegisLab 20180105
AhnLab-V3 20180104
Alibaba 20180105
ALYac 20180105
Antiy-AVL 20180103
Arcabit 20180105
Avast 20180105
Avast-Mobile 20180104
AVG 20180105
Avira (no cloud) 20180105
Baidu 20180104
BitDefender 20180105
Bkav 20180104
CAT-QuickHeal 20180104
ClamAV 20180104
CMC 20180104
Comodo 20180105
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cyren 20180104
DrWeb 20180105
eGambit 20180105
Emsisoft 20180104
Endgame 20171130
ESET-NOD32 20180105
F-Prot 20180105
F-Secure 20180104
Fortinet 20180104
GData 20180105
Sophos ML 20170914
Jiangmin 20180105
K7AntiVirus 20180104
K7GW 20180104
Kaspersky 20180105
Kingsoft 20180105
Malwarebytes 20180104
MAX 20180105
McAfee 20180102
McAfee-GW-Edition 20180105
Microsoft 20180104
eScan 20180104
NANO-Antivirus 20180105
nProtect 20180105
Palo Alto Networks (Known Signatures) 20180105
Panda 20180104
Qihoo-360 20180105
Rising 20180105
SentinelOne (Static ML) 20171224
Sophos AV 20180105
SUPERAntiSpyware 20180105
Symantec 20180105
Tencent 20180105
TheHacker 20180103
TotalDefense 20180104
TrendMicro-HouseCall 20180105
Trustlook 20180105
VBA32 20180104
VIPRE 20180105
ViRobot 20180104
WhiteArmor 20171226
Yandex 20171229
Zillya 20180104
ZoneAlarm by Check Point 20180105
Zoner 20180105
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) PlotSoft LLC

Product PDFill FREE PDF Writer
Original name PDFill_PDF_Writer.exe
Internal name PDFill_PDF_Writer
File version 14.0
Description Create, Edit, Save PDF; Edit PDF file without Adobe Acrobat
Signature verification Signed file, verified signature
Signing date 5:11 PM 9/9/2017
Signers
[+] PlotSoft LLC
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 2/15/2017
Valid to 12:59 AM 2/16/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 3F86A68B72421AACB6D26D66734FB98283836928
Serial number 41 3B 26 37 B6 56 7E 8D CC 2E CF DF 9B 1B 3B 52
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 12/31/2015
Valid to 7:40 PM 7/9/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Packers identified
F-PROT appended, 7Z, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-05-03 08:11:31
Entry Point 0x000245CF
Number of sections 4
PE sections
Overlays
MD5 198525d3c2f451a0579d51c281d4c59b
File type application/x-ms-dos-executable
Offset 226816
Size 19755584
Entropy 8.00
PE imports
RegDeleteKeyA
CloseServiceHandle
LookupPrivilegeValueA
RegOpenKeyA
RegCloseKey
OpenServiceA
OpenProcessToken
RegSetValueExA
QueryServiceStatus
RegQueryValueExA
LockServiceDatabase
GetUserNameA
StartServiceA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
AdjustTokenPrivileges
RegEnumKeyExA
UnlockServiceDatabase
RegQueryInfoKeyA
OpenSCManagerA
CreatePropertySheetPageA
PropertySheetA
DestroyPropertySheetPage
GetObjectA
GetDeviceCaps
GetWindowExtEx
SetMapMode
DeleteDC
SetBkMode
SelectObject
GetStockObject
CreateFontIndirectA
GetMapMode
GetViewportExtEx
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetFileAttributesA
SetEvent
GetDriveTypeA
HeapDestroy
DebugBreak
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
lstrcatA
FindResourceExA
GetTempPathA
WideCharToMultiByte
InterlockedExchange
WriteFile
WaitForSingleObject
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
SetFileAttributesA
FreeLibrary
MoveFileA
ConnectNamedPipe
GetLogicalDriveStringsA
GetEnvironmentVariableA
LoadResource
FindClose
InterlockedDecrement
FormatMessageA
GetStringTypeExA
OutputDebugStringA
GetSystemTime
InitializeCriticalSection
GetUserDefaultLangID
CopyFileA
HeapAlloc
GetVersionExA
RemoveDirectoryA
LoadLibraryExA
MultiByteToWideChar
FlushInstructionCache
CreateMutexA
GetModuleHandleA
CreateThread
GetExitCodeThread
MulDiv
GetSystemDirectoryA
TerminateProcess
GlobalAlloc
SearchPathA
GetVersion
LeaveCriticalSection
SetCurrentDirectoryA
HeapFree
EnterCriticalSection
TerminateThread
lstrcmpiA
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
GetProcessHeap
lstrcmpA
FindFirstFileA
lstrcpyA
ResetEvent
GetTempFileNameA
FindNextFileA
GlobalMemoryStatus
GlobalLock
CreateEventA
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
GetSystemInfo
lstrlenA
GlobalFree
GetThreadLocale
GlobalUnlock
IsDBCSLeadByte
VirtualQuery
CreateNamedPipeA
GetModuleFileNameA
GetShortPathNameA
SizeofResource
GetCurrentProcessId
LockResource
lstrlenW
HeapSize
GetCommandLineA
GetSystemDefaultLangID
RaiseException
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetCurrentThreadId
GetDiskFreeSpaceA
CreateProcessA
Sleep
FindResourceA
VirtualAlloc
VarUI4FromStr
OleLoadPicture
ShellExecuteExA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SetFocus
RedrawWindow
GetForegroundWindow
GetParent
EmptyClipboard
SetPropA
EndDialog
LoadMenuA
CharNextA
KillTimer
GetDlgCtrlID
DestroyMenu
ShowWindow
DefWindowProcA
FindWindowA
GetPropA
MapWindowPoints
GetSystemMetrics
IsWindow
PostQuitMessage
GetWindowRect
DispatchMessageA
EnableWindow
UnregisterClassA
PostMessageA
LoadImageA
MessageBoxA
PeekMessageA
GetWindowDC
SetWindowLongA
wvsprintfA
TranslateMessage
DialogBoxParamA
GetWindow
GetDC
ReleaseDC
SystemParametersInfoA
RemovePropA
SetWindowTextA
GetWindowLongA
SetClipboardData
IsWindowVisible
SendMessageA
CloseClipboard
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
SetWindowPos
EnableMenuItem
ScreenToClient
InvalidateRect
GetSubMenu
SetTimer
LoadIconA
TrackPopupMenu
GetActiveWindow
LoadStringA
OpenClipboard
CopyRect
GetDesktopWindow
CallWindowProcA
GetSystemMenu
MsgWaitForMultipleObjects
SetForegroundWindow
ModifyMenuA
ExitWindowsEx
DestroyWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
Number of PE resources by type
RT_ICON 12
RT_DIALOG 10
RT_STRING 8
RTF_FILE 2
RT_MENU 2
IMAGE_FILE 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 39
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
14.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
75264

EntryPoint
0x245cf

OriginalFileName
PDFill_PDF_Writer.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) PlotSoft LLC

FileVersion
14.0

TimeStamp
2010:05:03 09:11:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PDFill_PDF_Writer

ProductVersion
14.0

FileDescription
Create, Edit, Save PDF; Edit PDF file without Adobe Acrobat

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
PlotSoft LLC

CodeSize
150528

ProductName
PDFill FREE PDF Writer

ProductVersionNumber
14.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 0372fb91d5c3503e484317db1b9f20a5
SHA1 001208224bcbee554ceae7bcde9aababd2ba08ea
SHA256 4cbf6b53ec3be0c5940124281ee5de9bcfae5c3c9b8ee1565890cc917c7fb055
ssdeep
393216:83l+JHy/zc+/J31fuCuMvIl/GtDPt2bMqv65WyWyGKd4ZSGXY:PS3tuiKGb23TyF4LY

authentihash 80978ba6e92609452d2a8ed6b20508d436489cf5f5c25d56519912d51b9368e2
imphash 0293778bc9a64bfd8aaca4cd46a22fe6
File size 19.1 MB ( 19982400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (79.7%)
Win32 Executable (generic) (8.6%)
OS/2 Executable (generic) (3.8%)
Generic Win/DOS Executable (3.8%)
DOS Executable Generic (3.8%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-09-11 13:23:05 UTC ( 10 months, 1 week ago )
Last submission 2018-05-25 19:09:06 UTC ( 1 month, 3 weeks ago )
File names 4CBF6B53EC3BE0C5940124281EE5DE9BCFAE5C3C9B8EE1565890CC917C7FB055.exe
PDFill_PDF_Writer
PDFill_PDF_Writer.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created mutexes
Runtime DLLs
UDP communications