× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 602e16a37e7dd349044607eca1fc5022f63156e3e91a632ef396373967b19afd
File name: magicpdf_magicpdf_2.01_francais_206398.exe
Detection ratio: 0 / 61
Analysis date: 2017-06-28 19:49:03 UTC ( 6 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware 20170701
AegisLab 20170701
AhnLab-V3 20170701
Alibaba 20170701
ALYac 20170701
Antiy-AVL 20170630
Arcabit 20170701
Avast 20170701
AVG 20170701
Avira (no cloud) 20170701
AVware 20170701
Baidu 20170630
BitDefender 20170701
CAT-QuickHeal 20170701
ClamAV 20170701
CMC 20170701
Comodo 20170701
CrowdStrike Falcon (ML) 20170420
Cyren 20170701
DrWeb 20170701
Emsisoft 20170701
Endgame 20170629
ESET-NOD32 20170701
F-Prot 20170701
F-Secure 20170701
Fortinet 20170629
GData 20170701
Ikarus 20170701
Sophos ML 20170607
Jiangmin 20170701
K7AntiVirus 20170701
K7GW 20170701
Kaspersky 20170701
Kingsoft 20170701
Malwarebytes 20170701
McAfee 20170701
McAfee-GW-Edition 20170701
Microsoft 20170701
eScan 20170701
NANO-Antivirus 20170701
nProtect 20170701
Palo Alto Networks (Known Signatures) 20170701
Panda 20170701
Qihoo-360 20170701
Rising 20170701
SentinelOne (Static ML) 20170516
Sophos AV 20170701
SUPERAntiSpyware 20170701
Symantec 20170630
Symantec Mobile Insight 20170630
Tencent 20170701
TheHacker 20170628
TotalDefense 20170701
TrendMicro 20170701
TrendMicro-HouseCall 20170701
Trustlook 20170701
VBA32 20170630
VIPRE 20170701
ViRobot 20170701
Webroot 20170701
WhiteArmor 20170627
Yandex 20170630
Zillya 20170701
ZoneAlarm by Check Point 20170701
Zoner 20170701
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2005-2008 Magic Document Solutions Inc.

File version 2.0.1.669
Description MagicPDF Freeware Installer
Comments This installation was built with Inno Setup.
Packers identified
F-PROT INNO, appended, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000098CC
Number of sections 8
PE sections
Overlays
MD5 7774b73cb9847cc1c170ea1dad068165
File type data
Offset 52736
Size 892320
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
2.0.1.669

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
17408

EntryPoint
0x98cc

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.0.1.669

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
MagicPDF Freeware Installer

OSVersion
1.0

FileOS
Win32

LegalCopyright
Copyright (C) 2005-2008 Magic Document Solutions Inc.

MachineType
Intel 386 or later, and compatibles

CompanyName
Magic Document Solutions Inc.

CodeSize
36864

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 4de0c92350c12cfe27bcb5a176bf7afc
SHA1 feebf83c15d6145a3e0239485fa3087825887b51
SHA256 602e16a37e7dd349044607eca1fc5022f63156e3e91a632ef396373967b19afd
ssdeep
24576:EfOyMJfsg//tbL1LIKass/Wv0knuB/n+RE53NKB8RLdlLDHW:EGlJfsgXtNLIKass/Wvpn8+EdKu5dlLC

authentihash e9d6564521ddc5ac3c9561d993e3796de950e2255e12224efa4ac5d870673d72
imphash 884310b1928934402ea6fec1dbd3cf5e
File size 922.9 KB ( 945056 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable PowerBASIC/Win 9.x (51.2%)
Inno Setup installer (37.9%)
Win32 Executable Delphi generic (4.9%)
Win32 Dynamic Link Library (generic) (2.2%)
Win32 Executable (generic) (1.5%)
Tags
peexe overlay software-collection

VirusTotal metadata
First submission 2009-02-11 00:07:23 UTC ( 8 years, 11 months ago )
Last submission 2016-02-14 12:04:24 UTC ( 1 year, 11 months ago )
File names 1439225762-MagicPDF_Setup.exe
MagicPDF 2.01_freeware.downloads.org_4de0c92350c12cfe27bcb5a176bf7afc_vt0.exe
b
magicpdf_setup.exe
magicpdf_magicpdf_2.01_francais_206398.exe
filename
file
602E16A37E7DD349044607ECA1FC5022F63156E3E91A632EF396373967B19AFD
MagicPDF_Setup.exe
file
0507.exe
MagicPDF_Setup.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!