× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 90e1f14502520c6cc244119e0b8952bc826f379c550c5c6bd6a700b9006d47cb
File name: Expert.PDF.Reader.9.0.180.exe
Detection ratio: 0 / 68
Analysis date: 2018-11-26 06:45:05 UTC ( 2 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware 20181126
AegisLab 20181126
AhnLab-V3 20181126
Alibaba 20180921
Antiy-AVL 20181126
Arcabit 20181126
Avast 20181126
Avast-Mobile 20181125
AVG 20181126
Avira (no cloud) 20181126
Babable 20180918
Baidu 20181126
BitDefender 20181126
Bkav 20181123
CAT-QuickHeal 20181125
ClamAV 20181125
CMC 20181125
Comodo 20181126
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181126
Cyren 20181126
DrWeb 20181126
eGambit 20181126
Emsisoft 20181126
Endgame 20181108
ESET-NOD32 20181126
F-Prot 20181126
F-Secure 20181126
Fortinet 20181126
GData 20181126
Ikarus 20181125
Sophos ML 20181108
Jiangmin 20181126
K7AntiVirus 20181126
K7GW 20181126
Kaspersky 20181126
Kingsoft 20181126
Malwarebytes 20181126
MAX 20181126
McAfee 20181126
McAfee-GW-Edition 20181126
Microsoft 20181126
eScan 20181126
NANO-Antivirus 20181126
Palo Alto Networks (Known Signatures) 20181126
Panda 20181125
Qihoo-360 20181126
Rising 20181126
SentinelOne (Static ML) 20181011
Sophos AV 20181126
SUPERAntiSpyware 20181121
Symantec 20181126
Symantec Mobile Insight 20181121
TACHYON 20181126
Tencent 20181126
TheHacker 20181118
TotalDefense 20181126
Trapmine 20180918
TrendMicro 20181126
TrendMicro-HouseCall 20181126
Trustlook 20181126
VBA32 20181123
ViRobot 20181126
Webroot 20181126
Yandex 20181123
Zillya 20181123
ZoneAlarm by Check Point 20181126
Zoner 20181126
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) visagesoft

Product Free eXPert PDF Reader
Original name stub.exe
Internal name stub
File version 9.0.180.0
Description
Signature verification Signed file, verified signature
Signing date 3:31 PM 7/3/2013
Signers
[+] visagesoft
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 12:00 AM 12/06/2010
Valid to 11:59 PM 12/05/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint F7DD1AFD9733AEF4F43185777579CBBE1A02BC9A
Serial number 5D 82 B1 60 34 AA FA AD 64 F0 87 FD C3 A3 ED FF
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 08:09 AM 06/07/2005
Valid to 10:48 AM 05/30/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 10:48 AM 05/30/2000
Valid to 10:48 AM 05/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] COMODO Time Stamping Signer
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 12:00 AM 05/10/2010
Valid to 11:59 PM 05/10/2015
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 08:09 AM 06/07/2005
Valid to 10:48 AM 05/30/2020
Valid usage All
Algorithm sha1RSA
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 10:48 AM 05/30/2000
Valid to 10:48 AM 05/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Packers identified
F-PROT CAB
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-05-06 12:54:37
Entry Point 0x00008623
Number of sections 5
PE sections
Overlays
MD5 a324da4f4268a93ec1fb03cb76ac7aa0
File type data
Offset 121344
Size 15486744
Entropy 7.94
PE imports
GetTokenInformation
RegCloseKey
OpenProcessToken
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
EqualSid
RegOpenKeyExA
InitCommonControlsEx
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
GetEnvironmentVariableA
LoadResource
InterlockedDecrement
FormatMessageA
OutputDebugStringA
SetLastError
IsDebuggerPresent
HeapAlloc
GetVersionExA
RemoveDirectoryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
CreateMutexA
SetUnhandledExceptionFilter
GetSystemDirectoryA
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
CreateDirectoryA
DeleteFileA
GetProcAddress
GetProcessHeap
lstrcmpA
lstrcpyA
CompareStringA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetModuleFileNameA
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
SetFocus
CharPrevA
ShowWindow
GetSystemMetrics
GetWindowRect
DispatchMessageA
SetDlgItemTextA
MoveWindow
MessageBoxA
PeekMessageA
TranslateMessage
SystemParametersInfoA
SetWindowTextA
LoadStringA
SendMessageA
GetDlgItem
CreateDialogParamA
wsprintfA
LoadCursorA
LoadIconA
CharNextA
MsgWaitForMultipleObjects
SetForegroundWindow
DestroyWindow
ExitWindowsEx
IsDialogMessageA
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
DeleteUrlCacheEntry
InternetCanonicalizeUrlA
URLDownloadToCacheFileA
Number of PE resources by type
RT_ICON 4
RT_STRING 3
Struct(40) 2
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
9.0.180.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
41984

EntryPoint
0x8623

OriginalFileName
stub.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) visagesoft

FileVersion
9.0.180.0

TimeStamp
2013:05:06 13:54:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
stub

ProductVersion
9.0.180.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
78336

ProductName
Free eXPert PDF Reader

ProductVersionNumber
9.0.180.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 be28576842489235ed42af141da0ec55
SHA1 a46ac7fe486f9edabe110acac4bda439d98646e2
SHA256 90e1f14502520c6cc244119e0b8952bc826f379c550c5c6bd6a700b9006d47cb
ssdeep
196608:y8kPVFeuBI189r3T2cPSWYuJTls6lE3djIAvZqd0Y+9nHbsqIRODw1Alr6oH5m4W:7Cr5R3ratbsfODwu6od8FDR/Aj0

authentihash fbea446c9a5c3e3c59fadeedd97137cb7393e65cbf364f9daccad4b84b98d8f1
imphash 7314805c6e3cb2685e17f66c88d666ec
File size 14.9 MB ( 15608088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (35.3%)
Win32 Executable MS Visual C++ (generic) (26.5%)
Win64 Executable (generic) (23.5%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2013-07-08 04:20:57 UTC ( 5 years, 7 months ago )
Last submission 2018-09-08 21:40:38 UTC ( 5 months, 2 weeks ago )
File names vspdfreader.exe
1002-a46ac7fe486f9edabe110acac4bda439d98646e2
1548-vspdfreader.exe
vspdfreader.exe
file-7608665_exe
vspdfreader_9.0.180.exe
vspdfreader.exe
vspdfreader.exe
805-vspdfreader.exe
vspdfreader.exe
27_42#T20#11974
stub.exe
stub
vspdfreader.exe
Expert.PDF.Reader.9.0.180.exe
vspdfreader.exe
27_42#T20#11974
90E1F14502520C6CC244119E0B8952BC826F379C550C5C6BD6A700B9006D47CB
373953
myfile
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications