× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b82faa551fd7f67bcc1847ec476b9ed7c99dc1b31df40a68b779a44957600681
File name: free-pdf-to-word-doc-converter_1-1_en_199814.exe
Detection ratio: 0 / 67
Analysis date: 2018-01-12 21:18:37 UTC ( 10 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20180112
AegisLab 20180112
AhnLab-V3 20180112
Alibaba 20180112
ALYac 20180112
Antiy-AVL 20180112
Arcabit 20180112
Avast 20180112
Avast-Mobile 20180112
AVG 20180112
Avira (no cloud) 20180112
AVware 20180103
Baidu 20180112
BitDefender 20180112
Bkav 20180112
CAT-QuickHeal 20180112
ClamAV 20180112
CMC 20180111
Comodo 20180112
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20180112
Cyren 20180112
DrWeb 20180112
eGambit 20180112
Emsisoft 20180112
Endgame 20171130
ESET-NOD32 20180112
F-Prot 20180112
F-Secure 20180112
Fortinet 20180112
GData 20180112
Ikarus 20180112
Sophos ML 20170914
Jiangmin 20180112
K7AntiVirus 20180112
K7GW 20180112
Kaspersky 20180112
Kingsoft 20180112
Malwarebytes 20180112
MAX 20180112
McAfee 20180112
McAfee-GW-Edition 20180112
Microsoft 20180112
eScan 20180112
NANO-Antivirus 20180112
nProtect 20180112
Palo Alto Networks (Known Signatures) 20180112
Panda 20180112
Qihoo-360 20180112
Rising 20180112
SentinelOne (Static ML) 20171224
Sophos AV 20180112
SUPERAntiSpyware 20180112
Symantec 20180112
Symantec Mobile Insight 20180112
Tencent 20180112
TheHacker 20180112
TrendMicro 20180112
TrendMicro-HouseCall 20180112
Trustlook 20180112
VBA32 20180112
VIPRE 20180112
ViRobot 20180112
Webroot 20180112
WhiteArmor 20180110
Yandex 20180112
Zillya 20180112
ZoneAlarm by Check Point 20180112
Zoner 20180112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
hellopdf.com

File version 3.5.5.1
Description Free PDF to Word Doc Converter Setup
Comments This installation was built with Inno Setup.
Packers identified
F-PROT INNO, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00009A54
Number of sections 8
PE sections
Overlays
MD5 0ef783020cff0ad4ab446049d9e26c32
File type data
Offset 53248
Size 1075668
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
3.5.5.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Free PDF to Word Doc Converter Setup

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

InitializedDataSize
17408

EntryPoint
0x9a54

MIMEType
application/octet-stream

LegalCopyright
hellopdf.com

FileVersion
3.5.5.1

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
www.hellopdf.com

CodeSize
37376

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
PE resource-wise parents
Compressed bundles
PCAP parents
File identification
MD5 4e8323d2cc75190444464f9ae08181fc
SHA1 d1690b610bc4b01a1d102917d41bfde621dfef90
SHA256 b82faa551fd7f67bcc1847ec476b9ed7c99dc1b31df40a68b779a44957600681
ssdeep
12288:Z2UBeLmHgdeQtKyDH1pB0QnF1vGjIR50VU4A1KBpW8Vsf8f75IJIPPmH+D+WNNyL:Z2UAmHgdeQJp+QnFKU40KeFYN+JOMM6r

authentihash 0a1df1426e4f546d0979566f62c01f99ca15376df7739fffed4000b18118d29a
imphash 884310b1928934402ea6fec1dbd3cf5e
File size 1.1 MB ( 1128916 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable PowerBASIC/Win 9.x (50.8%)
Inno Setup installer (37.6%)
Win32 Executable Delphi generic (4.8%)
Win32 Dynamic Link Library (generic) (2.2%)
Win32 Executable (generic) (1.5%)
Tags
peexe via-tor overlay software-collection

VirusTotal metadata
First submission 2008-01-08 21:51:27 UTC ( 10 years, 10 months ago )
Last submission 2018-11-19 12:39:37 UTC ( 1 day, 3 hours ago )
File names PDF_to_Word_Doc_Converter_v1.1.exe
test.exe
pdf2wordsetup.exe
free_pdf_to_word_doc_converter_1_1.exe
freepdf2doc.exe
pdf2wordsetup.exe?token=1342778814_ff09bcfe04b40ab58c8bb996ad207a5f&lop=link&ptype=3000&ontid=2079&siteId=4&edId=3&spi=91e6cb62b918b06ef75df427fd89f88d&pid=10792871&psid=10792870&&fileName=pdf2wordsetup.exe
alnaddy.com_pdf2wordsetup.exe
filename
pdf2wordsetup.exe
29984
free-pdf-to-word-doc-converter-2270-jetelecharge.exe
Free PDF to Word Doc Converter v3.5.5.1 Setup.exe
789118
b82faa551fd7f67bcc1847ec476b9ed7c99dc1b31df40a68b779a44957600681
pdf2wordsetup_1.1.exe
easy_pdf_to_text_converter_1_26930.exe
pdfwordconverter.exe
pdf2text.exe
b82faa551fd7f67b_cuckoo-35b6db21e57749e2e2ca01c373cbc8a56cab5afe9fec84c86dccb77622f91a8c.exe
pdf2wordsetup (1).exe
Hellopdf2wordsetup.exe
Free PDF to Word Doc Converter 1.1.exe
freepdf2doc.exe
pdf2word.exe
2fuqwyilysybuhiqfel5ig754yq5734q.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!