× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ea9ea1f7aa3c4b9bd59fc5393be6118f4838e9b3af755c1de2c92f8299473746
File name: setup.exe
Detection ratio: 4 / 55
Analysis date: 2016-01-28 19:59:17 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Cyren W32/Agent.XL.gen!Eldorado 20160128
F-Prot W32/Agent.XL.gen!Eldorado 20160128
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20160128
Rising PE:Malware.Obscure/Heur!1.A121 [F] 20160128
Ad-Aware 20160128
AegisLab 20160128
Yandex 20160128
AhnLab-V3 20160128
Alibaba 20160128
ALYac 20160128
Antiy-AVL 20160128
Arcabit 20160128
Avast 20160128
AVG 20160128
Avira (no cloud) 20160128
Baidu-International 20160128
BitDefender 20160128
Bkav 20160128
ByteHero 20160128
CAT-QuickHeal 20160128
ClamAV 20160128
CMC 20160111
Comodo 20160128
DrWeb 20160128
Emsisoft 20160128
ESET-NOD32 20160128
F-Secure 20160128
Fortinet 20160128
GData 20160128
Ikarus 20160128
Jiangmin 20160128
K7AntiVirus 20160128
K7GW 20160128
Kaspersky 20160128
Kingsoft 20160128
Malwarebytes 20160128
McAfee 20160128
McAfee-GW-Edition 20160128
Microsoft 20160128
eScan 20160128
NANO-Antivirus 20160128
nProtect 20160128
Panda 20160128
Sophos AV 20160128
SUPERAntiSpyware 20160128
Symantec 20160128
TheHacker 20160124
TotalDefense 20160128
TrendMicro 20160128
TrendMicro-HouseCall 20160128
VBA32 20160128
VIPRE 20160128
ViRobot 20160128
Zillya 20160128
Zoner 20160128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2005-2006 Foxit Software Company

Product Foxit Reader
Original name FoxitReader.EXE
Internal name FoxitReader.exe
File version 2, 0, 2006, 0609
Description Foxit Reader, Best Reader for Everyday Use!
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-28 19:49:22
Entry Point 0x0000A193
Number of sections 7
PE sections
Overlays
MD5 04fbaa2a67a3d91325f98023fd9b6c4c
File type data
Offset 355840
Size 512
Entropy 7.58
PE imports
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
RegQueryValueExW
RegOpenKeyExW
GetCharABCWidthsA
ColorMatchToTarget
CreateFontW
GetBitmapBits
GetDeviceCaps
DeleteDC
SetBkMode
RectInRegion
GetTextExtentExPointW
GetObjectW
BitBlt
GetEnhMetaFileDescriptionW
SetTextColor
SetAbortProc
EnumObjects
Escape
CreateBrushIndirect
GetStockObject
ExtTextOutA
PtVisible
GetLogColorSpaceW
SetTextAlign
CreateCompatibleDC
StretchBlt
GetTextFaceA
ExtEscape
SelectObject
CopyMetaFileW
Pie
RealizePalette
SetWindowExtEx
CancelDC
GetClipRgn
GdiTransparentBlt
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetOverlappedResult
SetEvent
LockResource
FindFirstFileW
SignalObjectAndWait
ReplaceFileW
GetHandleInformation
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
FreeEnvironmentStringsA
DisconnectNamedPipe
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
FreeEnvironmentStringsW
LocalAlloc
DebugActiveProcessStop
UnhandledExceptionFilter
SetFilePointer
GetEnvironmentStrings
SetErrorMode
GetLogicalDrives
GetFileInformationByHandle
DeleteCriticalSection
GetThreadContext
ReadFileScatter
SetStdHandle
WideCharToMultiByte
GetStringTypeA
GetDiskFreeSpaceW
FindResourceExW
WaitForSingleObject
GetSystemTimeAsFileTime
GetCommandLineA
Thread32First
HeapReAlloc
GetStringTypeW
ResumeThread
GetExitCodeProcess
LocalFree
FormatMessageW
IsWow64Process
GetThreadPriority
InitializeCriticalSection
OutputDebugStringW
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
QueryDosDeviceW
MoveFileW
GetFullPathNameW
QueueUserWorkItem
GetEnvironmentVariableW
SetLastError
ConnectNamedPipe
GetUserDefaultUILanguage
GetSystemTime
OpenThread
TlsGetValue
CopyFileW
lstrcpynW
LoadResource
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
LoadLibraryA
RaiseException
HeapSetInformation
SetProcessWorkingSetSize
SetThreadPriority
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
SetFilePointerEx
RegisterWaitForSingleObject
SetFileAttributesW
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
CreatePipe
SetNamedPipeHandleState
CreateSemaphoreW
DecodePointer
ReadFile
IsProcessorFeaturePresent
TzSpecificLocalTimeToSystemTime
SetEnvironmentVariableA
TerminateProcess
SetUnhandledExceptionFilter
WriteConsoleA
GetVersion
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
DebugActiveProcess
LocalFileTimeToFileTime
VirtualQueryEx
CreateEventW
SetEndOfFile
GetLocaleInfoA
GetCurrentThreadId
LeaveCriticalSection
GetModuleHandleExA
GetNumberFormatW
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetStartupInfoA
DosDateTimeToFileTime
GetWindowsDirectoryW
SetHandleInformation
GetFileSize
GetUserDefaultLangID
DeleteFileA
GetDateFormatW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetSystemInfo
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
EnumResourceNamesW
AssignProcessToJobObject
GetFileSizeEx
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
CompareStringA
Thread32Next
IsValidLocale
FindFirstFileExW
GetProcAddress
GetTempPathW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
GetLocaleInfoW
InterlockedIncrement
GetNativeSystemInfo
GetLastError
IsValidCodePage
SystemTimeToFileTime
LCMapStringW
HeapCreate
CreateNamedPipeW
lstrlenA
GetConsoleCP
FindResourceW
LCMapStringA
UnregisterWaitEx
CompareStringW
GetProcessTimes
GetThreadLocale
GetEnvironmentStringsW
IsDBCSLeadByte
VirtualQuery
lstrlenW
CreateProcessW
GetQueuedCompletionStatus
Module32FirstW
SwitchToThread
SizeofResource
UnregisterWait
GetCurrentProcessId
WaitNamedPipeW
CreateIoCompletionPort
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
Sleep
GetTimeFormatW
GetCurrentThread
SuspendThread
QueryPerformanceFrequency
ReleaseSemaphore
MapViewOfFile
TlsFree
GetModuleHandleA
Module32NextW
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
FileTimeToLocalFileTime
GetFileAttributesExW
GetLongPathNameW
CreateProcessA
GetCurrentDirectoryW
UnmapViewOfFile
WriteFile
PostQueuedCompletionStatus
VirtualFree
TransactNamedPipe
VirtualAlloc
GetOEMCP
ResetEvent
SetFocus
LoadBitmapW
PostQuitMessage
SetWindowPos
OemToCharBuffA
EndPaint
CharUpperBuffW
GetDC
ReleaseDC
SendMessageW
UnregisterClassW
GetClientRect
AllowSetForegroundWindow
GetDlgItemTextW
MsgWaitForMultipleObjectsEx
GetWindowTextW
GetWindowTextLengthW
MsgWaitForMultipleObjects
ScrollWindow
DestroyWindow
GetParent
UpdateWindow
GetMessageW
ShowWindow
CallMsgFilterW
PeekMessageW
EnableWindow
CharUpperW
GetClipboardFormatNameW
TranslateMessage
IsWindowEnabled
GetWindow
GetMenuDefaultItem
GetQueueStatus
LoadStringW
IsWindow
SetTimer
OemToCharA
IsDialogMessageW
FillRect
EnumThreadWindows
CopyRect
WaitForInputIdle
GetSysColorBrush
CreateWindowExW
TabbedTextOutW
GetWindowLongW
OpenClipboard
MapWindowPoints
BeginPaint
DefWindowProcW
GetScrollPos
KillTimer
SendNotifyMessageW
GetSystemMetrics
SetWindowLongW
GetWindowRect
SendDlgItemMessageW
PostMessageW
CreateDialogParamW
WaitMessage
GetClassLongW
GetLastActivePopup
SetWindowTextW
GetDlgItem
ScreenToClient
SetWindowsHookExW
LoadCursorW
LoadIconW
FindWindowExW
DispatchMessageW
SetForegroundWindow
ExitWindowsEx
CharToOemA
EndDialog
HideCaret
GetKeyboardLayout
wvsprintfW
MessageBoxW
RegisterClassExW
UnhookWindowsHookEx
DialogBoxParamW
GetSysColor
SetDlgItemTextW
IsCharAlphaNumericA
DestroyIcon
IsWindowVisible
InvalidateRect
CallWindowProcW
GetClassNameW
CloseDesktop
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance
CoAllowSetForegroundWindow
PropVariantClear
CoTaskMemFree
CoSetProxyBlanket
Number of PE resources by type
RT_DIALOG 5
RT_GROUP_CURSOR 1
RT_ICON 1
RT_MANIFEST 1
RT_ACCELERATOR 1
TXT 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 9
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.2006.609

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
251392

EntryPoint
0xa193

OriginalFileName
FoxitReader.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2005-2006 Foxit Software Company

FileVersion
2, 0, 2006, 0609

TimeStamp
2016:01:28 20:49:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
FoxitReader.exe

ProductVersion
2, 0, 2006, 0609

FileDescription
Foxit Reader, Best Reader for Everyday Use!

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
103424

ProductName
Foxit Reader

ProductVersionNumber
2.0.2006.609

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c932f23fbf6cc2894eb6379d9e3a8aef
SHA1 f8de78172d5688df18d916bffe84f3bc70bf324b
SHA256 ea9ea1f7aa3c4b9bd59fc5393be6118f4838e9b3af755c1de2c92f8299473746
ssdeep
6144:fZuekwzDb+TV0abuIMJGTtITrZpz2e4r0YXECY:BIwzDKlMJK7epf

authentihash 11a2dc3a71c5ef5f71286eeac64a572a75ab4e8032c640e0c8aa4ec285269678
imphash 3dbce583c9773dd68be28d95dd84a0d1
File size 348.0 KB ( 356352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-01-28 19:59:17 UTC ( 3 years, 1 month ago )
Last submission 2016-01-31 17:53:24 UTC ( 3 years, 1 month ago )
File names FoxitReader.exe
FoxitReader.EXE
f76384c4b71829caf18e06c42dd218f98d286854
setup.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
UDP communications