foxit reader.exe

Foxit Reader Setup

Foxit Corporation

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from lb.cdn.m6web.fr and multiple other hosts.
Publisher:
Foxit Corporation   (signed by Foxit Corporation)

Product:
Foxit Reader Setup

Version:
6.1.4.217

MD5:
733c231e20e8281dc9085ae827597584

SHA-1:
dabf7136c12f046453104fabc648308bf824130d

SHA-256:
f9266967572ae587fab8f0b991de997bfbc4ffaaf3e1f24745a3ddfcd1f071b9

Scanner detections:
2 / 68

Status:
Inconclusive  (probably just false positive detections)

Analysis date:
12/24/2024 11:49:40 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/OpenCandy (variant)
8.9476

Reason Heuristics
PUP.OpenCandy.Installer (L)
16.11.29.10

File size:
31.9 MB (33,488,656 bytes)

Product version:
6.1.4.217

Copyright:
Copyright © 2005-2014 Foxit Corporation

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\appdata\local\temp\foxit reader.exe

Digital Signature
Authority:
Starfield Technologies, Inc.

Valid from:
5/3/2013 8:56:10 AM

Valid to:
5/3/2016 9:33:52 PM

Subject:
CN=Foxit Corporation, O=Foxit Corporation, L=Fremont, S=CA, C=US

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
04430E53296BF1

File PE Metadata
Compilation timestamp:
4/10/2010 5:57:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
786432:saZEUGsRVdPjkDMSiLE4oh4vk+hhHLJktmcELQm5VoWQUn5:hSUGmPPjMMJJock+hlJktmcELQWLJ

Entry address:
0x163C4

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 54, 55, 41, 00, E8, 70, 04, FF, FF, 33, C0, 55, 68, 91, 6A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 4D, 6A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, A6, EF, FF, FF, E8, B1, EA, FF, FF, 8D, 55, EC, 33, C0, E8, FB, 87, FF, FF, 8B, 55, EC, B8, B0, D6, 41, 00, E8, A6, EA, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, B0, D6, 41, 00, B2, 01...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
85 KB (87,040 bytes)

The file foxit reader.exe has been discovered within the following program.

360Amigo is registry optimizer. 360Amigo System Speedup bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).
www.360amigo.com
53% remove it
 
Powered by Should I Remove It?

The file foxit reader.exe has been seen being distributed by the following 50 URLs.

http://lb.cdn.m6web.fr/d/c/a/a12607e88dcb734069171e62fdd97647/53540e50/soft/.../foxit-reader_6-1-4_fr_13808.exe

http://www.foxitsoftware.com/.../latest.php?product=Foxit-Reader&platform=Windows

http://cdn01.foxitsoftware.com/pub/foxit/reader/desktop/win/3.x/3.3/.../FoxitReader331_enu.msi

http://darmoweprogramy.pl/.../FoxitReader614.0217_enu_Setup.exe

http://www.foxitsoftware.com/.../latest.php?product=Foxit-Reader

http://share2.earthlinktele.com/download.aspx?file=1227917271&sig=MTAvMTIvMjAxNiAwMTo0NDoxNw==

http://lb.cdn.m6web.fr/d/c/a/f9f08d53052e824a0a71acd85da26fc3/5344647f/soft/.../foxit-reader_6-1-4_fr_13808.exe

https://doc-0k-08-docs.googleusercontent.com/docs/securesc/62ioai8h3dtotoeintq15au17rm0eiir/8t6ddh3h0kciomqj3habc3qrdkuup3e2/1462327200000/05882812908269271570/.../0BzrXkYUxMH6xSnB3X3BNTE5Wd3c?e=download

Latest 30 of 66 download URLs

Scan foxit reader.exe - Powered by Reason Core Security