fr12pe_1214_11_withtrial.exe

ABBYY Production LLC

The program is a setup application that uses the Self-extracting archive installer. The file has been seen being downloaded from www.towerbitscenter.com and multiple other hosts.
Publisher:
ABBYY Production LLC  (signed and verified)

MD5:
9e9bc76d59afea0b24b7ed0ad4145f66

SHA-1:
cd209916f9f13486a6d8f6fc6276eeb761b30803

SHA-256:
d01ef62ab5e4db947a0d6349938dc8911732876e1866efde755bd46480cf2877

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 5:27:52 PM UTC  (today)

File size:
339.6 MB (356,076,744 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Self-extracting archive

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\fr12pe_1214_11_withtrial.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/15/2015 7:04:53 AM

Valid to:
12/15/2018 7:04:53 AM

Subject:
CN=ABBYY Production LLC, O=ABBYY Production LLC, L=Moscow, S=Moscow, C=RU

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11218490A44440DA1FD791C94DDA509E95B0

File PE Metadata
Compilation timestamp:
12/1/2013 12:08:23 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6291456:y9/KE1FcL9u6DiwshLGV1Ii28A89aXRb+OKExiBu1zhMJ:y9CPsqiJW1928A89aZSE0GzO

Entry address:
0x1D728

Entry point:
E8, F0, 57, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 05, FD, FF, FF, C7, 06, E4, 81, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, E4, 81, 42, 00, E9, BA, FD, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, E4, 81, 42, 00, E8, A7, FD, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, D1, C9, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Entropy:
7.9992  (probably packed)

Code size:
149.5 KB (153,088 bytes)

The file fr12pe_1214_11_withtrial.exe has been seen being distributed by the following 50 URLs.

http://www.towerbitscenter.com/G3n3LPhxKR6ek8dObwiMrdqN5McqSNTzHGt_tcNKpy7Ag1_S1s4fbrRdiEdqEf1vdibxQJ0WWOSja4yE5quHFHPhdjn_M_IFkHiXYOxAplA0j3 MGNmsgxQOyPQwZJ3RqIugcYnX21I1uqLqG35UkK0ipkT2sIjD_QBchHMfunnbHIcgX02L2GKRwm7r1dgtD63 lWz7kU3d8AfubNwF_f76RhtbAdN5HCnbRzQEs_pcUS5A3vUj3foWbdZIbd702x4nGz aFN7hDx4YZX87egBnAoTE_poabnxfzTvi yq3IwFuMuLwf4AWC4wMLXE5_pp3G0zwqzEqlItb266qVh3xlV2fP9qMnlFXgS5VMNmSLQbqiDPmIITRSjzS8qNiXHzCVO_GDhb2C q_z5Cvu5y_j65QYmvMiOnoe15k_iZEMABM9DAPS7q9MdRmFWQR736QukjjJsws1MDvUUfY tv j3yQpL7X5Ry2J3TnHyt1lOnXiEIyc6snzcLBZhTs1Z1DsEUQxcKjvaOOzYlOKXs4UTzZLniIqM9m_FLyhUltyz5v5zr9 FlH8ew3sIIJnBHflAcVZzztHgldpwDP0NUxhtxl1w==-GzoAAORtm0 p8XQEQVBIxyUJjhVBwkQOHFqpHMje2NaBvHGggeOeGc JTsdFYla1JqXakmlbOg2IHw==-e

https://store.abbyyeu.com/.../dlreg?t=99aPcM3sDOf7NjjI5rIw&k=111437939

https://store.abbyyeu.com/.../dlreg?t=99kB7ecOJ5b5dLalLvSu&k=111659546

https://store.abbyyeu.com/.../dlreg?t=99tjmENDdSxZVCiBdjly&k=111724355

https://store.abbyyeu.com/.../dlreg?t=99kaK9bcMOfV2cZPDDr4&k=111344180

https://store.abbyyeu.com/.../dlreg?t=99fGPU1ZkyuXVftNBO68&k=111733061

http://finereader.add-soft.jp/.../?wpdmpro=fr12-pro-trial&wpdmdl=4772

https://store.abbyyeu.com/.../dlreg?t=99GnIdz2ESj6muFB48nv&k=111561863

https://store.abbyyeu.com/.../dlreg?t=99Ju9gHxM6aFEg4caaPm&k=111302591

https://store.abbyyeu.com/.../dlreg?t=99CtK4QvbIZt2jDCuJGo&k=111700193

https://www.google.com/url?hl=it&q=http://www.abbyyeu.com/download/ArchivRetail/ABBYY_Retail_Products/.../1214_11_FR_12_Professional.exe&source=gmail&ust=1475696058041000&usg=AFQjCNE2IyZHfsf207YiSXh-sEXjsDVI7Q

https://shop.abbyyusa.com/affiliate.php?ACCOUNT=ABBYYUSA&AFFILIATE=700&PATH=http://download.abbyyeu.com/.../ABBYY_FR12_PRO_TRIAL.exe

https://shop.abbyyusa.com/order/.../GTbQ==

https://store.abbyyeu.com/.../dlreg?t=99vKUlU9OSRQrZMtcKMf&k=111714539

https://store.abbyyeu.com/.../dlreg?t=99LzUxkWHJF2ZjcucNn6&k=111564566

https://shop.abbyyusa.com/order/.../CbbQ==

https://store.abbyyeu.com/.../dlreg?t=99hBJ11DxfzKA2XjMkou&k=111660554

https://store.abbyyeu.com/.../dlreg?t=99D2sYs7CX4w0AG3KK0k&k=111384467

https://store.abbyyeu.com/.../dlreg?t=99LzPKpRaxBn29j6hKqk&k=111724478

https://store.abbyyeu.com/.../dlreg?t=99QqMSzo9tksB2qNIOW1&k=111383633

http://prosperent.com/click/api/linkaffiliator/apikey/b24ac4f04f161fb5e40e8ba62586e0ab/url/http://download.abbyyeu.com/.../ABBYY_FR12_PRO_TRIAL.exe

http://www.towerbitscenter.com/uiPA3U_TXN_Y6PgKyUyI43IoKzQt5en i AkMZ TBrz7nJiY3yiW9chVNuc83qhN5wLLXfO489rNJ01HjzZ6TjjAwixhjejpKqByLHgjGrtlHHFvOEOit8V dIGChdzcPJqZTUl2V3e 3CI3vj3h1tpjnDkU5w2Vge56OagQVPn_Wwfvu7Nq7UeSzti0nW_yCxd7sBJMcGtWabypQSZ9apaeE3PvKQ==-GzoAAORtm0 p8XQEQVBIxyUJjhVBwkQOHFqpHMje2NaBvHGggeOeGc JTsdFYla1JqXakmlbOg2IHw==

https://store.abbyyeu.com/.../dlreg?t=99ppga1rloTz0Jkfgg6P&k=111612575

https://store.abbyyeu.com/.../dlreg?t=99nVCKGzeDOvXcAb0waX&k=111645581

https://store.abbyyeu.com/.../dlreg?t=99imx4GYkndP2ewY1ypH&k=111543158

https://store.abbyyeu.com/.../dlreg?t=99XiKumgwUQp7ajvux4n&k=111593567

https://store.abbyyeu.com/.../dlreg?t=99RuV1OxAre3cMLl5r3x&k=111615623

https://store.abbyyeu.com/.../dlreg?t=99tzRr45IYgLU6ZWwDr4&k=111362936

http://soft.mydiv.net/win/dlfile1941f_295519/.../ABBYY_FR12_PRO_TRIAL.exe__c1

https://store.abbyyeu.com/.../dlreg?t=99AotX1rG2V9hKuCOz06&k=111495113

Latest 30 of 60 download URLs

Scan fr12pe_1214_11_withtrial.exe - Powered by Reason Core Security