home

freepdfreading.exe

The program is a setup application that uses the Nullsoft Scriptable Install System installer. The file has been seen being downloaded from www.freepdftablet.com.
MD5:
4d20d6c5809407af6186dc8ed3b059b5

SHA-1:
29b298c187933ad586f8045b90e329e6661a6397

SHA-256:
fdb7781e53bb469b4032ea088e4cdea49fbf2cb400e82e79370de0daeb137795

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 5:06:24 AM UTC  (today)

File size:
2.7 MB (2,864,312 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Common path:
C:\users\{user}\downloads\freepdfreading.exe

File PE Metadata
Compilation timestamp:
12/6/2009 4:20:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:Ncvq+fKsps+HXsGpIv5NtxZHgRgmGYga/8QGMAUJXMpsmpSe0dE9izNuILMVg:NcvqkeW1Iv5NtxZAR8MsYMpste0dEgzP

Entry address:
0x30CB

Entry point:
FF, CF, BF, 20, 13, 98, A1, FF, C0, F2, 46, 81, D6, 73, 82, 21, C0, 0F, B7, EE, 6A, 00, 58, 8D, 35, 52, E5, 08, 46, 8D, 1D, A2, CF, 4F, 2F, F2, F3, 8B, F6, 0F, B7, D5, C6, C6, 30, 05, 07, F4, FF, FF, FE, C2, 41, 02, EA, 05, FA, 0B, 00, 00, FF, C9, B9, C1, 36, A2, E1, 49, 87, DB, 4B, 69, FB, D2, 09, D8, A5, 88, EA, 3D, B7, 08, 00, 00, 0F, 86, BD, FF, FF, FF, 8B, DF, FF, C2, 8D, 0D, 3A, 7D, 73, 7D, 1A, DE, 4D, E8, 20, 00, 00, 00, 41, 85, F2, C7, C2, 20, B0, 7D, 85, F6, C0, 7C, 4D, 18, CF, 85, EF, C7, C1, 9B...
 
[+]

Entropy:
7.9941  (probably packed)

Code size:
22.5 KB (23,040 bytes)

The file freepdfreading.exe has been seen being distributed by the following URL.

http://www.freepdftablet.com/download.php

Scan freepdfreading.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.