home

freepdfreading.exe

The program is a setup application that uses the Nullsoft Scriptable Install System installer. The file has been seen being downloaded from www.freepdftablet.com.
MD5:
ca9eb3bfb6242025101c099d88312008

SHA-1:
36abcb9bc35053a17eddd66441358ac711286740

SHA-256:
d592f96ba3cbb797a2b73ee4c094c7ea092fde1f0956152ca7b566fc28f27d2f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 4:33:55 AM UTC  (today)

File size:
2.7 MB (2,864,312 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Common path:
C:\users\{user}\downloads\freepdfreading.exe

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:W+fKsps+HXsGpIv5NtxZHgRgmGYga/8QGMAUJXMpsmpSe0dE9izNuILMVg:WkeW1Iv5NtxZAR8MsYMpste0dEgzNudO

Entry address:
0x30CB

Entry point:
F7, C0, FE, 62, 3D, 4C, 87, D2, 57, 8B, E9, 05, 04, 62, CE, 4B, 85, DD, 72, 08, F7, C1, FD, E8, 09, B8, 89, FB, 8B, F3, F6, C1, 78, B0, 36, BE, F8, 8C, 74, D3, F3, F6, C1, 78, 2B, CD, 89, CD, 0F, AF, F6, 8D, 05, BC, 02, 00, 00, 70, 02, B1, A5, 6B, C0, 05, 81, E9, 99, DC, 86, C3, 83, E3, 00, 89, DD, B9, BE, AC, 50, 5C, C7, C2, F4, E9, 9A, C7, 03, D8, C7, C6, 0C, 50, 63, 41, F3, 8A, E7, 32, C8, 69, C8, 5F, 3E, A0, 5D, 2C, ED, 81, EB, 6C, 0E, 00, 00, 0F, AF, C7, 81, C3, 6B, 0E, 00, 00, 78, 04, B5, AC, B2, 76...
 
[+]

Entropy:
7.9941  (probably packed)

Code size:
22.5 KB (23,040 bytes)

The file freepdfreading.exe has been seen being distributed by the following URL.

http://www.freepdftablet.com/download.php

Scan freepdfreading.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.