home

freepdfreading.exe

The program is a setup application that uses the Nullsoft Scriptable Install System installer. The file has been seen being downloaded from www.freepdftablet.com.
MD5:
bba217b9aef9e664902b4c7f70f5bfad

SHA-1:
fc2d7ee65e74bcfb860d803d565d155784e4abcd

SHA-256:
fbfcfefe7e25635b5dce4e571bffba8e5ad2a15cc6759dd173e7bd64737f0aa5

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 4:58:19 AM UTC  (today)

File size:
2.7 MB (2,868,408 bytes)

File type:
Executable application (Win16 EXE)

Installer:
Nullsoft Scriptable Install System

Common path:
C:\users\{user}\downloads\freepdfreading.exe

File PE Metadata
Compilation timestamp:
12/6/2009 4:20:41 AM

OS version:
4.0

OS bitness:
Win16

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:w+fKsps+HXsGpIv5NtxZHgRgmGYga/8QGMAUJXMpsmpSe0dE9izNuILMVg:wkeW1Iv5NtxZAR8MsYMpste0dEgzNudO

Entry address:
0x30CB

Entry point:
C7, C5, F1, D1, 1C, 99, 87, E8, F7, C3, 9F, 34, 91, 3E, 88, D8, 85, EB, 85, F6, 71, 0A, F7, C2, 4A, EE, 2F, 6A, B5, 59, FE, C7, 86, F6, 8A, DE, 8A, EA, 0F, B7, D9, 33, C5, 0F, BE, D4, 43, 08, D2, 28, C8, FF, C3, 0F, AF, D6, 68, 8B, CF, 9B, 00, 8D, 2D, 2D, 38, F5, 0D, FE, C5, E8, 19, 00, 00, 00, 03, CD, 8B, CD, 77, 04, 86, F9, 86, F6, 81, C7, BE, EC, 00, 00, 0F, AF, DB, 81, C7, 67, 08, 00, 00, 5D, FE, C9, 86, DA, 10, FF, 85, C0, F2, C6, C3, 59, 83, E6, 00, 22, E1, 8D, 15, 4F, 98, 23, 40, 80, CD, 49, 8A, CB...
 
[+]

Entropy:
7.9941  (probably packed)

Code size:
22.5 KB (23,040 bytes)

The file freepdfreading.exe has been seen being distributed by the following URL.

http://www.freepdftablet.com/download.php

Scan freepdfreading.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.