Windows Analysis Report
SumatraPDF-3.5.2-64.exe

Overview

General Information

Sample name:	SumatraPDF-3.5.2-64.exe
Analysis ID:	1467016
MD5:	c02dc2ca96fe9841963883c0fe177399
SHA1:	7e42e66e9198c258da48a6194577e3dbd424463a
SHA256:	290e4aa7ed64c728138711c011e89aab7aa48dbc1ae430371dc2be4100b92bf0
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

Contains capabilities to detect virtual machines

Found large amount of non-executed APIs

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Classification

Signatures

Source: SumatraPDF-3.5.2-64.exe

Static PE information: certificate valid

Source: SumatraPDF-3.5.2-64.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: Bookmark Shortcuts%.2flnkfitwidthfitpage"%s" -page %d -view "%s" -zoom %s -scroll %d,%dfitcontentSelect folder with PDF filesBookmark shortcut to page %s of %s.xps;.oxps.pdf.ps;.eps.djvu.chm.cbz;.cbr;.cb7;.cbt.svgSVG documents.mobi.epub.pdb;.prc.fb2;.fb2z;.zfb2;.fb2.zip.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avifImagesAll supported documents.txt;.log;.nfo;file_id.diz;read.me;*.tcrVK_DOWN source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: C:\Users\kjk\src\sumatrapdf\out\rel64\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: -64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: </html>.pdb<<html> source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: C:\Users\user\Desktop\crashinfo\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\Desktop\crashinfo\libmupdf.pdb source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: C:\Users\user\Desktop\crashinfo\SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF.pdbSumatraPDF-dll.pdblibmupdf.pdbInstallCrashHandler: skipping because !crashDumpPath source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa% source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: libmupdf.pdb source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: ITSF.txt.js.json.xml.logfile_id.dizread.me.nfo.tcr.ps.ps.gz.eps.fb2.fb2z.fbz.zfb2.fb2.zip.cbz.cbr.cb7.cbt.pdf.xps.oxps.chm.png.jpg.jpeg.gif.tif.tiff.bmp.tga.jxr.hdp.wdp.webp.epub.mobi.prc.azw.azw1.azw3.pdb.html.htm.xhtml.svg.djvu.jp2.zip.rar.7z.heic.avif.tarfoo.epubfoo.JP2Rar! source: SumatraPDF-3.5.2-64.exe

Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/odf#ContentFile
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/odf#StylesFile
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/pkg#
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/pkg#Document
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: http://schemas.openxps.org/oxps/v1.0/documentstructure
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: http://schemas.openxps.org/oxps/v1.0/fixedrepresentation
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: http://www.daisy.org/z3986/2005/ncx/
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: http://www.gribuser.ru/xml/fictionbook/2.0
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: http://www.idpf.org/2007/opf
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: http://www.idpf.org/2007/opfapplication/xhtml
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://://https://translate.google.com/?op=translate&sl=auto&tl=$
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORS
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORShttps://github.com/sumatrapdfreade
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/TRANSLATORS
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/%s)
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/646d1feddcc80b3b51072c5b27a1446487904175
Source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/646d1feddcc80b3b51072c5b27a1446487904175)
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussions
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussions/2316
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussionsSumatraPDF
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://sumatra-website.onrender.com/update-check-rel.txt
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://sumatra-website.onrender.com/update-check-rel.txtInstaller64LatestInstaller32InstallerArm64P
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.deepl.com/translator#-/$
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.google.com/search?q=$
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/URLUpdateInfohttps://www.sumatrapdfreader.org/docs/Version-history.
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/dl/prerel/PRE_RELEASE_VER/SumatraPDF-prerel
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2
Source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa
Source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa%
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Contribute-translation
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Corrupted-installation
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Keyboard-shortcuts
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Keyboard-shortcutssumatrapdfrestrict.inihttps://www.sumatrapdf
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Submit-crash-report.html
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Submit-crash-report.htmlShowCrashHandlerMessage:
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Version-history.html
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/download-free-pdf-viewer
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/download-free-pdf-viewer-------------
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/manual
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/manualArialwebsiteArial
Source: SumatraPDF-3.5.2-64.exe, SumatraPDF-settings.txt.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/settings/settings3-5-1.html
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/settings/settings3-5-1.html8.33
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/update-check-rel.txt
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/update-check-rel.txtnotifUpdateCheckInProgress

Source: classification engine

Classification label: clean1.winEXE@1/1@0/0

Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe

File created: C:\Users\user\Desktop\SumatraPDF-settings.txt

Jump to behavior

Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe

Mutant created: NULL

Source: SumatraPDF-3.5.2-64.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: 64-.\n\n 64- tl:Nag-i-install ka n
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: sv:Kunde inte hitta SumatraPDF-installation. ta:PDF . th:
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: run-install-now
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: ssilentprint-to-defaultprint-dialogh?helpexit-when-doneexit-on-printrestrictpresentationfullscreeninvertcolorsinvert-colorsconsoleinstalluninstallwith-filterwith-searchwith-previewrandregressxtestertestappnew-windowlogcrash-on-openreuse-instanceesc-to-exitenum-printerssleep-msprint-toprint-settingsinverse-searchforward-searchfwdsearchnameddestnamed-destpageviewzoomscrollappdatapluginstress-testnmaxrenderextract-textbenchdinstall-dirlangupdate-self-todelete-filebgcolorbg-colorfwdsearch-offsetfwdsearch-widthfwdsearch-colorfwdsearch-permanentmanga-modesearchall-usersallusersrun-install-nowtest-browseraddeset-color-rangeCall to EnumPrinters failed with error %#xSumatraPDF - EnumeratePrinters, default%s (Port: %s, attributes: %#x%s)
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: sumatra-install-log.txt
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: -run-install-now
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: -install-dir "
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: Re-launching '%s' as elevated, args
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: allUsers but not elevated: re-starting as elevated
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: TopRightBottomLeftDxDy#000000#ffffff#f5fc0cTextColorBackgroundColorSelectionColorWindowMarginPageSpacingGradientColorsInvertColorsHideScrollbarsWindowMarginPageSpacingCbxMangaModeUseFixedPageUIURLNameCommandLineNameFiltershrinkPrintScale#6581ffHighlightOffsetHighlightWidthHighlightColorHighlightPermanent#ffff00#00ff00#ff00ff#ff0000HighlightColorUnderlineColorSquigglyColorStrikeOutColorFreeTextColorFreeTextSizeFreeTextBorderWidthTextIconColorTextIconTypeDefaultAuthorCmdKeyXYDxDyNamePageNoPageLabel0XYFilePathFavoritesIsPinnedIsMissingOpenCountDecryptionKeyUseDefaultStateDisplayModeScrollPosPageNoZoomRotationWindowStateWindowPosShowTocSidebarDxDisplayR2LReparseIdxTocStateFilePathDisplayModePageNoZoomRotationScrollPosShowTocTocStateTabStatesTabIndexWindowStateWindowPosSidebarDxDwHighDateTimeDwLowDateTimeFor documentation, see https://www.sumatrapdfreader.org/settings/settings3-5-1.html8.33 12.5 18 25 33.33 50 66.67 75 100 125 150 200 300 400 600 800 1000 1200 1600 2000 2400 3200 4800 6400#80fff200Settings below are not recognized by the current versionThemeFixedPageUIComicBookUIChmUISelectionHandlersExternalViewersZoomLevelsZoomIncrementPrinterDefaultsForwardSearchAnnotationsDefaultPasswordsRememberOpenedFilesRememberStatePerDocumentRestoreSessionUiLanguageInverseSearchCmdLineEnableTeXEnhancementsDefaultDisplayModeDefaultZoomShortcutsEscToExitReuseInstanceReloadModifiedDocumentsMainWindowBackgroundFullPathInTitleShowMenubarShowToolbarShowFavoritesShowTocNoHomeTabTocDySidebarDxToolbarSizeTabWidthTreeFontSizeTreeFontWeightOffsetTreeFontNameSmoothScrollShowStartPageCheckForUpdatesVersionToSkipWindowStateWindowPosUseTabsUseSysColorsCustomScreenDPIFileStatesSessionDataReopenOnceTimeOfLastUpdateCheckOpenCountWeekSumatraPDF.exesumatra-install-log.txtExtractFiles(): dir '%s'
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: -run-install-now -all-users -with-filter -with-preview -silent -log -install-dir "Re-launching '%s' as elevated, args
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: -run-install-now -all-users -with-filter -with-preview -silent -log -install-dir "Re-launching '%s' as elevated, args
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: Learn more at https://www.sumatrapdfreader.org/docs/Corrupted-installation
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: writes installation log to %LOCALAPPDATA%\sumatra-install-log.txt
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: See more at https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: Learn more at <a href="https://www.sumatrapdfreader.org/docs/Corrupted-installation">www.sumatrapdfreader.org/docs/Corrupted-installation</a>.SumatraPDF installer${appName}${appName} installer options:
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: See more at https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments<a href="https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments">Read more on website</a>SumatraPDF installer usageSumatraPDF is running as admin and cannot open files from a non-admin processNot a valid installerrb<a href="https://github.com/sumatrapdfreader/sumatrapdf/discussions/2316">Read more about this error</a>this is not a SumatraPDF installer, -x option not available
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: re-launching '%s' with args '%s' as elevated
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: -install
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: sumatra-installer
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: Do you want to install new version?New version availableDon't installSumatraPDF UpdateSkip this versionInstall and relaunch -sleep-ms 500 -exit-when-done -update-self-to "%s" -installsumatra-installerNotifyUserOfUpdate: installer cmd: '%s'
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: tl:&Magpatuloy sa pag-install ng 32-bit na bersyon
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: tl:Hindi ma-install ang PDF previewer
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: tl:Hindi ma-install ang PDF search filter
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: tl:Huwag i-install

Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Section loaded: cscdll.dll	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Section loaded: shfolder.dll	Jump to behavior

Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe

Window found: window name: SysTabControl32

Jump to behavior

Source: SumatraPDF-3.5.2-64.exe

Static PE information: certificate valid

Source: SumatraPDF-3.5.2-64.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: SumatraPDF-3.5.2-64.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: SumatraPDF-3.5.2-64.exe

Static file information: File size 16065496 > 1048576

Source: SumatraPDF-3.5.2-64.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x59b200
Source: SumatraPDF-3.5.2-64.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x279400
Source: SumatraPDF-3.5.2-64.exe	Static PE information: Raw size of .data is bigger than: 0x100000 < 0x62d600

Source: SumatraPDF-3.5.2-64.exe

Static PE information: More than 200 imports for KERNEL32.dll

Source: SumatraPDF-3.5.2-64.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SumatraPDF-3.5.2-64.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SumatraPDF-3.5.2-64.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SumatraPDF-3.5.2-64.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SumatraPDF-3.5.2-64.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SumatraPDF-3.5.2-64.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: SumatraPDF-3.5.2-64.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: SumatraPDF-3.5.2-64.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: Bookmark Shortcuts%.2flnkfitwidthfitpage"%s" -page %d -view "%s" -zoom %s -scroll %d,%dfitcontentSelect folder with PDF filesBookmark shortcut to page %s of %s.xps;.oxps.pdf.ps;.eps.djvu.chm.cbz;.cbr;.cb7;.cbt.svgSVG documents.mobi.epub.pdb;.prc.fb2;.fb2z;.zfb2;.fb2.zip.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avifImagesAll supported documents.txt;.log;.nfo;file_id.diz;read.me;*.tcrVK_DOWN source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: C:\Users\kjk\src\sumatrapdf\out\rel64\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: -64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: </html>.pdb<<html> source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: C:\Users\user\Desktop\crashinfo\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\Desktop\crashinfo\libmupdf.pdb source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: C:\Users\user\Desktop\crashinfo\SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF.pdbSumatraPDF-dll.pdblibmupdf.pdbInstallCrashHandler: skipping because !crashDumpPath source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa% source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: libmupdf.pdb source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: ITSF.txt.js.json.xml.logfile_id.dizread.me.nfo.tcr.ps.ps.gz.eps.fb2.fb2z.fbz.zfb2.fb2.zip.cbz.cbr.cb7.cbt.pdf.xps.oxps.chm.png.jpg.jpeg.gif.tif.tiff.bmp.tga.jxr.hdp.wdp.webp.epub.mobi.prc.azw.azw1.azw3.pdb.html.htm.xhtml.svg.djvu.jp2.zip.rar.7z.heic.avif.tarfoo.epubfoo.JP2Rar! source: SumatraPDF-3.5.2-64.exe

Source: SumatraPDF-3.5.2-64.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SumatraPDF-3.5.2-64.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SumatraPDF-3.5.2-64.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SumatraPDF-3.5.2-64.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SumatraPDF-3.5.2-64.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

PE file contains sections with non-standard names

Source: SumatraPDF-3.5.2-64.exe

Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe

Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 name: DriverDesc

Jump to behavior

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe

API coverage: 6.9 %

Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe

Code function: 0_2_0000000140134BD8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_0000000140134BD8

Source: SumatraPDF-3.5.2-64.exe

Binary or memory string: Shell_TrayWndKillProcessesUsingInstallation()

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior

Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe

Code function: 0_2_0000000140134F68 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_0000000140134F68

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Contacted Domains

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.214.172	true

Name	Type	MD5	SHA1	SHA256
C:\Users\user\Desktop\SumatraPDF-settings.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	24F296183D3CB208BBE982476AB93154	93F0BB240742A555FA5477E759D6429BE988D71A	6255EEAED0A76F17867D6E2CD83D3DA25A027E5B1D7EF63E245F7B73B3CD6946

Source: SumatraPDF-3.5.2-64.exe

Static PE information: certificate valid

Source: SumatraPDF-3.5.2-64.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: Bookmark Shortcuts%.2flnkfitwidthfitpage"%s" -page %d -view "%s" -zoom %s -scroll %d,%dfitcontentSelect folder with PDF filesBookmark shortcut to page %s of %s.xps;.oxps.pdf.ps;.eps.djvu.chm.cbz;.cbr;.cb7;.cbt.svgSVG documents.mobi.epub.pdb;.prc.fb2;.fb2z;.zfb2;.fb2.zip.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avifImagesAll supported documents.txt;.log;.nfo;file_id.diz;read.me;*.tcrVK_DOWN source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: C:\Users\kjk\src\sumatrapdf\out\rel64\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: -64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: </html>.pdb<<html> source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: C:\Users\user\Desktop\crashinfo\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\Desktop\crashinfo\libmupdf.pdb source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: C:\Users\user\Desktop\crashinfo\SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF.pdbSumatraPDF-dll.pdblibmupdf.pdbInstallCrashHandler: skipping because !crashDumpPath source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa% source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: libmupdf.pdb source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: ITSF.txt.js.json.xml.logfile_id.dizread.me.nfo.tcr.ps.ps.gz.eps.fb2.fb2z.fbz.zfb2.fb2.zip.cbz.cbr.cb7.cbt.pdf.xps.oxps.chm.png.jpg.jpeg.gif.tif.tiff.bmp.tga.jxr.hdp.wdp.webp.epub.mobi.prc.azw.azw1.azw3.pdb.html.htm.xhtml.svg.djvu.jp2.zip.rar.7z.heic.avif.tarfoo.epubfoo.JP2Rar! source: SumatraPDF-3.5.2-64.exe

Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/odf#ContentFile
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/odf#StylesFile
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/pkg#
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/pkg#Document
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: http://schemas.openxps.org/oxps/v1.0/documentstructure
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: http://schemas.openxps.org/oxps/v1.0/fixedrepresentation
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: http://www.daisy.org/z3986/2005/ncx/
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: http://www.gribuser.ru/xml/fictionbook/2.0
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: http://www.idpf.org/2007/opf
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: http://www.idpf.org/2007/opfapplication/xhtml
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://://https://translate.google.com/?op=translate&sl=auto&tl=$
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORS
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORShttps://github.com/sumatrapdfreade
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/TRANSLATORS
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/%s)
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/646d1feddcc80b3b51072c5b27a1446487904175
Source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/646d1feddcc80b3b51072c5b27a1446487904175)
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussions
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussions/2316
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussionsSumatraPDF
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://sumatra-website.onrender.com/update-check-rel.txt
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://sumatra-website.onrender.com/update-check-rel.txtInstaller64LatestInstaller32InstallerArm64P
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.deepl.com/translator#-/$
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.google.com/search?q=$
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/URLUpdateInfohttps://www.sumatrapdfreader.org/docs/Version-history.
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/dl/prerel/PRE_RELEASE_VER/SumatraPDF-prerel
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2
Source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa
Source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa%
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Contribute-translation
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Corrupted-installation
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Keyboard-shortcuts
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Keyboard-shortcutssumatrapdfrestrict.inihttps://www.sumatrapdf
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Submit-crash-report.html
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Submit-crash-report.htmlShowCrashHandlerMessage:
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/docs/Version-history.html
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/download-free-pdf-viewer
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/download-free-pdf-viewer-------------
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/manual
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/manualArialwebsiteArial
Source: SumatraPDF-3.5.2-64.exe, SumatraPDF-settings.txt.0.dr	String found in binary or memory: https://www.sumatrapdfreader.org/settings/settings3-5-1.html
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/settings/settings3-5-1.html8.33
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/update-check-rel.txt
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: https://www.sumatrapdfreader.org/update-check-rel.txtnotifUpdateCheckInProgress

Source: classification engine

Classification label: clean1.winEXE@1/1@0/0

Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe

File created: C:\Users\user\Desktop\SumatraPDF-settings.txt

Jump to behavior

Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe

Mutant created: NULL

Source: SumatraPDF-3.5.2-64.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: 64-.\n\n 64- tl:Nag-i-install ka n
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: sv:Kunde inte hitta SumatraPDF-installation. ta:PDF . th:
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: run-install-now
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: ssilentprint-to-defaultprint-dialogh?helpexit-when-doneexit-on-printrestrictpresentationfullscreeninvertcolorsinvert-colorsconsoleinstalluninstallwith-filterwith-searchwith-previewrandregressxtestertestappnew-windowlogcrash-on-openreuse-instanceesc-to-exitenum-printerssleep-msprint-toprint-settingsinverse-searchforward-searchfwdsearchnameddestnamed-destpageviewzoomscrollappdatapluginstress-testnmaxrenderextract-textbenchdinstall-dirlangupdate-self-todelete-filebgcolorbg-colorfwdsearch-offsetfwdsearch-widthfwdsearch-colorfwdsearch-permanentmanga-modesearchall-usersallusersrun-install-nowtest-browseraddeset-color-rangeCall to EnumPrinters failed with error %#xSumatraPDF - EnumeratePrinters, default%s (Port: %s, attributes: %#x%s)
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: sumatra-install-log.txt
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: -run-install-now
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: -install-dir "
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: Re-launching '%s' as elevated, args
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: allUsers but not elevated: re-starting as elevated
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: TopRightBottomLeftDxDy#000000#ffffff#f5fc0cTextColorBackgroundColorSelectionColorWindowMarginPageSpacingGradientColorsInvertColorsHideScrollbarsWindowMarginPageSpacingCbxMangaModeUseFixedPageUIURLNameCommandLineNameFiltershrinkPrintScale#6581ffHighlightOffsetHighlightWidthHighlightColorHighlightPermanent#ffff00#00ff00#ff00ff#ff0000HighlightColorUnderlineColorSquigglyColorStrikeOutColorFreeTextColorFreeTextSizeFreeTextBorderWidthTextIconColorTextIconTypeDefaultAuthorCmdKeyXYDxDyNamePageNoPageLabel0XYFilePathFavoritesIsPinnedIsMissingOpenCountDecryptionKeyUseDefaultStateDisplayModeScrollPosPageNoZoomRotationWindowStateWindowPosShowTocSidebarDxDisplayR2LReparseIdxTocStateFilePathDisplayModePageNoZoomRotationScrollPosShowTocTocStateTabStatesTabIndexWindowStateWindowPosSidebarDxDwHighDateTimeDwLowDateTimeFor documentation, see https://www.sumatrapdfreader.org/settings/settings3-5-1.html8.33 12.5 18 25 33.33 50 66.67 75 100 125 150 200 300 400 600 800 1000 1200 1600 2000 2400 3200 4800 6400#80fff200Settings below are not recognized by the current versionThemeFixedPageUIComicBookUIChmUISelectionHandlersExternalViewersZoomLevelsZoomIncrementPrinterDefaultsForwardSearchAnnotationsDefaultPasswordsRememberOpenedFilesRememberStatePerDocumentRestoreSessionUiLanguageInverseSearchCmdLineEnableTeXEnhancementsDefaultDisplayModeDefaultZoomShortcutsEscToExitReuseInstanceReloadModifiedDocumentsMainWindowBackgroundFullPathInTitleShowMenubarShowToolbarShowFavoritesShowTocNoHomeTabTocDySidebarDxToolbarSizeTabWidthTreeFontSizeTreeFontWeightOffsetTreeFontNameSmoothScrollShowStartPageCheckForUpdatesVersionToSkipWindowStateWindowPosUseTabsUseSysColorsCustomScreenDPIFileStatesSessionDataReopenOnceTimeOfLastUpdateCheckOpenCountWeekSumatraPDF.exesumatra-install-log.txtExtractFiles(): dir '%s'
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: -run-install-now -all-users -with-filter -with-preview -silent -log -install-dir "Re-launching '%s' as elevated, args
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: -run-install-now -all-users -with-filter -with-preview -silent -log -install-dir "Re-launching '%s' as elevated, args
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: Learn more at https://www.sumatrapdfreader.org/docs/Corrupted-installation
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: writes installation log to %LOCALAPPDATA%\sumatra-install-log.txt
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: See more at https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: Learn more at <a href="https://www.sumatrapdfreader.org/docs/Corrupted-installation">www.sumatrapdfreader.org/docs/Corrupted-installation</a>.SumatraPDF installer${appName}${appName} installer options:
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: See more at https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments<a href="https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments">Read more on website</a>SumatraPDF installer usageSumatraPDF is running as admin and cannot open files from a non-admin processNot a valid installerrb<a href="https://github.com/sumatrapdfreader/sumatrapdf/discussions/2316">Read more about this error</a>this is not a SumatraPDF installer, -x option not available
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: re-launching '%s' with args '%s' as elevated
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: -install
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: sumatra-installer
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: Do you want to install new version?New version availableDon't installSumatraPDF UpdateSkip this versionInstall and relaunch -sleep-ms 500 -exit-when-done -update-self-to "%s" -installsumatra-installerNotifyUserOfUpdate: installer cmd: '%s'
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: tl:&Magpatuloy sa pag-install ng 32-bit na bersyon
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: tl:Hindi ma-install ang PDF previewer
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: tl:Hindi ma-install ang PDF search filter
Source: SumatraPDF-3.5.2-64.exe	String found in binary or memory: tl:Huwag i-install

Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Section loaded: cscdll.dll	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Section loaded: shfolder.dll	Jump to behavior

Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe

Window found: window name: SysTabControl32

Jump to behavior

Source: SumatraPDF-3.5.2-64.exe

Static PE information: certificate valid

Source: SumatraPDF-3.5.2-64.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: SumatraPDF-3.5.2-64.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: SumatraPDF-3.5.2-64.exe

Static file information: File size 16065496 > 1048576

Source: SumatraPDF-3.5.2-64.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x59b200
Source: SumatraPDF-3.5.2-64.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x279400
Source: SumatraPDF-3.5.2-64.exe	Static PE information: Raw size of .data is bigger than: 0x100000 < 0x62d600

Source: SumatraPDF-3.5.2-64.exe

Static PE information: More than 200 imports for KERNEL32.dll

Source: SumatraPDF-3.5.2-64.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SumatraPDF-3.5.2-64.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SumatraPDF-3.5.2-64.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SumatraPDF-3.5.2-64.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SumatraPDF-3.5.2-64.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SumatraPDF-3.5.2-64.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: SumatraPDF-3.5.2-64.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: SumatraPDF-3.5.2-64.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: Bookmark Shortcuts%.2flnkfitwidthfitpage"%s" -page %d -view "%s" -zoom %s -scroll %d,%dfitcontentSelect folder with PDF filesBookmark shortcut to page %s of %s.xps;.oxps.pdf.ps;.eps.djvu.chm.cbz;.cbr;.cb7;.cbt.svgSVG documents.mobi.epub.pdb;.prc.fb2;.fb2z;.zfb2;.fb2.zip.bmp;.dib;.gif;.jpg;.jpeg;.jxr;.png;.tga;.tif;.tiff;.webp;.heic;.avifImagesAll supported documents.txt;.log;.nfo;file_id.diz;read.me;*.tcrVK_DOWN source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: C:\Users\kjk\src\sumatrapdf\out\rel64\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: -64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: </html>.pdb<<html> source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: C:\Users\user\Desktop\crashinfo\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\Desktop\crashinfo\libmupdf.pdb source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: C:\Users\user\Desktop\crashinfo\SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SumatraPDF.pdbSumatraPDF-dll.pdblibmupdf.pdbInstallCrashHandler: skipping because !crashDumpPath source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa% source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: libmupdf.pdb source: SumatraPDF-3.5.2-64.exe
Source:	Binary string: ITSF.txt.js.json.xml.logfile_id.dizread.me.nfo.tcr.ps.ps.gz.eps.fb2.fb2z.fbz.zfb2.fb2.zip.cbz.cbr.cb7.cbt.pdf.xps.oxps.chm.png.jpg.jpeg.gif.tif.tiff.bmp.tga.jxr.hdp.wdp.webp.epub.mobi.prc.azw.azw1.azw3.pdb.html.htm.xhtml.svg.djvu.jp2.zip.rar.7z.heic.avif.tarfoo.epubfoo.JP2Rar! source: SumatraPDF-3.5.2-64.exe

Source: SumatraPDF-3.5.2-64.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SumatraPDF-3.5.2-64.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SumatraPDF-3.5.2-64.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SumatraPDF-3.5.2-64.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SumatraPDF-3.5.2-64.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

PE file contains sections with non-standard names

Source: SumatraPDF-3.5.2-64.exe

Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe

Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 name: DriverDesc

Jump to behavior

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe

API coverage: 6.9 %

Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe

Code function: 0_2_0000000140134BD8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_0000000140134BD8

Source: SumatraPDF-3.5.2-64.exe

Binary or memory string: Shell_TrayWndKillProcessesUsingInstallation()

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior

Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe

Code function: 0_2_0000000140134F68 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_0000000140134F68

ID:	1467016
Product:	CloudBasic
Start time:	16:28:25
Start date:	03.07.2024
Sample:	SumatraPDF-3.5.2-64.exe
Cookbook:	default.jbs
System description:	Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Architecture:	WINDOWS
MD5:	c02dc2ca96fe9841963883c0fe177399
SHA1:	7e42e66e9198c258da48a6194577e3dbd424463a
SHA256:	290e4aa7ed64c728138711c011e89aab7aa48dbc1ae430371dc2be4100b92bf0
Filetype:	Win64 Executable GUI (202006/5) 92.65%

Windows Analysis Report
SumatraPDF-3.5.2-64.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Domains

Windows Analysis Report SumatraPDF-3.5.2-64.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Domains

Windows Analysis Report
SumatraPDF-3.5.2-64.exe