home

DrawFontCanvas.exe

The executable DrawFontCanvas.exe has been detected as malware by 9 anti-virus scanners. The file has been seen being downloaded from flaith.free.fr.
MD5:
a89cd98ee22b9462854ffe619b8b1410

SHA-1:
19f383a4628ce6f2bf3d2e71db63383cac5d6406

SHA-256:
aabc4ac31779d9769fd5d7f12bf43d82c5a205e95fa52d2eed6bb18a4e2900bc

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
4/26/2024 6:30:37 AM UTC  (today)

Scan engine
Detection
Engine version

Bitdefender
Gen:Variant.Graftor.72314
1.0.20.1205

Emsisoft Anti-Malware
Gen:Variant.Graftor.72314
8.13.08.29.06

F-Secure
Gen:Variant.Graftor.72314
11.2013-29-08_5

G Data
Gen:Variant.Graftor.72314
13.8.22

IKARUS anti.virus
Trojan-Downloader.Win32.Karagany
t3scan.2.0.0.0

MicroWorld eScan
Gen:Variant.Graftor.72314
14.0.0.723

Norman
Suspicious_Gen5.UPBU
11.20130829

Panda Antivirus
Suspicious file
13.08.29.06

Total Defense
Win32/Inject.C!generic
37.0.10395

File size:
166.5 KB (170,496 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\drawfontcanvas.exe

File PE Metadata
Compilation timestamp:
11/21/2012 4:46:14 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.50

CTPH (ssdeep):
3072:/JV9F/yvKpqryw/AXPXcwujcydNQrRqCUVtkXPboNgpGpTBf1w:/JrFKv9yw/A/XcwYKA/tYbzApTBd

Entry address:
0x1000

Entry point:
68, 6C, 00, 00, 00, 68, 00, 00, 00, 00, 68, 3C, BD, 42, 00, E8, FC, 1F, 00, 00, 83, C4, 0C, 68, 00, 00, 00, 00, E8, F5, 1F, 00, 00, A3, 40, BD, 42, 00, 68, 00, 00, 00, 00, 68, 00, 10, 00, 00, 68, 00, 00, 00, 00, E8, E2, 1F, 00, 00, A3, 3C, BD, 42, 00, E8, 6C, E7, 00, 00, E8, 52, DE, 00, 00, E8, 9E, D4, 00, 00, E8, C6, C7, 00, 00, E8, 02, 55, 00, 00, E8, 20, 54, 00, 00, E8, 83, 3E, 00, 00, E8, 08, 2C, 00, 00, E8, C7, 24, 00, 00, E8, 82, 22, 00, 00, C7, 05, 48, BD, 42, 00, 00, 00, 00, 00, C7, 05, 4C, BD, 42...
 
[+]

Entropy:
6.8130

Packer / compiler:
PKLITE32, 0x1.1

Code size:
124.5 KB (127,488 bytes)

The file DrawFontCanvas.exe has been seen being distributed by the following URL.

http://flaith.free.fr/public/.../DrawFontCanvas.exe

Remove DrawFontCanvas.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.