General

Malware Config

Signatures

Files

• AcroRdrDC2200120117_en_US.exe

  .exe windows x86

  0e1302d5a74b6260e19a10193b994027

  
  

  Code Sign

  01:1f:39:a2:26:1a:99:3d:d1:51:76:da:6f:e4:fb:ea

  Certificate

  Issuer

  CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  19-12-2020 00:00

  Not After

  21-12-2022 23:59

  Subject

  SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c

  Certificate

  Issuer

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  18-04-2012 12:00

  Not After

  18-04-2027 12:00

  Subject

  CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  29-03-2022 00:00

  Not After

  14-03-2033 23:59

  Subject

  CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-03-2022 00:00

  Not After

  22-03-2037 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  b7:5d:fe:a0:8d:0c:b1:7b:2a:30:c6:40:4a:42:a0:ab:01:a9:ec:bc:39:47:b3:0c:88:57:d7:4b:f3:d1:0f:e7

  Signer

  Actual PE Digest

  b7:5d:fe:a0:8d:0c:b1:7b:2a:30:c6:40:4a:42:a0:ab:01:a9:ec:bc:39:47:b3:0c:88:57:d7:4b:f3:d1:0f:e7

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

  07-04-2022 02:24

  Valid: true

  Chain 1

  SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

  CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GlobalReAlloc

  GlobalHandle

  LocalAlloc

  LocalReAlloc

  GetCurrentDirectoryW

  GetLocaleInfoW

  GetSystemDefaultUILanguage

  GlobalFlags

  GetFileAttributesExW

  GetFileSizeEx

  GetFileTime

  SetErrorMode

  VirtualProtect

  GetSystemInfo

  VirtualQuery

  LoadLibraryExA

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  TerminateProcess

  IsProcessorFeaturePresent

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  FileTimeToSystemTime

  IsDebuggerPresent

  GetStartupInfoW

  GetStringTypeW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCPInfo

  GetOEMCP

  IsValidCodePage

  FindFirstFileExW

  SetFilePointerEx

  ReadConsoleW

  GetConsoleMode

  GetConsoleCP

  GetTimeZoneInformation

  LCMapStringW

  ExitProcess

  GetStdHandle

  HeapQueryInformation

  GetFileType

  SetStdHandle

  GetModuleHandleExW

  FreeLibraryAndExitThread

  ExitThread

  SetEnvironmentVariableW

  GetDriveTypeW

  GetCommandLineA

  RtlUnwind

  OutputDebugStringW

  SystemTimeToTzSpecificLocalTime

  FindNextFileW

  FileTimeToLocalFileTime

  CompareStringW

  GlobalFindAtomW

  GetSystemDirectoryW

  EncodePointer

  GetCurrentProcessId

  GlobalAddAtomW

  WritePrivateProfileStringW

  GetPrivateProfileIntW

  ResumeThread

  SuspendThread

  SetThreadPriority

  InitializeCriticalSection

  LoadLibraryA

  GetCurrentProcess

  DuplicateHandle

  UnlockFile

  SetEndOfFile

  LockFile

  GetFullPathNameW

  FlushFileBuffers

  FindFirstFileW

  FindClose

  lstrcmpW

  lstrcmpA

  GlobalDeleteAtom

  LoadLibraryExW

  FreeLibrary

  GetCurrentThreadId

  GetCurrentThread

  MulDiv

  GlobalFree

  GlobalLock

  GlobalUnlock

  GlobalAlloc

  LoadLibraryW

  GetModuleHandleA

  GetModuleFileNameW

  InitializeCriticalSectionAndSpinCount

  LeaveCriticalSection

  EnterCriticalSection

  OutputDebugStringA

  GetACP

  lstrlenW

  GetVolumeInformationW

  WideCharToMultiByte

  CreateThread

  GetProcessHeap

  DeleteCriticalSection

  DecodePointer

  HeapAlloc

  RaiseException

  HeapReAlloc

  HeapSize

  InitializeCriticalSectionEx

  SetFileTime

  HeapFree

  CreateDirectoryW

  SetLastError

  MoveFileW

  GetUserDefaultUILanguage

  RemoveDirectoryW

  SetFileAttributesW

  GetExitCodeProcess

  CreateProcessW

  ExpandEnvironmentStringsW

  GetPrivateProfileStringW

  SetEvent

  Sleep

  WaitForSingleObject

  ResetEvent

  CreateEventW

  GlobalMemoryStatusEx

  GetEnvironmentVariableW

  GetVersionExW

  GetTempPathW

  DeleteFileW

  GetCommandLineW

  LocalFree

  FormatMessageW

  MultiByteToWideChar

  FindResourceW

  LoadResource

  LockResource

  SizeofResource

  GetFileAttributesW

  GetFileSize

  CloseHandle

  GetLastError

  CreateFileW

  SetFilePointer

  WriteConsoleW

  WriteFile

  ReadFile

  SetDllDirectoryW

  GetSystemWindowsDirectoryW

  GetModuleHandleW

  GetProcAddress

  InitializeSListHead

  SetCurrentDirectoryW

  user32

  RedrawWindow

  SetForegroundWindow

  GetForegroundWindow

  UpdateWindow

  SetMenu

  GetMenu

  GetCapture

  EndDeferWindowPos

  DeferWindowPos

  BeginDeferWindowPos

  IsChild

  IsMenu

  CreateWindowExW

  GetClassInfoExW

  GetClassInfoW

  RegisterClassW

  CallWindowProcW

  DefWindowProcW

  GetMessageTime

  GetMessagePos

  RegisterWindowMessageW

  GetSysColor

  ScreenToClient

  ClientToScreen

  EndPaint

  BeginPaint

  ReleaseDC

  GetDC

  TabbedTextOutW

  GrayStringW

  DrawTextExW

  DrawTextW

  UnhookWindowsHookEx

  GetDesktopWindow

  SetActiveWindow

  EndDialog

  CreateDialogIndirectParamW

  DestroyWindow

  GetLastActivePopup

  GetWindowThreadProcessId

  SetCursor

  LoadBitmapW

  SetMenuItemInfoW

  GetMenuCheckMarkDimensions

  SetMenuItemBitmaps

  EnableMenuItem

  CheckMenuItem

  CallNextHookEx

  SetWindowsHookExW

  GetSysColorBrush

  ValidateRect

  GetKeyState

  GetActiveWindow

  IsWindowVisible

  PeekMessageW

  DispatchMessageW

  TranslateMessage

  GetMessageW

  CharUpperW

  IsDialogMessageW

  GetWindow

  SetWindowLongW

  GetWindowLongW

  GetWindowTextW

  IsWindowEnabled

  GetFocus

  SetFocus

  GetDlgCtrlID

  GetScrollPos

  SetPropW

  GetPropW

  RemovePropW

  GetWindowRect

  AdjustWindowRectEx

  MapWindowPoints

  CopyRect

  PtInRect

  GetClassLongW

  GetClassNameW

  GetTopWindow

  WinHelpW

  MonitorFromWindow

  GetNextDlgTabItem

  MessageBoxW

  GetSystemMetrics

  PostMessageW

  LoadIconW

  SendMessageW

  IsIconic

  GetClientRect

  DrawIcon

  IsWindow

  EnableWindow

  UnregisterClassW

  GetDlgItem

  SetWindowTextW

  FindWindowW

  SendDlgItemMessageA

  SetRectEmpty

  OffsetRect

  GetParent

  GetSubMenu

  GetMenuItemID

  GetMenuItemCount

  PostQuitMessage

  ShowWindow

  SetWindowPos

  GetMonitorInfoW

  LoadCursorW

  DestroyMenu

  InvalidateRect

  KillTimer

  SetTimer

  RealChildWindowFromPoint

  GetCursorPos

  gdi32

  GetClipBox

  GetStockObject

  PtVisible

  RectVisible

  RestoreDC

  SaveDC

  SelectObject

  SetBkColor

  SetMapMode

  SetTextColor

  TextOutW

  ExtTextOutW

  SetViewportExtEx

  SetViewportOrgEx

  SetWindowExtEx

  OffsetViewportOrgEx

  ScaleViewportExtEx

  ScaleWindowExtEx

  Escape

  DeleteObject

  CreateBitmap

  GetDeviceCaps

  DeleteDC

  GetObjectW

  CreateFontIndirectW

  advapi32

  RegEnumValueW

  RegQueryValueW

  RegEnumKeyW

  RegDeleteKeyW

  RegDeleteValueW

  RegFlushKey

  RegCreateKeyW

  RegQueryValueExW

  RegOpenKeyExW

  RegCloseKey

  RegSetValueExW

  RegCreateKeyExW

  shell32

  SHGetPathFromIDListW

  SHGetMalloc

  ord165

  SHGetFolderPathW

  SHGetKnownFolderPath

  ShellExecuteW

  SHBrowseForFolderW

  shlwapi

  PathStripToRootW

  PathFindFileNameW

  PathIsUNCW

  PathFindExtensionW

  ole32

  CoCreateGuid

  CoTaskMemFree

  CoCreateInstance

  CoInitialize

  CoUninitialize

  oleaut32

  VariantChangeType

  VariantClear

  VariantInit

  SysAllocString

  SysFreeString

  Sections

  .text

  Size: 266KB - Virtual size: 266KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 82KB - Virtual size: 82KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 7KB - Virtual size: 26KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .didat

  Size: 512B - Virtual size: 36B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 224.2MB - Virtual size: 224.2MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ