Adobe Audition[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Adobe Audition.exe
Size

1.7MB
MD5

197a7fdea4d0a6122d395acd6b8a890a
SHA1

bdc5c55d66d92ba6a475e3d828e525aef3d6e2f7
SHA256

4abd363d11da162c85a8690e3e6b170e2bc9a02ff00a1e07c75e175b920cc491
SHA512

7d0f26f53f8aea0969afc35cdd9104b0ad1ab9e3ffbb0e29896787ca04eb1703c85ee3545695f726382fe801e7a1496f71c50862387c50f8fa6dd526bb6e1a93
SSDEEP

12288:oHrF6hzL8qcfWTjOMxHzF6hzLQqcBi50hITHF:oHrF6hzL8qcejlHzF6hzLQqcBi5NTHF

Score

N/A

Malware Config

Signatures

Files

Adobe Audition.exe
.exe windows x64

e5ea892b6988dc36b166201d455eea6d

Code Sign

0c:95:84:df:83:bb:93:85:11:e3:d7:ae:5f:97:16:95
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Audition\,Encore\,Dynamic Link Media Server,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c5:c2:2a:33:ba:5f:4f:c8:1b:09:59:cd:66:03:36:8e:f0:09:f0:c5:9f:2b:c4:a8:7f:06:b0:61:5b:3c:9e:2f
Signer

Actual PE Digest

c5:c2:2a:33:ba:5f:4f:c8:1b:09:59:cd:66:03:36:8e:f0:09:f0:c5:9f:2b:c4:a8:7f:06:b0:61:5b:3c:9e:2f

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Audition\,Encore\,Dynamic Link Media Server,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

13/02/2020, 18:03
Valid: true

Chain 1

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Audition\,Encore\,Dynamic Link Media Server,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dvacore

?Allocate@SmallBlockAllocator@allocator@dvacore@@YAPEAX_K@Z
?LimitedDLLHijackFix@config@dvacore@@YAXXZ
?AsciiToUTF16@string@dvacore@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@U?$SBAAllocator@_W@allocator@dvacore@@@std@@PEBD_K@Z
?Dispose@SmallBlockAllocator@allocator@dvacore@@YAXPEAX_K@Z

aubackend

?GetFullAppName@AppConstants@abe@@SAAEBV?$basic_string@_WU?$char_traits@_W@std@@U?$SBAAllocator@_W@allocator@dvacore@@@std@@XZ
?GetMainWindowClass@AppConstants@abe@@SAAEBV?$basic_string@_WU?$char_traits@_W@std@@U?$SBAAllocator@_W@allocator@dvacore@@@std@@XZ
?GetPrefsVersion@AppConstants@abe@@SAAEBV?$basic_string@_WU?$char_traits@_W@std@@U?$SBAAllocator@_W@allocator@dvacore@@@std@@XZ

auui

?AudWinMain@@YAHPEAUHINSTANCE__@@0AEBV?$basic_string@_WU?$char_traits@_W@std@@U?$SBAAllocator@_W@allocator@dvacore@@@std@@H@Z
?AudWinHeadlessAppAlreadyRunning@@YA_NAEA_N0@Z

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
QueryPerformanceCounter
GetCommandLineW
CloseHandle
GetLastError
CreateMutexW
Sleep
LoadLibraryW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
GetStartupInfoW

user32

ShowWindow
IsIconic
SendMessageW
FindWindowW
SetForegroundWindow

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

vcruntime140

__std_terminate
memcpy
memset
__C_specific_handler
_CxxThrowException
__std_exception_copy
__std_exception_destroy
memmove
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_exit
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm
_get_narrow_winmain_command_line
_set_app_type
terminate
_seh_filter_exe
_cexit
exit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
free
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5ea892b6988dc36b166201d455eea6d

Code Sign

0c:95:84:df:83:bb:93:85:11:e3:d7:ae:5f:97:16:95Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

c5:c2:2a:33:ba:5f:4f:c8:1b:09:59:cd:66:03:36:8e:f0:09:f0:c5:9f:2b:c4:a8:7f:06:b0:61:5b:3c:9e:2fSigner

Signature Validations

Verification

13/02/2020, 18:03 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

dvacore

aubackend

auui

kernel32

user32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 684B

.rsrc Size: 1.7MB - Virtual size: 1.7MB

0c:95:84:df:83:bb:93:85:11:e3:d7:ae:5f:97:16:95
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

c5:c2:2a:33:ba:5f:4f:c8:1b:09:59:cd:66:03:36:8e:f0:09:f0:c5:9f:2b:c4:a8:7f:06:b0:61:5b:3c:9e:2f
Signer

13/02/2020, 18:03
Valid: true

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 684B

.rsrc
Size: 1.7MB - Virtual size: 1.7MB