raccoon | AcroRdrDCx642300120064_en_US (1)[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

AcroRdrDCx642300120064_en_US (1).exe
Size

331.8MB
MD5

9c55e172c303167f802900adbfa8ffa1
SHA1

029212f3f5415a108be943c15e1343718e6c77dc
SHA256

1e6d872b3023308f1dfaed643c7174542523edcc0d61429b9ecf06be884dc45e
SHA512

fd419f8151084ee59cd881e71ff4c1baf8a029a9cc2f5f27abfa7f4538e22c52bf24e25b7adfeeb0be4d15839a34c26ada7d6d1baef97a483bcc2ff80b87e838
SSDEEP

6291456:nzwRUHohZ0VHvxI0/r8tHocbZRpwAGVJcSyUOD5xtxz9TeDjnHQZA07B8:VohZTtofA6wDj/z9SeT8

Score

10^/10

raccoon

Malware Config

Extracted

Family

raccoon

rc4.plain

Signatures

Raccoon family
raccoon

Files

AcroRdrDCx642300120064_en_US (1).exe
.exe windows x86

4281c0e7bfa1da52eac152e2da943bfb

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:52:96:f8:fc:d8:29:a7:5d:c9:42:94:f5:a4:15:a4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

29-04-2022 00:00

Not After

01-05-2024 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

81:4d:60:4f:bb:40:08:ba:c8:a0:c2:69:25:9b:d5:d7:86:41:54:59:3c:3e:c7:ad:16:54:96:43:e5:5c:a9:54
Signer

Actual PE Digest

81:4d:60:4f:bb:40:08:ba:c8:a0:c2:69:25:9b:d5:d7:86:41:54:59:3c:3e:c7:ad:16:54:96:43:e5:5c:a9:54

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

02-03-2023 23:44
Valid: true

Chain 1

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GetCurrentDirectoryW
GetLocaleInfoW
GetSystemDefaultUILanguage
GlobalFlags
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SetErrorMode
VirtualProtect
GetSystemInfo
VirtualQuery
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
FileTimeToSystemTime
IsDebuggerPresent
GetStartupInfoW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
GetTimeZoneInformation
LCMapStringW
ExitProcess
GetStdHandle
HeapQueryInformation
GetFileType
SetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
SetEnvironmentVariableW
GetDriveTypeW
GetCommandLineA
RtlUnwind
OutputDebugStringW
SystemTimeToTzSpecificLocalTime
FindNextFileW
FileTimeToLocalFileTime
CompareStringW
GlobalFindAtomW
GetSystemDirectoryW
EncodePointer
GetCurrentProcessId
GlobalAddAtomW
WritePrivateProfileStringW
GetPrivateProfileIntW
ResumeThread
SuspendThread
SetThreadPriority
InitializeCriticalSection
LoadLibraryA
GetCurrentProcess
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetFullPathNameW
FlushFileBuffers
FindFirstFileW
FindClose
lstrcmpW
lstrcmpA
GlobalDeleteAtom
LoadLibraryExW
FreeLibrary
GetCurrentThreadId
GetCurrentThread
MulDiv
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
LoadLibraryW
GetModuleHandleA
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
GetACP
lstrlenW
GetVolumeInformationW
WideCharToMultiByte
CreateThread
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
SetFileTime
HeapFree
CreateDirectoryW
SetLastError
MoveFileW
GetUserDefaultUILanguage
RemoveDirectoryW
SetFileAttributesW
GetExitCodeProcess
CreateProcessW
ExpandEnvironmentStringsW
GetPrivateProfileStringW
SetEvent
Sleep
WaitForSingleObject
ResetEvent
CreateEventW
GlobalMemoryStatusEx
GetEnvironmentVariableW
GetVersionExW
GetTempPathW
DeleteFileW
GetCommandLineW
LocalFree
FormatMessageW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetFileAttributesW
GetFileSize
CloseHandle
GetLastError
CreateFileW
SetFilePointer
WriteConsoleW
WriteFile
ReadFile
SetDllDirectoryW
GetSystemWindowsDirectoryW
GetModuleHandleW
GetProcAddress
InitializeSListHead
SetCurrentDirectoryW

user32

RedrawWindow
SetForegroundWindow
GetForegroundWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
UnhookWindowsHookEx
GetDesktopWindow
SetActiveWindow
EndDialog
CreateDialogIndirectParamW
DestroyWindow
GetLastActivePopup
GetWindowThreadProcessId
SetCursor
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
CallNextHookEx
SetWindowsHookExW
GetSysColorBrush
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
CharUpperW
IsDialogMessageW
GetWindow
SetWindowLongW
GetWindowLongW
GetWindowTextW
IsWindowEnabled
GetFocus
SetFocus
GetDlgCtrlID
GetScrollPos
SetPropW
GetPropW
RemovePropW
GetWindowRect
AdjustWindowRectEx
MapWindowPoints
CopyRect
PtInRect
GetClassLongW
GetClassNameW
GetTopWindow
WinHelpW
MonitorFromWindow
GetNextDlgTabItem
MessageBoxW
GetSystemMetrics
PostMessageW
LoadIconW
SendMessageW
IsIconic
GetClientRect
DrawIcon
IsWindow
EnableWindow
UnregisterClassW
GetDlgItem
SetWindowTextW
FindWindowW
SendDlgItemMessageA
SetRectEmpty
OffsetRect
GetParent
GetSubMenu
GetMenuItemID
GetMenuItemCount
PostQuitMessage
ShowWindow
SetWindowPos
GetMonitorInfoW
LoadCursorW
DestroyMenu
InvalidateRect
KillTimer
SetTimer
RealChildWindowFromPoint
GetCursorPos

gdi32

GetClipBox
GetStockObject
PtVisible
RectVisible
RestoreDC
SaveDC
SelectObject
SetBkColor
SetMapMode
SetTextColor
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
Escape
DeleteObject
CreateBitmap
GetDeviceCaps
DeleteDC
GetObjectW
CreateFontIndirectW

advapi32

RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegFlushKey
RegCreateKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHGetMalloc
ord165
SHGetFolderPathW
SHGetKnownFolderPath
ShellExecuteW
SHBrowseForFolderW

shlwapi

PathStripToRootW
PathFindFileNameW
PathIsUNCW
PathFindExtensionW

ole32

CoCreateGuid
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantChangeType
VariantClear
VariantInit
SysAllocString
SysFreeString

Sections

.text
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 331.5MB - Virtual size: 331.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

4281c0e7bfa1da52eac152e2da943bfb

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:52:96:f8:fc:d8:29:a7:5d:c9:42:94:f5:a4:15:a4Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

81:4d:60:4f:bb:40:08:ba:c8:a0:c2:69:25:9b:d5:d7:86:41:54:59:3c:3e:c7:ad:16:54:96:43:e5:5c:a9:54Signer

Signature Validations

Verification

02-03-2023 23:44 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

ole32

oleaut32

Sections

.text Size: 265KB - Virtual size: 265KB

.rdata Size: 84KB - Virtual size: 84KB

.data Size: 7KB - Virtual size: 26KB

.didat Size: 512B - Virtual size: 36B

.rsrc Size: 331.5MB - Virtual size: 331.5MB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:52:96:f8:fc:d8:29:a7:5d:c9:42:94:f5:a4:15:a4
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

81:4d:60:4f:bb:40:08:ba:c8:a0:c2:69:25:9b:d5:d7:86:41:54:59:3c:3e:c7:ad:16:54:96:43:e5:5c:a9:54
Signer

02-03-2023 23:44
Valid: true

.text
Size: 265KB - Virtual size: 265KB

.rdata
Size: 84KB - Virtual size: 84KB

.data
Size: 7KB - Virtual size: 26KB

.didat
Size: 512B - Virtual size: 36B

.rsrc
Size: 331.5MB - Virtual size: 331.5MB