acrordrdc1901220036_en_us[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

acrordrdc1901220036_en_us.exe
Size

166.7MB
MD5

88dede1f7d09153ec53f022f1a638c16
SHA1

f5cd6a58f90c2e5cc076c36ae5ee0aa5bb1936b3
SHA256

8949ebd986098507321a9dc99e2067155595f13e70d6d7106dc0e51b6ee6e945
SHA512

8f42575d3d2ea70d984659451606e5bc6f422d3c3c32e7ed00cb33bfc5995430c614b53bc9f191fe59f40a94ff8be6f7bac94387fa58e9ed59bffebc16482c2a
SSDEEP

3145728:C1gtlGinFYtP8TssvcHhXKkbIRrYyRksEwtG+HHH4i43kpLMxBoAG1rt4hd0C:CKlLFYaYHWresP1nf1ES51rt

Score

1^/10

Malware Config

Signatures

Files

acrordrdc1901220036_en_us.exe
.exe windows:5 windows x86

e2447aa2e691625bbd383d389ae91c76

Code Sign

0e:e3:f1:c8:f4:51:cb:f2:12:03:34:1a:53:f2:3e:71
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

eb:1f:6f:60:44:a5:59:ad:bb:a0:05:93:18:8a:2c:f2:0e:cc:6d:fc:41:22:f7:05:71:3e:7a:7c:9e:66:16:c8
Signer

Actual PE Digest

eb:1f:6f:60:44:a5:59:ad:bb:a0:05:93:18:8a:2c:f2:0e:cc:6d:fc:41:22:f7:05:71:3e:7a:7c:9e:66:16:c8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToLocalFileTime
FindNextFileW
FileTimeToSystemTime
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GetCurrentDirectoryW
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GlobalFlags
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SetErrorMode
LoadLibraryExA
GetSystemTimeAsFileTime
ExitProcess
GetModuleHandleExW
SetEnvironmentVariableW
RtlUnwind
ExitThread
IsDebuggerPresent
IsProcessorFeaturePresent
GlobalFindAtomW
GetFileType
HeapQueryInformation
GetStdHandle
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsValidCodePage
GetOEMCP
GetCPInfo
GetTimeZoneInformation
GetDriveTypeW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
OutputDebugStringW
LCMapStringW
GetStringTypeW
WriteConsoleW
SetEnvironmentVariableA
GetSystemDirectoryW
LeaveCriticalSection
EnterCriticalSection
EncodePointer
FreeResource
GetCurrentProcessId
GlobalAddAtomW
WritePrivateProfileStringW
GetPrivateProfileIntW
ResumeThread
SuspendThread
SetThreadPriority
LoadLibraryA
GetCurrentProcess
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetFullPathNameW
FlushFileBuffers
FindFirstFileW
FindClose
lstrcmpW
lstrcmpA
GlobalDeleteAtom
LoadLibraryExW
FreeLibrary
GetCurrentThreadId
GetCurrentThread
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LoadLibraryW
GetModuleHandleA
GetModuleFileNameW
OutputDebugStringA
GetACP
lstrlenW
GetVolumeInformationW
WideCharToMultiByte
CreateThread
DeleteCriticalSection
DecodePointer
HeapSize
RaiseException
InitializeCriticalSectionAndSpinCount
SetFileTime
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
SetLastError
MoveFileW
GetUserDefaultUILanguage
RemoveDirectoryW
SetFileAttributesW
GetExitCodeProcess
CreateProcessW
CreateDirectoryW
GetPrivateProfileStringW
SetEvent
Sleep
WaitForSingleObject
ResetEvent
CreateEventW
GlobalMemoryStatusEx
GetEnvironmentVariableW
GetVersionExW
GetTempPathW
DeleteFileW
GetCommandLineW
LocalFree
FormatMessageW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetFileAttributesW
CloseHandle
GetLastError
CreateFileW
ReadFile
WriteFile
SetFilePointer
GetFileSize
SetCurrentDirectoryW
GetProcAddress
GetModuleHandleW
GetSystemWindowsDirectoryW
SetStdHandle
SetDllDirectoryW

user32

RealChildWindowFromPoint
LoadCursorW
GetSysColorBrush
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetTopWindow
GetClassNameW
GetClassLongW
PtInRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetWindowRect
RemovePropW
GetPropW
SetPropW
RedrawWindow
SetForegroundWindow
GetForegroundWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
UnhookWindowsHookEx
GetDesktopWindow
SetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
GetLastActivePopup
GetWindowThreadProcessId
SetCursor
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
CharUpperW
IsDialogMessageW
GetWindow
SetWindowLongW
GetWindowLongW
GetWindowTextW
DestroyMenu
InvalidateRect
KillTimer
SetTimer
MessageBoxW
GetSystemMetrics
PostMessageW
LoadIconW
SendMessageW
IsIconic
GetClientRect
DrawIcon
IsWindow
EnableWindow
UnregisterClassW
GetDlgItem
SetWindowTextW
FindWindowW
SendDlgItemMessageA
GetParent
GetSubMenu
GetMenuItemID
GetMenuItemCount
PostQuitMessage
ShowWindow
SetWindowPos
IsWindowEnabled
GetFocus
SetFocus
GetDlgCtrlID

gdi32

TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
SetTextColor
SetMapMode
GetObjectW
SetBkColor
SelectObject
SaveDC
RestoreDC
RectVisible
PtVisible
GetStockObject
GetClipBox
Escape
DeleteObject
DeleteDC
CreateBitmap
GetDeviceCaps
CreateFontIndirectW

advapi32

RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegFlushKey
RegCreateKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHGetMalloc
SHGetFolderPathW
ord165
ShellExecuteW
SHBrowseForFolderW

shlwapi

PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathFindExtensionW

ole32

CoTaskMemFree
CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear
VariantChangeType

Sections

.text
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 166.4MB - Virtual size: 166.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2447aa2e691625bbd383d389ae91c76

Code Sign

0e:e3:f1:c8:f4:51:cb:f2:12:03:34:1a:53:f2:3e:71Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

eb:1f:6f:60:44:a5:59:ad:bb:a0:05:93:18:8a:2c:f2:0e:cc:6d:fc:41:22:f7:05:71:3e:7a:7c:9e:66:16:c8Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

ole32

oleaut32

Sections

.text Size: 228KB - Virtual size: 228KB

.rdata Size: 71KB - Virtual size: 70KB

.data Size: 9KB - Virtual size: 33KB

.rsrc Size: 166.4MB - Virtual size: 166.4MB

0e:e3:f1:c8:f4:51:cb:f2:12:03:34:1a:53:f2:3e:71
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

eb:1f:6f:60:44:a5:59:ad:bb:a0:05:93:18:8a:2c:f2:0e:cc:6d:fc:41:22:f7:05:71:3e:7a:7c:9e:66:16:c8
Signer

.text
Size: 228KB - Virtual size: 228KB

.rdata
Size: 71KB - Virtual size: 70KB

.data
Size: 9KB - Virtual size: 33KB

.rsrc
Size: 166.4MB - Virtual size: 166.4MB