Adobe CEF Helper[.]exe

Resubmissions

12/10/2023, 18:43

231012-xczdhsgd5s 1

12/10/2023, 18:39

231012-xaz72agc3w 1

Sharing

Copy URL Twitter E-mail

General

Target

Adobe CEF Helper.exe
Size

1.1MB
MD5

613621a5cc8fe457349e11d96f1ba647
SHA1

4b79016d11910e2a59b18275c786682e423be4b4
SHA256

0242c885027836e924a8f8aa69d01714f8c6158c91d5b67e5e4879a7e55f0d1d
SHA512

14b8f330d7f4242426f25c0323b04ae9b1368ca7fa515dd48f4647909fafbef9c931cdd97505af8097ffeef4668fc3f0d38f3e447dd45a3ed117afb152224133
SSDEEP

24576:kTD5rreyghD3G7iiHmEqh+zS1MlEIrTlKTeqVwP7F:kP0ysD3Mg++1MlRrTlKT1ih

Score

1^/10

Malware Config

Signatures

Files

Adobe CEF Helper.exe
.exe windows:6 windows x64

975b001bfc929ef9c44967ef878d0c44

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:1b:f6:10:0b:71:8a:fd:7d:73:1e:73:02:c2:4b:32:d3:14:d9:91:67:cf:2f:5c:13:ba:f7:62:95:8e:43
Signer

Actual PE Digest

62:1d:1b:f6:10:0b:71:8a:fd:7d:73:1e:73:02:c2:4b:32:d3:14:d9:91:67:cf:2f:5c:13:ba:f7:62:95:8e:43

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libcef

cef_api_hash
cef_v8context_get_current_context
cef_process_message_create
cef_string_list_value
cef_string_list_append
cef_string_map_size
cef_string_map_key
cef_string_map_value
cef_string_map_append
cef_string_multimap_size
cef_string_multimap_key
cef_string_multimap_value
cef_string_multimap_append
cef_string_map_alloc
cef_string_map_free
cef_string_multimap_alloc
cef_string_multimap_free
cef_execute_process
cef_register_extension
cef_post_task
cef_currently_on
cef_v8value_create_array
cef_string_list_free
cef_string_utf16_clear
cef_v8value_create_string
cef_string_list_alloc
cef_v8value_create_double
cef_v8value_create_int
cef_v8value_create_bool
cef_string_list_size
cef_v8value_create_null
cef_log
cef_list_value_create
cef_string_userfree_utf16_free
cef_string_utf16_set
cef_string_utf8_clear
cef_string_utf16_to_utf8
cef_string_utf16_cmp
cef_string_utf8_to_utf16

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetProcessMemoryInfo

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

winhttp

WinHttpOpen
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpQueryOption
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpSetCredentials
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpQueryAuthSchemes
WinHttpCloseHandle

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
DecodePointer
SetDllDirectoryW
SetLastError
MultiByteToWideChar
ReadFile
FindFirstFileW
FindNextFileW
WriteFile
GetModuleFileNameW
GetTempPathW
FindClose
LocalAlloc
CreateFileW
GetFileAttributesW
SetFileAttributesW
DeleteFileW
CloseHandle
LocalFree
MoveFileExW
lstrcmpW
FlushFileBuffers
GetCurrentProcessId
SetFilePointer
GetCurrentThreadId
HeapFree
GetCurrentProcess
TerminateProcess
WaitForSingleObject
IsDebuggerPresent
HeapSize
CreateToolhelp32Snapshot
CreateEventW
GetSystemTimeAsFileTime
Process32NextW
SetEvent
Process32FirstW
GlobalFree
HeapReAlloc
CreateThread
ResetEvent
HeapAlloc
GetProcAddress
GetProcessHeap
GetModuleHandleW
lstrcpyW
lstrcmpiW
GetFileSizeEx
LoadLibraryW
WaitForMultipleObjects
FreeLibrary
WideCharToMultiByte
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
FileTimeToSystemTime
GetLocalTime
GetTimeFormatW
SystemTimeToFileTime
GetDateFormatW
CreateMutexW
ReleaseMutex
OpenMutexW
GetUserDefaultLangID
GetUserDefaultLCID
LCMapStringW
GetUserDefaultUILanguage
QueryPerformanceCounter
QueryPerformanceFrequency
OpenProcess
GetStartupInfoW
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
SetEndOfFile
GetStringTypeW
EncodePointer
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
GetLocaleInfoW
GetCPInfo
OutputDebugStringW
RtlUnwindEx
InterlockedPushEntrySList
RtlPcToFileHeader
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetTimeZoneInformation
GetStdHandle
GetFileType
IsValidLocale
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
FindFirstFileExW
ProcessIdToSessionId
RtlUnwind
WriteConsoleW
IsValidCodePage

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
RevertToSelf
ConvertStringSidToSidW
ImpersonateLoggedOnUser
OpenProcessToken
GetUserNameW
LookupAccountSidW

shell32

ord680
SHGetFolderLocation
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetKnownFolderPath
SHGetFolderPathW
SHCreateDirectoryExW

ole32

StringFromGUID2
CoCreateGuid
CoInitializeEx
CoSetProxyBlanket
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitialize
OleRun

oleaut32

SysAllocString
VariantCopy
SysStringLen
VariantClear
VariantInit
GetErrorInfo
SysFreeString

shlwapi

PathRenameExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
PathIsDirectoryW
PathRemoveExtensionW
PathAddExtensionW
PathIsFileSpecW

crypt32

CertGetIssuerCertificateFromStore
CertGetNameStringW

Sections

.text
Size: 748KB - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

975b001bfc929ef9c44967ef878d0c44

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

62:1d:1b:f6:10:0b:71:8a:fd:7d:73:1e:73:02:c2:4b:32:d3:14:d9:91:67:cf:2f:5c:13:ba:f7:62:95:8e:43Signer

Headers

DLL Characteristics

File Characteristics

Imports

libcef

version

psapi

wtsapi32

winhttp

kernel32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

Sections

.text Size: 748KB - Virtual size: 748KB

.rdata Size: 275KB - Virtual size: 274KB

.data Size: 16KB - Virtual size: 26KB

.pdata Size: 39KB - Virtual size: 39KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 54KB - Virtual size: 54KB

.reloc Size: 10KB - Virtual size: 10KB

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

62:1d:1b:f6:10:0b:71:8a:fd:7d:73:1e:73:02:c2:4b:32:d3:14:d9:91:67:cf:2f:5c:13:ba:f7:62:95:8e:43
Signer

.text
Size: 748KB - Virtual size: 748KB

.rdata
Size: 275KB - Virtual size: 274KB

.data
Size: 16KB - Virtual size: 26KB

.pdata
Size: 39KB - Virtual size: 39KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 54KB - Virtual size: 54KB

.reloc
Size: 10KB - Virtual size: 10KB