Adobe Premiere Pro[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Adobe Premiere Pro.exe
Size

1.6MB
MD5

ab5e77e28791f6ee4a7e947fa358934d
SHA1

e46626d9f29228d1faaffc7a3732559847135073
SHA256

f1a7439bc29509a8d25bd7965c56c5524476b17634e7f3d03fd4747ff3e0394e
SHA512

51c22c8f875a5a4188728ef2535a0cbafbe91f5c832446d786103ef4333da65bc1de73febeeb2a68fd505bbaca50442e691434840679fdd74ef526ceb8b38737
SSDEEP

6144:w2pvR90QDReYtOwa8R40NTT850CK3NBtC8Lhvfzrl74PaXHsl9q+q:xp8QbtwcNUGCK9TVhvLrl74P5lM+q

Score

1^/10

Malware Config

Signatures

Files

Adobe Premiere Pro.exe
.exe windows:6 windows x64

7dcfb73a389bf82cf8b0e5f7cc5a6e14

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:a6:10:36:bc:17:2e:7a:f6:30:74:ac:2c:dc:27:00
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

06/11/2015, 00:00

Not After

28/10/2017, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Systems Incorporated,OU=Premiere Pro\, AME\, After Effects\, Speedgrade,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7f:b2:0f:aa:b4:e9:f0:0f:75:dd:d8:9c:1f:20:23:e1:40:4e:bc:15:39:39:d9:e2:cb:d0:77:e1:a8:f8:e9:25
Signer

Actual PE Digest

7f:b2:0f:aa:b4:e9:f0:0f:75:dd:d8:9c:1f:20:23:e1:40:4e:bc:15:39:39:d9:e2:cb:d0:77:e1:a8:f8:e9:25

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

prm

?Initialize@PRM@@YAXW4ApplicationType@1@PEBD111_N@Z

aslfoundation

?Create@Module@ASL@@SAHPEAUHINSTANCE__@@AEAV?$ObjectPtr@VModule@ASL@@VAtomicValue@2@@2@@Z
?Allocate@Allocator@ASL@@SAPEAX_K@Z
?Dispose@Allocator@ASL@@SAXPEAX_K@Z

frontend

?Run@FE@@YAHAEBV?$ObjectPtr@VModule@ASL@@VAtomicValue@2@@ASL@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$STLAllocator@G@SmallBlockAllocator@utility@dvacore@@@std@@H@Z

dvacore

?FullPath@File@filesupport@dvacore@@QEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$STLAllocator@G@SmallBlockAllocator@utility@dvacore@@@std@@XZ
?AsciiToUTF16@utility@dvacore@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$STLAllocator@G@SmallBlockAllocator@utility@dvacore@@@std@@PEBD_K@Z
?Dispose@SmallBlockAllocator@utility@dvacore@@YAXPEAX_K@Z
?Allocate@SmallBlockAllocator@utility@dvacore@@YAPEAX_K@Z
??1File@filesupport@dvacore@@QEAA@XZ
?MainExecutableFile@commondirs@filesupport@dvacore@@YA?AVFile@23@XZ

kernel32

OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
DecodePointer
RaiseException
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
GetStartupInfoW
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
CloseHandle
SetEvent
ResetEvent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
IsDebuggerPresent

user32

UnregisterClassW

oleaut32

SysFreeString

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

vcruntime140

_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
__vcrt_InitializeCriticalSectionEx
__C_specific_handler
__std_type_info_destroy_list
memset
__std_terminate

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
_recalloc

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_get_wide_winmain_command_line
_initialize_wide_environment
_exit
_initialize_onexit_table
_initterm
terminate
_configure_wide_argv
_errno
_invalid_parameter_noinfo
exit
_set_app_type
_seh_filter_exe
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_seh_filter_dll
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7dcfb73a389bf82cf8b0e5f7cc5a6e14

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

6e:a6:10:36:bc:17:2e:7a:f6:30:74:ac:2c:dc:27:00Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

7f:b2:0f:aa:b4:e9:f0:0f:75:dd:d8:9c:1f:20:23:e1:40:4e:bc:15:39:39:d9:e2:cb:d0:77:e1:a8:f8:e9:25Signer

Headers

DLL Characteristics

File Characteristics

Imports

prm

aslfoundation

frontend

dvacore

kernel32

user32

oleaut32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 44B

.rsrc Size: 1.6MB - Virtual size: 1.6MB

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

6e:a6:10:36:bc:17:2e:7a:f6:30:74:ac:2c:dc:27:00
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

7f:b2:0f:aa:b4:e9:f0:0f:75:dd:d8:9c:1f:20:23:e1:40:4e:bc:15:39:39:d9:e2:cb:d0:77:e1:a8:f8:e9:25
Signer

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 44B

.rsrc
Size: 1.6MB - Virtual size: 1.6MB