AcroRd32[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

AcroRd32.exe
Size

1.5MB
MD5

92cbd9454fb7a42c4b0858364a759755
SHA1

8f4465f1a90ccbf8cd99a3ddf2d3468070279ec8
SHA256

c43c0929e1f9b27dac07d49b0a659e83be4cdb4dfdd709eb7e37a341cd169e87
SHA512

0267d97a331f05fae6553573508a33b1c7750ad3fa2390b4ec52c51c5c9e06e06446d31f1520620562a93c1f873534c14386051c66f1083c5c7d0bb7046209ff
SSDEEP

24576:Dfw7v3yMbTUOvxw9oKNn7UPnWSqvZJZhIyE76xMD4Yr18/cnUn4O8b8ITDnlHHF:s7v3yMn84WZZJZhIyEmMDnr6n4O8b8ID

Score

1^/10

Malware Config

Signatures

Files

AcroRd32.exe
.exe windows:5 windows x86 arch:x86

d4de6f9b56437887edb21cc7900b66eb

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:44:f4:e3:81:f6:31:ab:7b:fa:66:ad:de:27:87:f9
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/06/2015, 00:00

Not After

07/05/2017, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Systems\, Incorporated,OU=Acrobat 11,O=Adobe Systems\, Incorporated,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

fe:24:9c:f4:7b:d1:2e:a5:ff:7c:32:30:ab:bf:a7:b0:3d:bb:5e:9d
Signer

Actual PE Digest

fe:24:9c:f4:7b:d1:2e:a5:ff:7c:32:30:ab:bf:a7:b0:3d:bb:5e:9d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

AcroRd32Exe.pdb

Imports

kernel32

OpenProcess
LockResource
FindResourceExW
GetProcessHeap
HeapSetInformation
CreateSemaphoreW
ReleaseSemaphore
GetTempPathW
AddAtomW
SetErrorMode
GetSystemTimeAsFileTime
MulDiv
GlobalFree
GlobalUnlock
GetCurrentDirectoryW
GlobalAlloc
GetSystemDirectoryW
FindFirstFileW
FindClose
lstrcmpW
lstrcmpA
LocalAlloc
GetCommandLineW
SetCurrentDirectoryW
SetDllDirectoryW
GetExitCodeProcess
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
LoadLibraryExW
lstrcmpiW
OutputDebugStringA
GetModuleFileNameW
IsProcessInJob
ProcessIdToSessionId
QueryInformationJobObject
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
RaiseException
InterlockedExchange
InterlockedExchangeAdd
InterlockedCompareExchange
GetVersion
GetFileAttributesW
LoadLibraryW
GetModuleHandleA
LoadLibraryA
GetTickCount
GetVolumeInformationW
lstrlenW
Sleep
OpenMutexW
CreateEventW
CreateNamedPipeW
ResetEvent
CreateThread
InitializeCriticalSection
GetModuleHandleW
ConnectNamedPipe
ReadFile
WriteFile
InterlockedPopEntrySList
InterlockedPushEntrySList
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
DisconnectNamedPipe
CreateMutexW
GetCurrentProcess
LocalFree
DeleteCriticalSection
SetEvent
WaitForSingleObject
SetLastError
GetLastError
WaitNamedPipeW
GetCurrentProcessId
SetNamedPipeHandleState
TransactNamedPipe
CreateFileW
GetFileType
CloseHandle
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
GlobalLock
SetStdHandle
WriteConsoleW
GetTimeZoneInformation
QueryPerformanceCounter
SetHandleCount
ExitProcess
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
LCMapStringW
GetCPInfo
GetSystemInfo
VirtualAlloc
GetFullPathNameW
HeapReAlloc
GetConsoleMode
GetConsoleCP
ReleaseMutex
DeleteFileW
SetFilePointer
GetNativeSystemInfo
ExpandEnvironmentStringsW
SetInformationJobObject
GetProcessId
DuplicateHandle
CreateProcessW
GetStdHandle
TerminateProcess
ResumeThread
AssignProcessToJobObject
GetCPInfoExW
WideCharToMultiByte
GetCurrentThreadId
GetLocaleInfoW
GetLongPathNameW
WriteProcessMemory
VirtualProtectEx
TerminateThread
GetCurrentThread
QueryDosDeviceW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
GetDriveTypeW
GetEnvironmentVariableW
GetProfileStringW
GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW
DeviceIoControl
GetFileInformationByHandle
PostQueuedCompletionStatus
UnregisterWaitEx
TerminateJobObject
GetQueuedCompletionStatus
RegisterWaitForSingleObject
CreateIoCompletionPort
DebugBreak
VirtualAllocEx
VirtualQueryEx
GetThreadContext
GetStartupInfoW
SignalObjectAndWait
VirtualFree
VirtualFreeEx
CreateJobObjectW
HeapAlloc
SearchPathW
ExitThread
VirtualQuery
ReadProcessMemory
SuspendThread
WaitForMultipleObjects
GetTempFileNameW
GetProcessTimes
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalAddAtomW
MoveFileExW
CreateDirectoryW
GetExitCodeThread
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEnvironmentVariableW
CreateDirectoryExW
FlushFileBuffers
FindNextFileW
GlobalSize
VirtualProtect
FlushInstructionCache
lstrlenA
GlobalHandle
GetStringTypeW
EncodePointer
DecodePointer
RtlUnwind
HeapFree
HeapCreate
HeapDestroy
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress

user32

GetDC
ReleaseDC
RegisterClipboardFormatW
DispatchMessageW
PeekMessageW
TranslateMessage
MsgWaitForMultipleObjects
DdeDisconnect
DdeConnect
DdeCreateDataHandle
SystemParametersInfoW
PostThreadMessageW
GetThreadDesktop
GetProcessWindowStation
CloseWindowStation
GetDesktopWindow
CreateWindowStationW
CreateDesktopW
GetUserObjectInformationW
GetActiveWindow
SetTimer
GetAsyncKeyState
GetWindowInfo
UnregisterClassW
RegisterClassW
EnumChildWindows
EnableWindow
SetWindowTextW
GetRawInputDeviceList
GetRawInputDeviceInfoW
SetWindowPos
GetWindowRect
GetWindowTextLengthW
CreateIconFromResourceEx
UnhookWindowsHookEx
SetDlgItemTextW
SetWindowsHookExW
GetParent
FindWindowExW
SendDlgItemMessageW
LoadIconW
DdeClientTransaction
CloseWindow
SetActiveWindow
IsWindowEnabled
GetClipboardFormatNameA
OpenClipboard
CloseClipboard
GetClipboardData
EmptyClipboard
SetClipboardData
IsClipboardFormatAvailable
EnumClipboardFormats
CountClipboardFormats
GetClipboardFormatNameW
GetClipboardSequenceNumber
GetClipboardOwner
GetPriorityClipboardFormat
GetOpenClipboardWindow
LoadCursorW
SetFocus
GetFocus
MoveWindow
GetClientRect
UpdateWindow
GetClassInfoExW
IsChild
GetMessageW
GetSysColor
ClientToScreen
ScreenToClient
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
ReleaseCapture
FillRect
CallWindowProcW
EndPaint
BeginPaint
DestroyAcceleratorTable
CreateAcceleratorTableW
IsDialogMessageW
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
SetCursor
LoadBitmapW
SetWindowContextHelpId
MapDialogRect
CreateDialogIndirectParamW
GetWindowDC
PostQuitMessage
UnregisterClassA
DdeAddData
DdeGetData
EnumThreadWindows
IsWindowVisible
DdeInitializeW
DdeUninitialize
DdeFreeStringHandle
DdeCreateStringHandleW
DdeNameService
FindWindowA
RegisterWindowMessageA
SetWindowLongW
ShowWindow
SetProcessWindowStation
SetThreadDesktop
OpenInputDesktop
CloseDesktop
SendNotifyMessageW
DefWindowProcW
MessageBoxW
CreateWindowExW
RegisterClassExW
RegisterWindowMessageW
PostMessageW
DestroyWindow
EnumWindows
UserHandleGrantAccess
IsWindow
SetParent
GetWindowLongW
GetWindow
GetClassNameW
GetWindowTextW
FindWindowW
SetForegroundWindow
BringWindowToTop
GetSystemMetrics
GetForegroundWindow
AllowSetForegroundWindow
EndDialog
GetDlgItem
CharNextW
DialogBoxParamW
SendMessageW
SetPropW
GetPropW
GetGUIThreadInfo
GetWindowThreadProcessId
GetClipboardViewer

advapi32

CryptGenKey
RegOpenKeyExA
AllocateAndInitializeSid
EqualSid
FreeSid
RegQueryValueExA
RegCreateKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CopySid
GetLengthSid
SetSecurityDescriptorDacl
InitializeAcl
InitializeSecurityDescriptor
AccessCheck
MapGenericMask
GetNamedSecurityInfoW
DuplicateTokenEx
OpenThreadToken
SetEntriesInAclW
SetSecurityInfo
GetSecurityInfo
AddAce
GetAce
GetAclInformation
SetTokenInformation
CreateWellKnownSid
RegDisablePredefinedCache
RevertToSelf
SetThreadToken
CreateProcessAsUserW
ConvertStringSidToSidW
GetSecurityDescriptorSacl
CreateRestrictedToken
DuplicateToken
LookupPrivilegeValueW
CheckTokenMembership
SaferiIsExecutableFileType
CryptGetProvParam
CryptSetProvParam
CryptGenRandom
CryptDecrypt
CryptHashData
CryptSignHashA
CryptSignHashW
CryptGetHashParam
CryptSetKeyParam
CryptAcquireContextA
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
CryptContextAddRef
CryptImportKey
CryptGetUserKey
CryptCreateHash

shlwapi

PathIsUNCServerShareW
ord219
PathAddBackslashW
UrlCanonicalizeW
PathCreateFromUrlW
PathIsUNCW
PathFindFileNameW
PathCanonicalizeW
PathFindExtensionW
PathIsDirectoryW
AssocQueryStringW
UrlGetPartW
PathRemoveBackslashW
PathCombineW
PathIsRelativeW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW
SHDeleteKeyW
PathIsURLW
UrlIsW

Exports

Exports

AcroRd32IsBrokerProcess

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4de6f9b56437887edb21cc7900b66eb

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

37:44:f4:e3:81:f6:31:ab:7b:fa:66:ad:de:27:87:f9Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13Certificate

Extended Key Usages

Key Usages

fe:24:9c:f4:7b:d1:2e:a5:ff:7c:32:30:ab:bf:a7:b0:3d:bb:5e:9dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shlwapi

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 251KB - Virtual size: 251KB

.data Size: 17KB - Virtual size: 31KB

.rsrc Size: 83KB - Virtual size: 83KB

.reloc Size: 69KB - Virtual size: 68KB

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

37:44:f4:e3:81:f6:31:ab:7b:fa:66:ad:de:27:87:f9
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

fe:24:9c:f4:7b:d1:2e:a5:ff:7c:32:30:ab:bf:a7:b0:3d:bb:5e:9d
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 251KB - Virtual size: 251KB

.data
Size: 17KB - Virtual size: 31KB

.rsrc
Size: 83KB - Virtual size: 83KB

.reloc
Size: 69KB - Virtual size: 68KB