Service_Adobe[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Service_Adobe.exe
Size

216KB
MD5

e4d90231e665b8126bb32e762006f279
SHA1

72d41e1904c89626e2561d07c21215f6b75b5524
SHA256

26a529a6d37fd94fc2d93754472690a4fedd28883651ad98935185e6db3e0b5a
SHA512

155d82a15d77cd61b0ec2632a920b7efb051af83591403a510ed6eaf83ce1f9de583fc3f5004920d0b0b4012df7cb8db7f23ad35e4409dd908e60e692d13928e
SSDEEP

6144:0GzUmV0Yk5kUw5BujTE+FDEmi7Aobla5f:0GwcYZw5ZmiAob

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Service_Adobe.exe

Files

Service_Adobe.exe
.exe windows:6 windows x64 arch:x64

43cc3e79ab091addb2ac1a364ac54d41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

wsprintfA
wsprintfW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantClear

ntdll

RtlInitUnicodeString
NtMapViewOfSection
NtWriteFile
NtSetInformationFile
RtlUnwindEx
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtClose
NtOpenFile
NtCreateSection
RtlAdjustPrivilege
NtSetInformationProcess

shlwapi

PathFindFileNameW

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegOpenKeyExA
RegSetValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetTokenInformation

wininet

InternetOpenUrlW
HttpQueryInfoA
InternetOpenW
InternetCloseHandle
InternetReadFile

shell32

SHGetFolderPathA
SHGetFolderPathW

kernel32

ReadConsoleW
HeapReAlloc
OutputDebugStringW
LoadLibraryExW
EnumSystemLocalesEx
IsValidLocaleName
LCMapStringEx
GetUserDefaultLocaleName
GetLocaleInfoEx
SetStdHandle
GetEnvironmentStringsW
GetTickCount64
QueryPerformanceCounter
GetStringTypeW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
ReadFile
InitOnceExecuteOnce
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
WriteConsoleW
LocalFree
InitializeCriticalSectionEx
SetEndOfFile
FreeEnvironmentStringsW
CopyFileW
GetFileType
GetModuleHandleW
GetStartupInfoW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetThreadContext
GetTempFileNameW
GetFileSize
SetThreadContext
SetFilePointer
GetCurrentProcess
WaitForSingleObject
WriteFile
OpenProcess
GetSystemDirectoryW
LoadLibraryW
GetModuleFileNameW
CreateFileW
GetTempPathW
GetLastError
GetProcAddress
VirtualAllocEx
LoadLibraryA
GetModuleHandleA
Wow64SetThreadContext
CloseHandle
WriteProcessMemory
ResumeThread
Wow64GetThreadContext
CreateThread
HeapAlloc
GetProcessHeap
Sleep
Process32First
CreateRemoteThread
Process32Next
CreateToolhelp32Snapshot
CreateDirectoryW
SetFileAttributesW
VirtualProtectEx
ExitProcess
FindFirstFileW
CompareFileTime
GetWindowsDirectoryA
GetProcessTimes
GetVolumeInformationA
lstrcatA
CreateDirectoryA
CopyFileA
SetFileAttributesA
FindClose
Process32FirstW
GetModuleFileNameA
Process32NextW
CreateMutexA
IsDebuggerPresent
FindNextFileW
MapViewOfFile
UnmapViewOfFile
VirtualFree
TerminateProcess
VirtualAlloc
CreateFileMappingA
ExpandEnvironmentStringsW
HeapFree
EncodePointer
DecodePointer
WideCharToMultiByte
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetCommandLineW
IsValidCodePage
GetACP
GetOEMCP
SetLastError
GetCurrentThreadId
MultiByteToWideChar
GetModuleHandleExW
GetStdHandle
HeapSize
RaiseException

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43cc3e79ab091addb2ac1a364ac54d41

Headers

DLL Characteristics

File Characteristics

Imports

user32

ole32

oleaut32

ntdll

shlwapi

advapi32

wininet

shell32

kernel32

Sections

.text Size: 135KB - Virtual size: 134KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 9KB - Virtual size: 18KB

.pdata Size: 7KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 135KB - Virtual size: 134KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 9KB - Virtual size: 18KB

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB