× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c438ac343381031cd47dd4ed966c8e86b2bcd5a1959f55c1c7d8c61920dd18bc
File name: AdbeRdr11010_en_US.exe
Detection ratio: 0 / 56
Analysis date: 2016-04-01 20:51:51 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160401
AegisLab 20160401
AhnLab-V3 20160401
Alibaba 20160401
ALYac 20160401
Antiy-AVL 20160401
Arcabit 20160401
Avast 20160401
AVG 20160401
Avira (no cloud) 20160401
AVware 20160401
Baidu 20160331
Baidu-International 20160401
BitDefender 20160401
Bkav 20160401
CAT-QuickHeal 20160401
ClamAV 20160401
CMC 20160401
Comodo 20160401
Cyren 20160401
DrWeb 20160401
Emsisoft 20160401
ESET-NOD32 20160401
F-Prot 20160401
F-Secure 20160401
Fortinet 20160401
GData 20160401
Ikarus 20160401
Jiangmin 20160401
K7AntiVirus 20160401
K7GW 20160401
Kaspersky 20160401
Kingsoft 20160401
Malwarebytes 20160401
McAfee 20160401
McAfee-GW-Edition 20160401
Microsoft 20160401
eScan 20160401
NANO-Antivirus 20160401
nProtect 20160401
Panda 20160401
Qihoo-360 20160401
Rising 20160401
Sophos AV 20160401
SUPERAntiSpyware 20160401
Symantec 20160331
Tencent 20160401
TheHacker 20160330
TrendMicro 20160401
TrendMicro-HouseCall 20160401
VBA32 20160401
VIPRE 20160401
ViRobot 20160401
Yandex 20160316
Zillya 20160401
Zoner 20160401
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2012 Adobe Systems Incorporated. All rights reserved.

Product Adobe Self Extractor
Original name AdobeSelfExtractor.exe
Internal name AdobeSelfExtractor.exe
File version 11.0.10.32
Description Adobe Self Extractor
Signature verification Signed file, verified signature
Signing date 10:29 AM 12/3/2014
Signers
[+] Adobe Systems, Incorporated
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Symantec Class 3 Extended Validation Code Signing CA
Valid from 1:00 AM 7/17/2014
Valid to 12:59 AM 7/18/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 111AA9B0C6DA43594BB2AD3052567C12EF8D9607
Serial number 7A A3 C9 8F D9 67 40 97 2F CF 87 25 37 3F 3E 50
[+] Symantec Class 3 Extended Validation Code Signing CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 6/7/2012
Valid to 12:59 AM 6/7/2022
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint F8D2C10380EDA2774655E5619DB7D02F7D9E850A
Serial number 6C 59 EF A9 E1 00 E1 0E E3 06 BA 8F E0 29 25 59
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-03 03:13:39
Entry Point 0x0001C835
Number of sections 4
PE sections
Overlays
MD5 b32930c2b382b650d20204f8b4e29041
File type data
Offset 75851776
Size 6336
Entropy 7.32
PE imports
RegCreateKeyExW
RegFlushKey
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegEnumKeyW
RegCreateKeyW
RegOpenKeyW
RegDeleteKeyW
RegQueryValueExW
RegQueryValueW
GetFileTitleW
SetMapMode
TextOutW
SaveDC
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SelectObject
GetObjectW
SetTextColor
ExtTextOutW
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
PtVisible
CreateFontW
ScaleViewportExtEx
SetViewportExtEx
SetWindowExtEx
Escape
SetBkColor
DeleteObject
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
SetEvent
GetDriveTypeA
GetFileAttributesW
lstrcmpW
GetExitCodeProcess
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetVolumeInformationW
SetFilePointer
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
InterlockedExchange
GetTempPathW
WaitForSingleObject
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
MoveFileW
GetFullPathNameW
GetCurrentThread
GetEnvironmentVariableW
SetLastError
GlobalFindAtomW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
EnumResourceLanguagesW
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetPrivateProfileStringW
CreateEventW
SetFileAttributesW
GlobalAddAtomW
CreateThread
SetEnvironmentVariableW
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GlobalLock
CompareStringW
WriteFile
GetFileSizeEx
GlobalReAlloc
RemoveDirectoryW
lstrcmpA
FindNextFileW
CompareStringA
FindFirstFileW
DuplicateHandle
GetProcAddress
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
CreateProcessW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCurrentDirectoryA
HeapSize
WritePrivateProfileStringW
SuspendThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
LoadLibraryExW
CloseHandle
GetACP
GetModuleHandleW
FreeResource
WideCharToMultiByte
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
ResetEvent
CreateStdAccessibleObject
LresultFromObject
VariantChangeType
VariantInit
VariantClear
SHGetMalloc
Ord(165)
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
SetFocus
GetForegroundWindow
SetMenuItemBitmaps
LoadBitmapW
DestroyMenu
PostQuitMessage
GetMessagePos
SetWindowPos
IsWindow
GrayStringW
EndPaint
GetMessageTime
SetActiveWindow
DispatchMessageW
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetMenu
UnregisterClassW
GetClassInfoW
DrawTextW
GetNextDlgTabItem
CallNextHookEx
GetClientRect
GetTopWindow
GetWindowTextW
GetActiveWindow
GetMenuItemID
DestroyWindow
GetClassInfoExW
UpdateWindow
GetPropW
GetMenuState
GetMessageW
ShowWindow
SetPropW
GetDesktopWindow
PeekMessageW
EnableWindow
CharUpperW
TranslateMessage
IsWindowEnabled
GetWindow
RegisterClassW
GetWindowPlacement
EnableMenuItem
GetSubMenu
IsDialogMessageW
CopyRect
GetSysColorBrush
CreateWindowExW
TabbedTextOutW
GetWindowLongW
PtInRect
MapWindowPoints
RegisterWindowMessageW
IsIconic
BeginPaint
DefWindowProcW
GetParent
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
GetWindowRect
DrawIcon
RemovePropW
SendDlgItemMessageW
PostMessageW
CheckMenuItem
GetClassLongW
GetLastActivePopup
SetWindowTextW
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
GetMenuItemCount
ValidateRect
SetWindowsHookExW
LoadCursorW
LoadIconW
GetDC
SetForegroundWindow
CreateDialogIndirectParamW
DrawTextExW
EndDialog
FindWindowW
GetCapture
GetWindowThreadProcessId
MessageBoxW
SendMessageW
SetMenu
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpW
CallWindowProcW
GetClassNameW
ModifyMenuW
GetFocus
UnhookWindowsHookEx
SetCursor
DocumentPropertiesW
ClosePrinter
OpenPrinterW
Ord(70)
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 13
RT_ICON 7
RT_DIALOG 3
RT_BITMAP 3
ARCHIVE_7Z_RDC 1
ADOBE_SFX_INI 1
RT_MANIFEST 1
ARCHIVE_7Z 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 63
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
75643904

ImageVersion
0.0

ProductName
Adobe Self Extractor

FileVersionNumber
11.0.10.32

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
AdobeSelfExtractor.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
11.0.10.32

TimeStamp
2014:12:03 04:13:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
AdobeSelfExtractor.exe

ProductVersion
11.0.10.32

FileDescription
Adobe Self Extractor

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright 2012 Adobe Systems Incorporated. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Adobe Systems Incorporated

CodeSize
206848

FileSubtype
0

ProductVersionNumber
11.0.10.32

EntryPoint
0x1c835

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 31688efbc3b9c99914a5bb7fb58aec9e
SHA1 98b2b838e6c4663fefdfd341dfdc596b1eff355c
SHA256 c438ac343381031cd47dd4ed966c8e86b2bcd5a1959f55c1c7d8c61920dd18bc
ssdeep
1572864:WPdCnoKPVEOuTeWvEae6VGE6ptdMLIHV43Q3qE3CYt:WPSdUewm6YE6p/MLI1IQ3qEd

authentihash f7d4173ff5734337cceb9a153dcd5f3866fa7c4f59cc1caadaa3b10c0b5d996e
imphash 36632610a044b4b8ae589b4226d406da
File size 72.3 MB ( 75858112 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (53.0%)
Win64 Executable (generic) (34.0%)
Win32 Executable (generic) (5.5%)
OS/2 Executable (generic) (2.4%)
Generic Win/DOS Executable (2.4%)
Tags
peexe overlay signed via-tor

VirusTotal metadata
First submission 2014-12-09 07:46:07 UTC ( 3 years, 11 months ago )
Last submission 2018-11-06 15:55:15 UTC ( 2 weeks, 1 day ago )
File names bitab02.tmp
bit9b6f.tmp
bitc414.tmp
f7604f27-2482-48ba-8462-95cc8db98d8f
bit3b55.tmp
adobe-reader_11010.exe
adberd~1.exe
adberdr11010_en_us.exe.irbyhy9.partial
bitba5c.tmp
bit4424.tmp
bit485e.tmp
adobe-acrobat-reader.exe
AdbeRdr11014.exe
ADBERD~1.EXE
AdbeRdr11010_en_US(1).exe
bit733c.tmp
Adobe reader.exe
bit49d5.tmp
installadobe.exe
adberdr11010-en-us.exe
bita94e.tmp
bitf6b4.tmp
bit7461.tmp
bit8a85.tmp
Adobe Reader XI 11.3.9.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!