× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 8f89ee7d1ab031359b31d752ef54da141d7797f0363a81fca9fd17a2ac844255
Имя файла: AdbeRdr11000_ru_RU.exe
Показатель выявления: 1 / 47
Дата анализа: 2014-03-15 05:42:22 UTC (4 лет, 8 месяцев назад) Показать последний анализ
Антивирус Результат Дата обновления
Emsisoft Gen:Variant.Kazy.81538 (B) 20140315
Ad-Aware 20140315
Yandex 20140313
AhnLab-V3 20140314
AntiVir 20140315
Antiy-AVL 20140315
Avast 20140315
AVG 20140314
Baidu-International 20140314
BitDefender 20140315
Bkav 20140313
ByteHero 20140315
CAT-QuickHeal 20140314
ClamAV 20140315
CMC 20140313
Commtouch 20140315
Comodo 20140315
DrWeb 20140315
ESET-NOD32 20140315
F-Prot 20140315
F-Secure 20140315
Fortinet 20140315
GData 20140315
Ikarus 20140315
Jiangmin 20140315
K7AntiVirus 20140314
K7GW 20140314
Kaspersky 20140315
Kingsoft 20140315
Malwarebytes 20140315
McAfee 20140315
McAfee-GW-Edition 20140315
Microsoft 20140315
eScan 20140315
NANO-Antivirus 20140315
Norman 20140314
nProtect 20140315
Panda 20140314
Qihoo-360 20140302
Rising 20140314
Sophos AV 20140315
SUPERAntiSpyware 20140315
Symantec 20140314
TheHacker 20140314
TotalDefense 20140314
TrendMicro 20140315
TrendMicro-HouseCall 20140315
VBA32 20140314
VIPRE 20140315
ViRobot 20140315
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright 2012 Adobe Systems Incorporated. All rights reserved.

Product Adobe Self Extractor
Original name AdobeSelfExtractor.exe
Internal name AdobeSelfExtractor.exe
File version 11.0.0.379
Description Adobe Self Extractor
Signature verification Signed file, verified signature
Signing date 4:49 AM 9/24/2012
Signers
[+] Adobe Systems, Incorporated
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 9/20/2012
Valid to 12:59 AM 9/21/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 70D566DF844F3E2D9AC31E518256E7B6F2DE9272
Serial number 09 AC 06 4D 05 28 17 FF 4D 79 42 EA 69 76 C3 D8
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G3
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 5/1/2012
Valid to 12:59 AM 1/1/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 8FD99D63FB3AFBD534A4F6E31DACD27F59504021
Serial number 79 A2 A5 85 F9 D1 15 42 13 D9 B8 3E F6 B6 8D ED
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-09-24 02:26:38
Entry Point 0x0001C6B3
Number of sections 4
PE sections
Overlays
MD5 e6479c87f15d3ddff60891482afcb4a5
File type data
Offset 38265856
Size 7312
Entropy 7.28
PE imports
RegCreateKeyExW
RegFlushKey
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegEnumKeyW
RegCreateKeyW
RegOpenKeyW
RegDeleteKeyW
RegQueryValueExW
RegQueryValueW
GetFileTitleW
SetMapMode
TextOutW
SaveDC
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SelectObject
GetObjectW
SetTextColor
ExtTextOutW
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
PtVisible
CreateFontW
ScaleViewportExtEx
SetViewportExtEx
SetWindowExtEx
Escape
SetBkColor
DeleteObject
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
SetEvent
GetDriveTypeA
GetFileAttributesW
lstrcmpW
GetExitCodeProcess
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetVolumeInformationW
SetFilePointer
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
InterlockedExchange
GetTempPathW
WaitForSingleObject
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
MoveFileW
GetFullPathNameW
GetCurrentThread
GetEnvironmentVariableW
SetLastError
GlobalFindAtomW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
EnumResourceLanguagesW
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetPrivateProfileStringW
CreateEventW
SetFileAttributesW
GlobalAddAtomW
CreateThread
SetEnvironmentVariableW
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GlobalLock
CompareStringW
WriteFile
GetFileSizeEx
GlobalReAlloc
RemoveDirectoryW
lstrcmpA
FindNextFileW
CompareStringA
FindFirstFileW
DuplicateHandle
GetProcAddress
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
CreateProcessW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCurrentDirectoryA
HeapSize
WritePrivateProfileStringW
SuspendThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
LoadLibraryExW
CloseHandle
GetACP
GetModuleHandleW
FreeResource
WideCharToMultiByte
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
ResetEvent
CreateStdAccessibleObject
LresultFromObject
VariantChangeType
VariantInit
VariantClear
SHGetMalloc
Ord(165)
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
SetFocus
GetForegroundWindow
SetMenuItemBitmaps
LoadBitmapW
DestroyMenu
PostQuitMessage
GetMessagePos
SetWindowPos
IsWindow
GrayStringW
EndPaint
GetMessageTime
SetActiveWindow
DispatchMessageW
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetMenu
UnregisterClassW
GetClassInfoW
DrawTextW
GetNextDlgTabItem
CallNextHookEx
GetClientRect
GetTopWindow
GetWindowTextW
GetActiveWindow
GetMenuItemID
DestroyWindow
GetClassInfoExW
UpdateWindow
GetPropW
GetMenuState
GetMessageW
ShowWindow
SetPropW
GetDesktopWindow
PeekMessageW
EnableWindow
CharUpperW
TranslateMessage
IsWindowEnabled
GetWindow
RegisterClassW
GetWindowPlacement
EnableMenuItem
GetSubMenu
IsDialogMessageW
CopyRect
GetSysColorBrush
CreateWindowExW
TabbedTextOutW
GetWindowLongW
PtInRect
MapWindowPoints
RegisterWindowMessageW
IsIconic
BeginPaint
DefWindowProcW
GetParent
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
GetWindowRect
DrawIcon
RemovePropW
SendDlgItemMessageW
PostMessageW
CheckMenuItem
GetClassLongW
GetLastActivePopup
SetWindowTextW
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
GetMenuItemCount
ValidateRect
SetWindowsHookExW
LoadCursorW
LoadIconW
GetDC
SetForegroundWindow
CreateDialogIndirectParamW
DrawTextExW
EndDialog
FindWindowW
GetCapture
GetWindowThreadProcessId
MessageBoxW
SendMessageW
SetMenu
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpW
CallWindowProcW
GetClassNameW
ModifyMenuW
GetFocus
UnhookWindowsHookEx
SetCursor
DocumentPropertiesW
ClosePrinter
OpenPrinterW
Ord(70)
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 13
RT_ICON 7
RT_DIALOG 3
RT_BITMAP 3
ADOBE_SFX_INI 1
RT_MANIFEST 1
ARCHIVE_7Z 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 62
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
11.0.0.379

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Adobe Self Extractor

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
38058496

EntryPoint
0x1c6b3

OriginalFileName
AdobeSelfExtractor.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2012 Adobe Systems Incorporated. All rights reserved.

FileVersion
11.0.0.379

TimeStamp
2012:09:24 03:26:38+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
AdobeSelfExtractor.exe

ProductVersion
11.0.0.379

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Adobe Systems Incorporated

CodeSize
206336

ProductName
Adobe Self Extractor

ProductVersionNumber
11.0.0.379

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Compressed bundles
File identification
MD5 257d21bd80883604adaf8951ebb6ca77
SHA1 c7d77938bb530dbd36dbe71631088a123223ebcc
SHA256 8f89ee7d1ab031359b31d752ef54da141d7797f0363a81fca9fd17a2ac844255
ssdeep
786432:r4P3+UnY5DgVif1JPrVPSkLR9O9kNwYV2GoJnQatIjKovummL:cf+URgfLpP69kNwYzo9rOIL

authentihash 3d0e29d85bc44685d2981f86dd4555bb89731db5fbf3e2cb8e82616840148798
imphash 36632610a044b4b8ae589b4226d406da
Размер файла 36.5 MБ ( 38273168 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (53.0%)
Win64 Executable (generic) (34.0%)
Win32 Executable (generic) (5.5%)
OS/2 Executable (generic) (2.4%)
Generic Win/DOS Executable (2.4%)
Tags
peexe overlay signed via-tor

VirusTotal metadata
First submission 2013-01-31 17:15:00 UTC (5 лет, 9 месяцев назад)
Last submission 2018-11-19 17:23:56 UTC (19 часов, 58 минут назад)
Имена файлов AbobeReader 11.exe
Adobe Reader_11000_ru_RU.exe
Adobe Reader 11.exe
Adobe Reader XI 11.0.0.0 Rus.exe
program.exe
adberdr11000_ru_ru.exe
AdbeRdr11000_ru_RU.exe
AdobeSelfExtractor.exe
AdbeRdr11000_ru_RU.exe
Adobe Reader 11.0 Ru-32bit.exe
01.exe
Adobe Reader XI 11.0.0 Ru.exe
AdbeRdr11000_ru_RU.exe
AdbeRdr11_RU.exe
AdbeRdr11000_ru_RU .exe
Adobe_Reader_Rus_Setup.exe
AdobeReader11.exe
AdbeRdr11000_ru_RU.exe
Adobe Reader 10.exe
AdobeReader.exe
program.exe5
Adobe Reader XI.exe
install_reader11_ru_chrd_aih.exe
AdbeRdr11000_ru_RU.exe
target.exe
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!