Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2025-Apr-02 08:59:56 |
Detected languages |
English - United States
|
CompanyName | Developer Tools |
FileDescription | Adobe Integration Management Utility - System configuration tool |
FileVersion | 1.0.0.0 |
InternalName | DirtyAdobePatch.exe |
LegalCopyright | Copyright (C) 2023 |
OriginalFilename | DirtyAdobePatch.exe |
ProductName | Adobe Integration Manager |
ProductVersion | 1.0.0.0 |
Comments | This utility configures system settings for Adobe products. |
LegalTrademarks | This program follows Windows application development best practices. |
Info | Matching compiler(s): | MASM/TASM - sig1(h) |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Malicious | The program tries to mislead users about its origins. | The PE pretends to be from Adobe but is not signed! |
Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 6 |
TimeDateStamp | 2025-Apr-02 08:59:56 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x2cc00 |
SizeOfInitializedData | 0x34600 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000000000002B21C (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x64000 |
SizeOfHeaders | 0x400 |
Checksum | 0x62dd5 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetExitCodeProcess
CreateProcessW GetModuleHandleW GetProcAddress LoadLibraryW MultiByteToWideChar GetCurrentProcess GetConsoleMode SetConsoleMode SetConsoleCP SetConsoleOutputCP GetConsoleScreenBufferInfo SetConsoleTextAttribute GetSystemTimeAsFileTime WaitForSingleObject GetLastError CloseHandle WideCharToMultiByte GetStdHandle GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter TerminateProcess IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter IsDebuggerPresent RtlVirtualUnwind RtlLookupFunctionEntry RtlCaptureContext GetFileInformationByHandleEx CopyFileW AreFileApisANSI GetFileInformationByHandle GetFileAttributesExW FindNextFileW FindFirstFileExW FindFirstFileW FindClose CreateFileW GetLocaleInfoEx FormatMessageA LocalFree InitializeSListHead |
---|---|
ADVAPI32.dll |
RegOpenKeyExW
RegEnumKeyExW RegCloseKey RegQueryValueExW |
MSVCP140.dll |
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ ?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ ?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ ?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ ?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ ?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z ?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z ?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ ?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ ?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z ?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ ?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ ?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z ?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z ?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z ?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ ?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ ?id@?$ctype@_W@std@@2V0locale@2@A ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A ?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A ?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z ??0_Lockit@std@@QEAA@H@Z ??1_Lockit@std@@QEAA@XZ ?_Xbad_alloc@std@@YAXXZ ?_Xlength_error@std@@YAXPEBD@Z ?_Xout_of_range@std@@YAXPEBD@Z ?_Xruntime_error@std@@YAXPEBD@Z ?uncaught_exceptions@std@@YAHXZ ?_Syserror_map@std@@YAPEBDH@Z ?_Winerror_map@std@@YAHH@Z ??0_Locinfo@std@@QEAA@HPEBD@Z ??1_Locinfo@std@@QEAA@XZ ?_Getname@_Locinfo@std@@QEBAPEBDXZ ??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z ??Bid@locale@std@@QEAA_KXZ ?_New_Locimp@_Locimp@locale@std@@CAPEAV123@_N@Z ?_Makeloc@_Locimp@locale@std@@CAPEAV123@AEBV_Locinfo@3@HPEAV123@PEBV23@@Z ?global@locale@std@@SA?AV12@AEBV12@@Z ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ ?always_noconv@codecvt_base@std@@QEBA_NXZ ?widen@?$ctype@_W@std@@QEBA_WD@Z ?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z ??Bios_base@std@@QEBA_NXZ ?good@ios_base@std@@QEBA_NXZ ?flags@ios_base@std@@QEBAHXZ ?width@ios_base@std@@QEBA_JXZ ?width@ios_base@std@@QEAA_J_J@Z ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ |
VCRUNTIME140.dll |
memcmp
memchr __current_exception __current_exception_context __C_specific_handler memcpy memmove __std_exception_destroy __std_exception_copy memset _CxxThrowException |
VCRUNTIME140_1.dll |
__CxxFrameHandler4
|
api-ms-win-crt-runtime-l1-1-0.dll |
abort
_get_initial_narrow_environment _c_exit _initterm _initterm_e __p___argv terminate __p___argc _configure_narrow_argv _initialize_narrow_environment _invalid_parameter_noinfo_noreturn _initialize_onexit_table exit _register_onexit_function _crt_atexit _register_thread_local_exe_atexit_callback _seh_filter_exe _cexit _exit _set_app_type |
api-ms-win-crt-string-l1-1-0.dll |
strcmp
strlen wcslen towlower iswalnum |
api-ms-win-crt-stdio-l1-1-0.dll |
_isatty
fclose fflush fgetc fgetpos fputc fread fsetpos _fseeki64 fwrite setvbuf ungetc _get_stream_buffer_pointers __p__commode _set_fmode _fileno __acrt_iob_func |
api-ms-win-crt-math-l1-1-0.dll |
__setusermatherr
ceilf |
api-ms-win-crt-heap-l1-1-0.dll |
free
malloc _callnewh _set_new_mode |
api-ms-win-crt-environment-l1-1-0.dll |
_wdupenv_s
_wputenv_s |
api-ms-win-crt-filesystem-l1-1-0.dll |
_lock_file
_unlock_file |
api-ms-win-crt-locale-l1-1-0.dll |
_configthreadlocale
___lc_codepage_func |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.0.0.0 |
ProductVersion | 1.0.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Developer Tools |
FileDescription | Adobe Integration Management Utility - System configuration tool |
FileVersion (#2) | 1.0.0.0 |
InternalName | DirtyAdobePatch.exe |
LegalCopyright | Copyright (C) 2023 |
OriginalFilename | DirtyAdobePatch.exe |
ProductName | Adobe Integration Manager |
ProductVersion (#2) | 1.0.0.0 |
Comments | This utility configures system settings for Adobe products. |
LegalTrademarks | This program follows Windows application development best practices. |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2025-Apr-02 08:59:56 |
Version | 0.0 |
SizeofData | 800 |
AddressOfRawData | 0x3633c |
PointerToRawData | 0x3533c |
Size | 0x140 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x14003b040 |
XOR Key | 0x8b539f66 |
---|---|
Unmarked objects | 0 |
Imports (VS2008 SP1 build 30729) | 16 |
ASM objects (34321) | 4 |
C objects (34321) | 10 |
C++ objects (34321) | 33 |
Imports (34321) | 6 |
Imports (30795) | 5 |
Total imports | 247 |
C++ objects (34618) | 1 |
Resource objects (34618) | 1 |
Linker (34618) | 1 |