Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2020-Jun-20 13:39:22 |
Detected languages |
English - United States
|
Debug artifacts |
Set-up.pdb
|
CompanyName | Adobe Inc. |
FileDescription | Adobe Installer |
FileVersion | 5.2.0.436 |
InternalName | Adobe Installer |
LegalCopyright | © 2020 Adobe. All rights reserved. |
OriginalFilename | Adobe Installer |
ProductName | Adobe Installer |
ProductVersion | 5.2.0.436 |
Info | Matching compiler(s): |
Microsoft Visual C++ v6.0 DLL
Microsoft Visual C++ 6.0 - 8.0 MASM/TASM - sig2(h) |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Looks for Qemu presence:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA1 Uses constants related to SHA256 Uses constants related to SHA512 Uses known Mersenne Twister constants Microsoft's Cryptography API |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Malicious | The PE's digital signature is invalid. |
Signer: Adobe Inc.
Issuer: DigiCert EV Code Signing CA (SHA2) The file was modified after it was signed. |
Safe | VirusTotal score: 0/69 (Scanned on 2022-07-11 22:06:24) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x138 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2020-Jun-20 13:39:22 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x36ac00 |
SizeOfInitializedData | 0x3d9e00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x002C9BEB (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x36c000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x749000 |
SizeOfHeaders | 0x400 |
Checksum | 0x74f159 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
COMCTL32.dll |
InitCommonControlsEx
|
---|---|
SHLWAPI.dll |
PathRemoveBackslashW
PathIsNetworkPathW PathIsUNCW PathStripPathW UrlIsW SHGetValueW UrlEscapeW PathFindFileNameW PathRemoveFileSpecW PathRemoveExtensionW PathFileExistsW PathAddExtensionW PathIsFileSpecW PathAppendW PathIsDirectoryW PathRenameExtensionW PathIsSystemFolderW PathFileExistsA PathIsRelativeW PathIsRootW PathAddBackslashW PathStripToRootW |
SHELL32.dll |
SHGetKnownFolderPath
#51 ShellExecuteW ShellExecuteExW SHGetSpecialFolderLocation SHCreateDirectoryExW SHGetSpecialFolderPathW #680 SHGetMalloc SHGetFolderLocation SHGetPathFromIDListW SHGetFolderPathW CommandLineToArgvW SHBrowseForFolderW |
KERNEL32.dll |
FindNextFileW
WaitForMultipleObjects CreateFileW CreateEventW SetEvent ResetEvent GetOverlappedResult ReadDirectoryChangesW MultiByteToWideChar WideCharToMultiByte GetFileSizeEx FindClose GetFileAttributesW SetFileAttributesW DeleteFileW GetLocalTime GetTimeFormatW GetDateFormatW GetCurrentProcess DeviceIoControl GetTempPathW GetVersionExW GetComputerNameExW FileTimeToSystemTime GetNativeSystemInfo RaiseException LoadLibraryW GetProcAddress CreateProcessW GetModuleHandleW FreeLibrary InitializeCriticalSectionEx DecodePointer MulDiv GetModuleFileNameW TerminateProcess RemoveDirectoryW OpenProcess CreateToolhelp32Snapshot Sleep Process32NextW Process32FirstW CopyFileW GetExitCodeProcess ReadFile SetLastError lstrlenW LocalAlloc GetDiskFreeSpaceExW GetCurrentDirectoryW SetCurrentDirectoryW MoveFileExW GetFileSize lstrcpyW lstrcmpiW lstrcmpW GetDriveTypeW GetFullPathNameW HeapSize HeapReAlloc HeapDestroy GlobalAlloc GlobalLock GlobalUnlock GetSystemDirectoryW SetDllDirectoryW GetStdHandle AttachConsole FreeConsole GetConsoleWindow AreFileApisANSI TryEnterCriticalSection HeapCreate WriteFile GetDiskFreeSpaceW OutputDebugStringA LockFile SetFilePointer LeaveCriticalSection SetEndOfFile UnlockFileEx UnmapViewOfFile HeapValidate GetTempPathA GetDiskFreeSpaceA GetFileAttributesA GetFileAttributesExW OutputDebugStringW FlushViewOfFile CreateFileA LoadLibraryA WaitForSingleObjectEx GetVersionExA DeleteFileA GetSystemInfo HeapCompact UnlockFile CreateFileMappingA LockFileEx SystemTimeToFileTime GetSystemTimeAsFileTime GetSystemTime FormatMessageA CreateFileMappingW MapViewOfFile QueryPerformanceCounter GetTickCount FlushFileBuffers SizeofResource LockResource LoadResource FindResourceW GlobalFree VerSetConditionMask FindFirstFileW GetUserDefaultLCID LCMapStringW DuplicateHandle ProcessIdToSessionId TerminateThread CreateThread FindResourceExW GetThreadTimes QueryFullProcessImageNameW GetUserDefaultLangID GetUserDefaultUILanguage SetNamedPipeHandleState CreateNamedPipeW ConnectNamedPipe CreateDirectoryW SetFileTime LocalFileTimeToFileTime DosDateTimeToFileTime GetFileTime ReleaseSemaphore OpenSemaphoreW CreateSemaphoreW GetTimeZoneInformation QueryPerformanceFrequency GetCurrentThread SetFilePointerEx ResumeThread EnterCriticalSection SetUnhandledExceptionFilter UnhandledExceptionFilter GetLocaleInfoW CompareStringW GetCPInfo EncodePointer TlsFree TlsSetValue TlsGetValue TlsAlloc InitializeCriticalSectionAndSpinCount GetStringTypeW SwitchToThread GetModuleHandleExW QueueUserWorkItem IsProcessorFeaturePresent LoadLibraryExA VirtualQuery VirtualProtect GetCurrentProcessId GetCurrentThreadId OpenMutexW CloseHandle ReleaseMutex WaitForSingleObject CreateMutexW GetProcessHeap HeapAlloc HeapFree LocalFree GetLastError FormatMessageW InitializeSListHead IsDebuggerPresent GetStartupInfoW InterlockedPopEntrySList InterlockedPushEntrySList FlushInstructionCache VirtualAlloc VirtualFree CreateTimerQueue SignalObjectAndWait SetThreadPriority GetThreadPriority GetLogicalProcessorInformation CreateTimerQueueTimer ChangeTimerQueueTimer DeleteTimerQueueTimer GetNumaHighestNodeNumber GetProcessAffinityMask SetThreadAffinityMask RegisterWaitForSingleObject UnregisterWait FreeLibraryAndExitThread DeleteCriticalSection GetModuleHandleA LoadLibraryExW InterlockedFlushSList QueryDepthSList UnregisterWaitEx RtlUnwind ExitThread GetFileInformationByHandle GetFileType PeekNamedPipe SystemTimeToTzSpecificLocalTime SetStdHandle WriteConsoleW ExitProcess GetConsoleCP GetConsoleMode IsValidLocale EnumSystemLocalesW ReadConsoleW FindFirstFileExW IsValidCodePage GetACP VerifyVersionInfoW GetOEMCP GetCommandLineA GetCommandLineW GetEnvironmentStringsW FreeEnvironmentStringsW InitializeCriticalSection SetEnvironmentVariableW GetFullPathNameA |
USER32.dll |
CharNextW
BringWindowToTop TranslateAcceleratorW GetClassNameW SetCapture GetDlgItem GetParent RegisterWindowMessageW GetForegroundWindow GetSysColor AttachThreadInput IsChild DestroyAcceleratorTable ClientToScreen RedrawWindow InvalidateRgn IsWindow SetWindowTextW ScreenToClient FillRect GetFocus GetWindow ReleaseCapture SetForegroundWindow InvalidateRect IsIconic BeginPaint EndPaint GetWindowTextW GetSystemMetrics GetWindowLongW GetMessageW DefWindowProcW CreateAcceleratorTableW DestroyWindow SetWindowPos CreateWindowExW SendMessageW MoveWindow SetFocus CallWindowProcW GetWindowTextLengthW GetWindowThreadProcessId wsprintfW PostThreadMessageW RegisterClassExW GetActiveWindow DispatchMessageW TranslateMessage LoadCursorW SetWindowLongW PostQuitMessage GetDesktopWindow GetClassInfoExW GetDC MessageBoxW ShowWindow GetAsyncKeyState ReleaseDC PostMessageW UnregisterClassW GetClientRect EnumWindows GetShellWindow AllowSetForegroundWindow LoadImageW SystemParametersInfoW EnableMenuItem LoadIconW GetSystemMenu GetClassLongW AppendMenuW SetClassLongW GetWindowRect |
GDI32.dll |
CreateCompatibleDC
GetStockObject GetDeviceCaps GetObjectW DeleteObject CreateSolidBrush DeleteDC SelectObject CreateCompatibleBitmap BitBlt |
ADVAPI32.dll |
LookupAccountSidW
SetEntriesInAclW SetNamedSecurityInfoW GetNamedSecurityInfoW CreateWellKnownSid LookupPrivilegeValueW AdjustTokenPrivileges OpenProcessToken RegFlushKey RegCloseKey RegDeleteKeyExW RegCreateKeyExW RegSetValueExW RegOpenKeyExW RegEnumValueW EqualSid InitializeSecurityDescriptor FreeSid AllocateAndInitializeSid SetSecurityDescriptorDacl DuplicateTokenEx ConvertSidToStringSidW ImpersonateLoggedOnUser ConvertStringSidToSidW RevertToSelf CryptReleaseContext CryptGetHashParam CryptDestroyHash CryptHashData CryptCreateHash CryptAcquireContextW RegQueryValueExW CredDeleteW CredFree CredEnumerateW CredReadW CredWriteW GetUserNameW GetTokenInformation |
ole32.dll |
CoCreateGuid
CoAddRefServerProcess OleRun CoUninitialize CoInitialize CLSIDFromString CreateStreamOnHGlobal CLSIDFromProgID CoGetClassObject CoCreateInstance StringFromGUID2 OleInitialize OleUninitialize OleLockRunning CoTaskMemAlloc CoTaskMemFree CoReleaseServerProcess |
OLEAUT32.dll |
VariantChangeType
SysAllocStringLen SysStringLen SysFreeString VariantInit SysAllocString OleCreateFontIndirect LoadTypeLib LoadRegTypeLib SysAllocStringByteLen VariantCopy SysStringByteLen DispCallFunc GetErrorInfo VariantClear |
bcrypt.dll |
BCryptCloseAlgorithmProvider
BCryptVerifySignature BCryptGenerateSymmetricKey BCryptSetProperty BCryptDecrypt BCryptDestroyKey BCryptEncrypt BCryptDestroyHash BCryptOpenAlgorithmProvider BCryptCreateHash BCryptHashData BCryptFinishHash BCryptGetProperty |
CRYPT32.dll |
CertGetNameStringW
CertGetIssuerCertificateFromStore CryptProtectData CryptUnprotectData CryptStringToBinaryW CertOpenStore CertFindCertificateInStore CertFreeCertificateContext CertCreateCertificateContext CryptHashCertificate2 CryptImportPublicKeyInfoEx2 CertCloseStore CertAddCertificateContextToStore CertVerifySubjectCertificateContext |
Secur32.dll |
GetUserNameExW
|
WINTRUST.dll |
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain WinVerifyTrust WTHelperGetProvSignerFromChain |
WININET.dll (delay-loaded) |
InternetCanonicalizeUrlW
|
Attributes | 0x1 |
---|---|
Name | WININET.dll |
ModuleHandle | 0x470ab0 |
DelayImportAddressTable | 0x470a84 |
DelayImportNameTable | 0x44b3d8 |
BoundDelayImportTable | 0x44b684 |
UnloadDelayImportTable | 0 |
TimeStamp | 1970-Jan-01 00:00:00 |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 5.2.0.436 |
ProductVersion | 5.2.0.436 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language | English - United States |
CompanyName | Adobe Inc. |
FileDescription | Adobe Installer |
FileVersion (#2) | 5.2.0.436 |
InternalName | Adobe Installer |
LegalCopyright | © 2020 Adobe. All rights reserved. |
OriginalFilename | Adobe Installer |
ProductName | Adobe Installer |
ProductVersion (#2) | 5.2.0.436 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Jun-20 13:39:22 |
Version | 0.0 |
SizeofData | 35 |
AddressOfRawData | 0x4199a0 |
PointerToRawData | 0x4189a0 |
Referenced File | Set-up.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Jun-20 13:39:22 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x4199c4 |
PointerToRawData | 0x4189c4 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Jun-20 13:39:22 |
Version | 0.0 |
SizeofData | 1092 |
AddressOfRawData | 0x4199d8 |
PointerToRawData | 0x4189d8 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Jun-20 13:39:22 |
Version | 0.0 |
SizeofData | 0 |
AddressOfRawData | 0 |
PointerToRawData | 0 |
StartAddressOfRawData | 0x819e2c |
---|---|
EndAddressOfRawData | 0x819e34 |
AddressOfIndex | 0x8744fc |
AddressOfCallbacks | 0x7701f0 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0xa4 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x84f060 |
SEHandlerTable | 0x817f50 |
SEHandlerCount | 1684 |
XOR Key | 0x927e7a78 |
---|---|
Unmarked objects | 0 |
ASM objects (VS2017 v14.15 compiler 26715) | 21 |
C++ objects (VS2017 v14.15 compiler 26715) | 221 |
199 (41118) | 1 |
C objects (VS2019 Update 2 (16.2) compiler 27905) | 19 |
ASM objects (VS2019 Update 2 (16.2) compiler 27905) | 25 |
C++ objects (VS2019 Update 2 (16.2) compiler 27905) | 167 |
C objects (VS2017 v14.15 compiler 26715) | 39 |
C++ objects (28106) | 24 |
C objects (VS2015 UPD1 build 23506) | 1 |
C++ objects (VS2015 UPD1 build 23506) | 8 |
C objects (CVTCIL) (VS2017 v14.15 compiler 26715) | 2 |
Imports (VS2017 v14.15 compiler 26715) | 35 |
Total imports | 565 |
C++ objects (LTCG) (28106) | 331 |
Resource objects (28106) | 1 |
151 | 1 |
Linker (28106) | 1 |