File name:

Illustrator_Set-Up.exe

Full analysis: https://app.any.run/tasks/bb921bb3-0190-4266-ad98-12e85d41e5bd
Verdict: Malicious activity
Analysis date: February 14, 2024, 19:01:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

72C200FAC125978E326F7FB3F62BCC7E

SHA1:

8C132CD38CDF7B39741739B6E83E68CA68524962

SHA256:

230BDF5ECCB4A0377EF7DADA98F2533996CB176C0A3BA54DA85E712449ADA829

SSDEEP:

98304:iTIUnGf1F/uxcIFbI6L88CdL9i9miV9qA0ROGmfY4bXoVoxX9/AIfbxiw7m+BaYq:yb7fRF4

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Illustrator_Set-Up.exe (PID: 3288)

  • SUSPICIOUS

    • Changes Internet Explorer settings (feature browser emulation)

      • Illustrator_Set-Up.exe (PID: 3288)

    • Reads Microsoft Outlook installation path

      • Illustrator_Set-Up.exe (PID: 3288)

    • Reads security settings of Internet Explorer

      • Illustrator_Set-Up.exe (PID: 3288)

    • Reads the Internet Settings

      • Illustrator_Set-Up.exe (PID: 3288)

    • Reads settings of System Certificates

      • Illustrator_Set-Up.exe (PID: 3288)

    • Reads Internet Explorer settings

      • Illustrator_Set-Up.exe (PID: 3288)

  • INFO

    • Reads the computer name

      • Illustrator_Set-Up.exe (PID: 3288)

    • Checks proxy server information

      • Illustrator_Set-Up.exe (PID: 3288)

    • Reads the machine GUID from the registry

      • Illustrator_Set-Up.exe (PID: 3288)

    • Create files in a temporary directory

      • Illustrator_Set-Up.exe (PID: 3288)

    • Reads CPU info

      • Illustrator_Set-Up.exe (PID: 3288)

    • Creates files or folders in the user directory

      • Illustrator_Set-Up.exe (PID: 3288)

    • Process checks whether UAC notifications are on

      • Illustrator_Set-Up.exe (PID: 3288)

    • Checks supported languages

      • Illustrator_Set-Up.exe (PID: 3288)

    • Reads the software policy settings

      • Illustrator_Set-Up.exe (PID: 3288)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (43.5)
.exe | Win32 EXE Yoda's Crypter (42.7)
.exe | Win32 Executable (generic) (7.2)
.exe | Generic Win/DOS Executable (3.2)
.exe | DOS Executable Generic (3.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:01:22 07:25:40+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.33
CodeSize: 3104768
InitializedDataSize: 45056
UninitializedDataSize: 7090176
EntryPoint: 0x9b9290
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 2.12.0.23
ProductVersionNumber: 2.12.0.23
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Adobe Inc.
FileDescription: Adobe Installer
FileVersion: 2.12.0.23
InternalName: Adobe Installer
LegalCopyright: © 2015-2023 Adobe. All rights reserved.
OriginalFileName: Adobe Installer
ProductName: Adobe Installer
ProductVersion: 2.12.0.23
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start illustrator_set-up.exe

Process information

PID
CMD
Path
Indicators
Parent process
3288"C:\Users\admin\AppData\Local\Temp\Illustrator_Set-Up.exe" C:\Users\admin\AppData\Local\Temp\Illustrator_Set-Up.exe
explorer.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
MEDIUM
Description:
Adobe Installer
Exit code:
0
Version:
2.12.0.23
Modules
Images
c:\users\admin\appdata\local\temp\illustrator_set-up.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\shlwapi.dll
Total events
7 060
Read events
7 032
Write events
26
Delete events
2

Modification events

(PID) Process:(3288) Illustrator_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
Operation:writeName:Illustrator_Set-Up.exe
Value:
11001
(PID) Process:(3288) Illustrator_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3288) Illustrator_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3288) Illustrator_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3288) Illustrator_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3288) Illustrator_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3288) Illustrator_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3288) Illustrator_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3288) Illustrator_Set-Up.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3288) Illustrator_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry
Operation:delete valueName:AddToFavoritesInitialSelection
Value:
Executable files
0
Suspicious files
7
Text files
5
Unknown types
0

Dropped files

PID
Process
Filename
Type
3288Illustrator_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\meta_events\979515dc-0f27-4c26-99b6-3ed2b66cbf73
MD5:
SHA256:
3288Illustrator_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\anon_events\080db2fd-216d-40d5-b98d-c2e8c4858ad5
MD5:
SHA256:
3288Illustrator_Set-Up.exeC:\Users\admin\AppData\Local\Temp\CreativeCloud\ACC\WAM.logtext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
3288Illustrator_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{B5658BCF-D0B0-45CB-A9D4-1B7A60766BA4}\index.htmlhtml
MD5:A28AB17B18FF254173DFEEF03245EFD0
SHA256:886C0AB69E6E9D9D5B5909451640EA587ACCFCDF11B8369CAD8542D1626AC375
3288Illustrator_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\meta_events\manifestbinary
MD5:45971D4E3A47775BB5A7260BB5EA3C36
SHA256:81C611F35BFF79491538B2F7CF201C7597A661A5C549633541C62BDC8AF1613F
3288Illustrator_Set-Up.exeC:\Users\admin\AppData\Local\Temp\datF0BA.tmpwoff
MD5:D070306A9062178AFDFA98FCC06D2525
SHA256:8F5CCDFD3DA9185D4AD262EC386EBB64B3EB6C0521EC5BD1662CEC04E1E0F895
3288Illustrator_Set-Up.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\anon_events\manifestbinary
MD5:45971D4E3A47775BB5A7260BB5EA3C36
SHA256:81C611F35BFF79491538B2F7CF201C7597A661A5C549633541C62BDC8AF1613F
3288Illustrator_Set-Up.exeC:\Users\admin\AppData\Local\Temp\datF0A9.tmpwoff
MD5:FA794EC12D353C26805FF53821331FC2
SHA256:CFDBD8A2AA463C11E483DC10C480ACD274E9786632F5571A3970E8A20A2D8237
3288Illustrator_Set-Up.exeC:\Users\admin\AppData\Local\Adobe\OOBE\temp_lbs_widtext
MD5:E27A5B35A625221809414EC0C174332F
SHA256:C2FF8E1C2060EF871F88F19D7368C872EA22999C728ED386F76E3FCC2EB3905B
3288Illustrator_Set-Up.exeC:\Users\admin\AppData\Local\Temp\datF0EB.tmpbinary
MD5:DFCE51814CF6D2F42375F948602CD99D
SHA256:7A8A945586A1D21D2922CB4AED9E28D872129F6C396AC69F47EF3E32EA972BA0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
6
DNS requests
2
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3288
Illustrator_Set-Up.exe
34.250.67.152:443
cc-api-data.adobe.io
AMAZON-02
IE
unknown

DNS requests

Domain
IP
Reputation
cc-api-data.adobe.io
  • 34.250.67.152
  • 54.194.243.238
  • 54.195.71.107
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Illustrator_Set-Up.exe