File name:

Photoshop_Set-Up.exe

Full analysis: https://app.any.run/tasks/d179749b-24cb-4d62-8fae-944c32e24476
Verdict: Malicious activity
Analysis date: December 11, 2021, 22:56:26
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

10F0B1014B4EEE016B19CB573DE58926

SHA1:

BD95556BD6258C2F185F2B725BFFEAD32FEE0076

SHA256:

32E3BD85CB8166DB1FF1F5C9E0D0BA6604FEB7C0EED009541D4998DF813A36C9

SSDEEP:

49152:+qmy6gSCuaUoCOpbw3n0ocq4DGSdYTLHryG6HzhgtredQWFOPJSe:g2Fu3oCOcn07dtArylLMl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Application launched itself

      • Photoshop_Set-Up.exe (PID: 3768)

    • Checks supported languages

      • Photoshop_Set-Up.exe (PID: 3768)
      • Photoshop_Set-Up.exe (PID: 3228)

    • Reads the computer name

      • Photoshop_Set-Up.exe (PID: 3768)
      • Photoshop_Set-Up.exe (PID: 3228)

    • Changes IE settings (feature browser emulation)

      • Photoshop_Set-Up.exe (PID: 3768)

    • Reads Microsoft Outlook installation path

      • Photoshop_Set-Up.exe (PID: 3768)

    • Reads internet explorer settings

      • Photoshop_Set-Up.exe (PID: 3768)

    • Reads Environment values

      • Photoshop_Set-Up.exe (PID: 3768)

  • INFO

    • Reads settings of System Certificates

      • Photoshop_Set-Up.exe (PID: 3768)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (76)
.exe | Win32 Executable (generic) (12.6)
.exe | Generic Win/DOS Executable (5.6)
.exe | DOS Executable Generic (5.6)

EXIF

EXE

ProductVersion: 5.3.5.13
ProductName: Adobe Installer
OriginalFileName: Adobe Installer
LegalCopyright: © 2015-2020 Adobe. All rights reserved.
InternalName: Adobe Installer
FileVersion: 5.3.5.13
FileDescription: Adobe Installer
CompanyName: Adobe Inc.
CharacterSet: Unicode
LanguageCode: English (U.S.)
FileSubtype: -
ObjectFileType: Dynamic link library
FileOS: Windows NT 32-bit
FileFlags: (none)
FileFlagsMask: 0x003f
ProductVersionNumber: 5.3.5.13
FileVersionNumber: 5.3.5.13
Subsystem: Windows GUI
SubsystemVersion: 5.1
ImageVersion: -
OSVersion: 5.1
EntryPoint: 0x51c9c0
UninitializedDataSize: 3284992
InitializedDataSize: 45056
CodeSize: 2072576
LinkerVersion: 14.23
PEType: PE32
TimeStamp: 2020:10:30 04:14:41+01:00
MachineType: Intel 386 or later, and compatibles

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 30-Oct-2020 03:14:41
Detected languages:
  • English - United States
CompanyName: Adobe Inc.
FileDescription: Adobe Installer
FileVersion: 5.3.5.13
InternalName: Adobe Installer
LegalCopyright: © 2015-2020 Adobe. All rights reserved.
OriginalFilename: Adobe Installer
ProductName: Adobe Installer
ProductVersion: 5.3.5.13

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x00000138

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 3
Time date stamp: 30-Oct-2020 03:14:41
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
UPX0
0x00001000
0x00322000
0x00000000
IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0
UPX1
0x00323000
0x001FA000
0x001F9E00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
7.89739
.rsrc
0x0051D000
0x0000B000
0x0000B000
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
3.75479

Resources

Title
Entropy
Size
Codepage
Language
Type
1
5.13585
1821
UNKNOWN
English - United States
RT_MANIFEST
2
2.65863
2440
UNKNOWN
English - United States
RT_ICON
3
2.56438
4264
UNKNOWN
English - United States
RT_ICON
4
2.49896
9640
UNKNOWN
English - United States
RT_ICON
5
2.42592
16936
UNKNOWN
English - United States
RT_ICON
6
7.66157
3727
UNKNOWN
English - United States
RT_ICON
101
2.79371
90
UNKNOWN
English - United States
RT_GROUP_ICON
102
7.42379
837
UNKNOWN
English - United States
PNG
103
7.52337
1533
UNKNOWN
English - United States
PNG
104
7.62056
3081
UNKNOWN
English - United States
PNG

Imports

KERNEL32.DLL
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start photoshop_set-up.exe photoshop_set-up.exe

Process information

PID
CMD
Path
Indicators
Parent process
3228"C:\Users\admin\AppData\Local\Temp\Photoshop_Set-Up.exe" --pipename={79636F5F-F29E-4D51-AAD0-E583EDA1D7E8} --pid=3768 --locale=en_USC:\Users\admin\AppData\Local\Temp\Photoshop_Set-Up.exe
Photoshop_Set-Up.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
HIGH
Description:
Adobe Installer
Exit code:
0
Version:
5.3.5.13
Modules
Images
c:\users\admin\appdata\local\temp\photoshop_set-up.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
3768"C:\Users\admin\AppData\Local\Temp\Photoshop_Set-Up.exe" C:\Users\admin\AppData\Local\Temp\Photoshop_Set-Up.exe
Explorer.EXE
User:
admin
Company:
Adobe Inc.
Integrity Level:
MEDIUM
Description:
Adobe Installer
Exit code:
0
Version:
5.3.5.13
Modules
Images
c:\users\admin\appdata\local\temp\photoshop_set-up.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
4 660
Read events
4 632
Write events
28
Delete events
0

Modification events

(PID) Process:(3768) Photoshop_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
Operation:writeName:Photoshop_Set-Up.exe
Value:
11001
(PID) Process:(3768) Photoshop_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3768) Photoshop_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3768) Photoshop_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3768) Photoshop_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3768) Photoshop_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3768) Photoshop_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3768) Photoshop_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3768) Photoshop_Set-Up.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3768) Photoshop_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
Photoshop_Set-Up.exe
Executable files
0
Suspicious files
2
Text files
42
Unknown types
5

Dropped files

PID
Process
Filename
Type
3768Photoshop_Set-Up.exeC:\Users\admin\AppData\Local\Adobe\OOBE\temp_ins_lbs_widtext
MD5:
SHA256:
3768Photoshop_Set-Up.exeC:\Users\admin\AppData\Local\Adobe\OOBE\temp_lbs_widtext
MD5:
SHA256:
3768Photoshop_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{109AADB3-0530-4C10-AD46-6C141016840F}\lib\jquery.custom-scrollbar.min.jstext
MD5:AB3ADF4AFF09A1C562A29DB05795C8AB
SHA256:D05E193674C6FC31DE0503CBC0B152600F22689AD7AD72ADB35FCC7C25D4B01B
3768Photoshop_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{109AADB3-0530-4C10-AD46-6C141016840F}\js\mainController.jstext
MD5:51BDCC0E7D53C59FF20FF2F6E276E321
SHA256:EC5B0CEDE51F5FD48C341CD27D42433BB9A2ADB04836433FEE5A90B101E4B1B2
3768Photoshop_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{109AADB3-0530-4C10-AD46-6C141016840F}\lib\angular.min.jstext
MD5:3BE66F7F7B86956BC5E5ABD64CADF924
SHA256:B1A45F28AED77E38FB5FF62393F6C6573C6BEA7F6089E83ED5E2E1FA025A6B2E
3768Photoshop_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{109AADB3-0530-4C10-AD46-6C141016840F}\js\utils.jstext
MD5:11671543588B007E7BE2AF6C784CB8AC
SHA256:BC354F2E25FE40AE21745C51B06D8F34643E238EE67FB94F5CD59C9B56AC17F5
3768Photoshop_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{109AADB3-0530-4C10-AD46-6C141016840F}\lib\IE8\angular.min.jstext
MD5:2064E68A3817059E5560DD83C5419422
SHA256:98126704568532E8B3FB771CE6F5F44AE6A24FBF53D61CD7792E23A75971ABC6
3768Photoshop_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{109AADB3-0530-4C10-AD46-6C141016840F}\lib\IE8\jquery.min.jstext
MD5:E1288116312E4728F98923C79B034B67
SHA256:BA6EDA7945AB8D7E57B34CC5A3DD292FA2E4C60A5CED79236ECF1A9E0F0C2D32
3768Photoshop_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{109AADB3-0530-4C10-AD46-6C141016840F}\main.htmlhtml
MD5:A501355E23582CBC6C8C2835FE076F52
SHA256:4BE92DEE71936C52319D441434992895818586ACAB859000341AF74D0175AB54
3768Photoshop_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{109AADB3-0530-4C10-AD46-6C141016840F}\js\overlayController.jstext
MD5:B610650C4D826B14C225CFBECA89B8C1
SHA256:79D00458B49A02ACEE141B53DCF026AA1302AB6B48A745B57E1215BD3B20501C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
30
DNS requests
5
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3768
Photoshop_Set-Up.exe
52.31.218.129:443
cc-api-data.adobe.io
Amazon.com, Inc.
IE
suspicious
3228
Photoshop_Set-Up.exe
52.31.218.129:443
cc-api-data.adobe.io
Amazon.com, Inc.
IE
suspicious
3768
Photoshop_Set-Up.exe
52.49.247.4:443
ims-prod07.adobelogin.com
Amazon.com, Inc.
IE
suspicious
3768
Photoshop_Set-Up.exe
13.32.104.2:443
cdn-ffc.oobesaas.adobe.com
Amazon.com, Inc.
US
unknown
3768
Photoshop_Set-Up.exe
52.88.16.175:443
na1e-acc.services.adobe.com
Amazon.com, Inc.
US
unknown
52.31.218.129:443
cc-api-data.adobe.io
Amazon.com, Inc.
IE
suspicious

DNS requests

Domain
IP
Reputation
na1e-acc.services.adobe.com
  • 52.88.16.175
  • 54.185.232.95
  • 100.21.4.94
  • 100.20.82.5
  • 35.163.20.132
  • 35.85.100.78
  • 34.208.37.222
  • 54.191.223.93
whitelisted
cc-api-data.adobe.io
  • 52.31.218.129
  • 34.252.184.159
  • 52.48.8.54
whitelisted
ims-prod07.adobelogin.com
  • 52.49.247.4
  • 52.49.135.40
  • 34.241.90.61
  • 52.215.90.46
  • 54.76.24.33
  • 54.171.23.128
whitelisted
cdn-ffc.oobesaas.adobe.com
  • 13.32.104.2
  • 13.32.104.13
  • 13.32.104.21
  • 13.32.104.17
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Photoshop_Set-Up.exe