File name:

Adobe App.exe

Full analysis: https://app.any.run/tasks/17b6a8bf-9762-4fc1-a8cb-39a2ef92ab2d
Verdict: Malicious activity
Analysis date: September 25, 2023, 15:59:52
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

41927B52317A361A0CA8D0AD8E87E7A8

SHA1:

54EC4076272782B209916BBF4B7DCE003A45FCE4

SHA256:

478EAA97D848DDFFE854285B5E661F30B8A9ABB96BBE8FABAA236CDAE6E9B13F

SSDEEP:

49152:odWYPac45TExljXrGGCzCWaUtqMbi6m9NGmVRD1sBA+wm+InK2vEo58WH0Mpjkz:odWjAxljXiGCGW9tbbQVRp9xm+yKtW8T

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads the Internet Settings

      • Adobe App.exe (PID: 124)

    • Reads Microsoft Outlook installation path

      • Adobe App.exe (PID: 124)

    • Reads Internet Explorer settings

      • Adobe App.exe (PID: 124)

  • INFO

    • Reads CPU info

      • Adobe App.exe (PID: 124)

    • Checks supported languages

      • Adobe App.exe (PID: 124)

    • Creates files or folders in the user directory

      • Adobe App.exe (PID: 124)

    • Reads the computer name

      • Adobe App.exe (PID: 124)

    • Reads the machine GUID from the registry

      • Adobe App.exe (PID: 124)

    • Create files in a temporary directory

      • Adobe App.exe (PID: 124)

    • Process checks are UAC notifies on

      • Adobe App.exe (PID: 124)

    • Checks proxy server information

      • Adobe App.exe (PID: 124)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (43.5)
.exe | Win32 EXE Yoda's Crypter (42.7)
.exe | Win32 Executable (generic) (7.2)
.exe | Generic Win/DOS Executable (3.2)
.exe | DOS Executable Generic (3.2)

EXIF

EXE

ProductVersion: 2.12.0.17
ProductName: Adobe Installer
OriginalFileName: Adobe Installer
LegalCopyright: © 2015-2023 Adobe. All rights reserved.
InternalName: Adobe Installer
FileVersion: 2.12.0.17
FileDescription: Adobe Installer
CompanyName: Adobe Inc.
CharacterSet: Unicode
LanguageCode: English (U.S.)
FileSubtype: -
ObjectFileType: Dynamic link library
FileOS: Windows NT 32-bit
FileFlags: (none)
FileFlagsMask: 0x003f
ProductVersionNumber: 2.12.0.17
FileVersionNumber: 2.12.0.17
Subsystem: Windows GUI
SubsystemVersion: 5.1
ImageVersion: -
OSVersion: 5.1
EntryPoint: 0x946b10
UninitializedDataSize: 6750208
InitializedDataSize: 45056
CodeSize: 2973696
LinkerVersion: 14.33
PEType: PE32
ImageFileCharacteristics: Executable, 32-bit
TimeStamp: 2023:07:24 06:57:28+00:00
MachineType: Intel 386 or later, and compatibles
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start adobe app.exe

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Users\admin\AppData\Local\Temp\Adobe App.exe" C:\Users\admin\AppData\Local\Temp\Adobe App.exe
explorer.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
MEDIUM
Description:
Adobe Installer
Exit code:
0
Version:
2.12.0.17
Modules
Images
c:\users\admin\appdata\local\temp\adobe app.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
641
Read events
631
Write events
10
Delete events
0

Modification events

(PID) Process:(124) Adobe App.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(124) Adobe App.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(124) Adobe App.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(124) Adobe App.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(124) Adobe App.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(124) Adobe App.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
0
Suspicious files
7
Text files
5
Unknown types
0

Dropped files

PID
Process
Filename
Type
124Adobe App.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\meta_events\20ed1fab-91db-4df4-8f69-1982cd3f84f0
MD5:
SHA256:
124Adobe App.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\anon_events\003537ca-dda8-41cb-9bd0-10b0d7a00e09
MD5:
SHA256:
124Adobe App.exeC:\Users\admin\AppData\Local\Adobe\OOBE\temp_lbs_widtext
MD5:9472805C8A274624F832E66C7FFE8C5D
SHA256:52C53C3BD630B65D3DDCA9E7016121647528BDE536EF4F72C237249695FA3778
124Adobe App.exeC:\Users\admin\AppData\Local\Temp\dat83CD.tmpbinary
MD5:FA794EC12D353C26805FF53821331FC2
SHA256:CFDBD8A2AA463C11E483DC10C480ACD274E9786632F5571A3970E8A20A2D8237
124Adobe App.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\meta_events\manifestbinary
MD5:335ECF8B087703C67A4831976CDD382C
SHA256:A0C08679CC6D6592ABCE004BB4CEC199AECDE68678E9B9A634C01DA37D58A7DD
124Adobe App.exeC:\Users\admin\AppData\Local\Temp\Adobe\com.adobe.dunamis\dunamis-2023-09-25_16-00-04.logtext
MD5:4E0CC1AD30B5435E853FB5550657692C
SHA256:654888635AAB5CFA1D9EAA6915970C41B8104B32C8BDB4DE0C0D24C2130A7B3C
124Adobe App.exeC:\Users\admin\AppData\Roaming\com.adobe.dunamis\f65a88c9-12b3-4201-a633-87cf11b91fa8\v1\0\anon_events\manifestbinary
MD5:335ECF8B087703C67A4831976CDD382C
SHA256:A0C08679CC6D6592ABCE004BB4CEC199AECDE68678E9B9A634C01DA37D58A7DD
124Adobe App.exeC:\Users\admin\AppData\Local\Temp\dat83FE.tmpbinary
MD5:E204643042591AEEC2043C5EAE255099
SHA256:7F58F56A7A353F8FC78EC2757394A7C7F28165E6BBF2A37D6A6E48E845874F3E
124Adobe App.exeC:\Users\admin\AppData\Local\Temp\CreativeCloud\ACC\WAM.logtext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
124Adobe App.exeC:\Users\admin\AppData\Local\Temp\{A9179A1B-5FB7-4C88-9137-935923E0437B}\index.htmlhtml
MD5:A28AB17B18FF254173DFEEF03245EFD0
SHA256:886C0AB69E6E9D9D5B5909451640EA587ACCFCDF11B8369CAD8542D1626AC375
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3284
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
124
Adobe App.exe
52.48.126.58:443
cc-api-data.adobe.io
AMAZON-02
IE
unknown

DNS requests

Domain
IP
Reputation
cc-api-data.adobe.io
  • 52.48.126.58
  • 54.228.247.11
  • 34.246.54.182
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Adobe App.exe