File name:

Acrobat_DC_Set-Up.exe

Full analysis: https://app.any.run/tasks/5b82e779-a778-4520-88ee-d723a1b709ed
Verdict: Malicious activity
Analysis date: April 22, 2024, 16:05:37
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

7CFC97081D2E1690E33BEAABBCC981B5

SHA1:

F0821984D8BF9216FC84D57CF30F721B4A835B97

SHA256:

6695034736A0B45393F42BB1CD9E8BA29DA65E34398E794C4646C28290FA704A

SSDEEP:

98304:QPjn8BOUyWD5MIoHuDypFE0n71ZjdzZCxdCzfJZEa4ouGVxqG2y6PxySpsnn5IG0:Xc7Tek2l

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Acrobat_DC_Set-Up.exe (PID: 1288)

  • SUSPICIOUS

    • Reads Internet Explorer settings

      • Acrobat_DC_Set-Up.exe (PID: 1288)

    • Reads the Internet Settings

      • Acrobat_DC_Set-Up.exe (PID: 1288)

    • Changes Internet Explorer settings (feature browser emulation)

      • Acrobat_DC_Set-Up.exe (PID: 1288)

    • Reads security settings of Internet Explorer

      • Acrobat_DC_Set-Up.exe (PID: 1288)

    • Reads settings of System Certificates

      • Acrobat_DC_Set-Up.exe (PID: 1288)

    • Reads Microsoft Outlook installation path

      • Acrobat_DC_Set-Up.exe (PID: 1288)

    • Checks Windows Trust Settings

      • Acrobat_DC_Set-Up.exe (PID: 1288)

  • INFO

    • Creates files or folders in the user directory

      • Acrobat_DC_Set-Up.exe (PID: 1288)

    • Checks supported languages

      • Acrobat_DC_Set-Up.exe (PID: 1288)

    • Create files in a temporary directory

      • Acrobat_DC_Set-Up.exe (PID: 1288)

    • Reads the computer name

      • Acrobat_DC_Set-Up.exe (PID: 1288)

    • Checks proxy server information

      • Acrobat_DC_Set-Up.exe (PID: 1288)

    • Reads the machine GUID from the registry

      • Acrobat_DC_Set-Up.exe (PID: 1288)

    • Reads the software policy settings

      • Acrobat_DC_Set-Up.exe (PID: 1288)

    • Process checks whether UAC notifications are on

      • Acrobat_DC_Set-Up.exe (PID: 1288)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (43.5)
.exe | Win32 EXE Yoda's Crypter (42.7)
.exe | Win32 Executable (generic) (7.2)
.exe | Generic Win/DOS Executable (3.2)
.exe | DOS Executable Generic (3.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:02:25 13:14:52+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 2473984
InitializedDataSize: 45056
UninitializedDataSize: 5513216
EntryPoint: 0x79e300
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 2.8.0.27
ProductVersionNumber: 2.8.0.27
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Adobe Inc.
FileDescription: Adobe Installer
FileVersion: 2.8.0.27
InternalName: Adobe Installer
LegalCopyright: © 2015-2022 Adobe. All rights reserved.
OriginalFileName: Adobe Installer
ProductName: Adobe Installer
ProductVersion: 2.8.0.27
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start acrobat_dc_set-up.exe

Process information

PID
CMD
Path
Indicators
Parent process
1288"C:\Users\admin\Desktop\Acrobat_DC_Set-Up.exe" C:\Users\admin\Desktop\Acrobat_DC_Set-Up.exe
explorer.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
MEDIUM
Description:
Adobe Installer
Version:
2.8.0.27
Modules
Images
c:\users\admin\desktop\acrobat_dc_set-up.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\shlwapi.dll
Total events
5 248
Read events
5 194
Write events
45
Delete events
9

Modification events

(PID) Process:(1288) Acrobat_DC_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
Operation:writeName:Acrobat_DC_Set-Up.exe
Value:
11001
(PID) Process:(1288) Acrobat_DC_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(1288) Acrobat_DC_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(1288) Acrobat_DC_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(1288) Acrobat_DC_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(1288) Acrobat_DC_Set-Up.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1288) Acrobat_DC_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1288) Acrobat_DC_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1288) Acrobat_DC_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1288) Acrobat_DC_Set-Up.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
Executable files
0
Suspicious files
8
Text files
7
Unknown types
0

Dropped files

PID
Process
Filename
Type
1288Acrobat_DC_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{6505525D-B54A-4E20-969E-0B7C8ECE15E1}\CCDInstaller.jsbinary
MD5:E0D3FDDE65B5542E7CFECA5FA07C3CB1
SHA256:F84E252E3F8BCF34253BE54BD72C82E98FAD4B8FBCAC6990238DA47E11467CC2
1288Acrobat_DC_Set-Up.exeC:\Users\admin\AppData\Local\Adobe\OOBE\temp_ins_lbs_widtext
MD5:C027EB39BF04279DF87D3F949D55FCC2
SHA256:CF617366DF3B6D5024D7F024EA2C790593E0622D25C4FEE46543E639807C2E3A
1288Acrobat_DC_Set-Up.exeC:\Users\admin\AppData\Local\Adobe\OOBE\temp_lbs_widtext
MD5:37475C06CD2BF9663CE17D22A5C9AE80
SHA256:BB475954F45C3668CC2101AB9A32F2AA349F0A3EFF0759F581BA70EFAD7CD11C
1288Acrobat_DC_Set-Up.exeC:\Users\admin\AppData\Local\Temp\CreativeCloud\ACC\WAM.logtext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
1288Acrobat_DC_Set-Up.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:15902CC1F1B399B44EC559C1252A2C6C
SHA256:3D12D50E4FCCF7F3035B1AE1642EA815582360076BBE5EA2614E73D11FC5DD57
1288Acrobat_DC_Set-Up.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\AdobeMessagingClient[1].csstext
MD5:3E49ABD556BF0FAAA6D165FE66146E90
SHA256:D09069AC9ED675C69FF5C159CDA6F444A94085A1623F2AB91D6F4FB9F71E8879
1288Acrobat_DC_Set-Up.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419binary
MD5:A0ED526EDDF5BBC11F57C04C17401DD2
SHA256:33DD78998560675E75BF8510D607FFD6EAA0CF3C61E6F5A86E3237A9637FBD3D
1288Acrobat_DC_Set-Up.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419der
MD5:E26E412EF27E1C977AA1DB4F508DAA82
SHA256:3FE9E12A7965758D85585D733D5C820B79174A89F437A33C7FEF21425A383DE6
1288Acrobat_DC_Set-Up.exeC:\Users\admin\AppData\Local\Temp\{6505525D-B54A-4E20-969E-0B7C8ECE15E1}\index.csstext
MD5:1C5D8CBF5D0D0790A45317628C5E1B36
SHA256:1303C2F08DAE2975895E6141A05C0A6FCC27703BBACB068FAEF12521CBE00C4D
1288Acrobat_DC_Set-Up.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\AdobeMessagingClient[1].jstext
MD5:401A085DAF469075D7D14659F7D3CE0E
SHA256:E3FFA71CD501F9A1352A1CD7C5653ABB51538D47826FF18FD628361153DD73DB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
17
DNS requests
6
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1288
Acrobat_DC_Set-Up.exe
GET
304
173.222.108.226:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33ca79a06d57897b
unknown
unknown
1288
Acrobat_DC_Set-Up.exe
GET
304
173.222.108.226:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?660031763c018c98
unknown
unknown
1080
svchost.exe
GET
200
217.20.57.19:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?663a78a3b1d15987
unknown
unknown
1080
svchost.exe
GET
304
217.20.57.19:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0351668c06fee42b
unknown
unknown
1288
Acrobat_DC_Set-Up.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
1288
Acrobat_DC_Set-Up.exe
34.250.67.152:443
cc-api-data.adobe.io
AMAZON-02
IE
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
1288
Acrobat_DC_Set-Up.exe
52.36.43.249:443
na1e-acc.services.adobe.com
AMAZON-02
US
unknown
1288
Acrobat_DC_Set-Up.exe
18.65.39.68:443
client.messaging.adobe.com
AMAZON-02
US
unknown
1288
Acrobat_DC_Set-Up.exe
173.222.108.226:80
ctldl.windowsupdate.com
Akamai International B.V.
CH
unknown
1288
Acrobat_DC_Set-Up.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1080
svchost.exe
217.20.57.19:80
ctldl.windowsupdate.com
US
unknown

DNS requests

Domain
IP
Reputation
cc-api-data.adobe.io
  • 34.250.67.152
  • 54.195.71.107
  • 54.194.243.238
whitelisted
na1e-acc.services.adobe.com
  • 52.36.43.249
  • 35.160.190.124
  • 54.148.12.174
  • 35.162.64.27
  • 52.10.158.81
  • 52.41.92.77
whitelisted
client.messaging.adobe.com
  • 18.65.39.68
  • 18.65.39.58
  • 18.65.39.7
  • 18.65.39.31
whitelisted
ctldl.windowsupdate.com
  • 173.222.108.226
  • 173.222.108.210
  • 217.20.57.19
  • 217.20.57.35
  • 217.20.57.37
  • 217.20.57.36
  • 217.20.57.21
  • 217.20.57.42
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Acrobat_DC_Set-Up.exe