File name: | adobe_photoshop_2022_234_mac_os_x.exe |
Full analysis: | https://app.any.run/tasks/4fc1b9ab-fb15-4c4a-a833-9576f9b99650 |
Verdict: | Malicious activity |
Analysis date: | March 31, 2023, 21:16:01 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
MD5: | 1A5962C8775965C66035B96AAED2F25F |
SHA1: | 25CA6501A07DEC9341F45A9A33A00E26AB370C1B |
SHA256: | 8861E56ACB22A7131E3A61952020E6AA52CC78B1F670953071109F6388539125 |
SSDEEP: | 98304:7v6W8zntQwyUgOlHpKjcCAYSmOppy3Olar:76ftKKlHpUChgr |
.exe | | | Win64 Executable (generic) (49.4) |
---|---|---|
.scr | | | Windows screen saver (23.4) |
.dll | | | Win32 Dynamic Link Library (generic) (11.7) |
.exe | | | Win32 Executable (generic) (8) |
.exe | | | Generic Win/DOS Executable (3.5) |
AssemblyVersion: | 1.5.1.6476 |
---|---|
ProductName: | InstallCapital |
OriginalFileName: | GenericSetup.exe |
LegalTrademarks: | - |
LegalCopyright: | Copyright © Adaware 2023 |
InternalName: | IC001.exe |
FileDescription: | Software Installation |
CompanyName: | IC001 |
Comments: | - |
ProductVersion: | 6.95.1.0 |
FileVersion: | 1.5.1.6476 |
CharacterSet: | Unicode |
LanguageCode: | Neutral |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Windows NT 32-bit |
FileFlags: | (none) |
FileFlagsMask: | 0x003f |
ProductVersionNumber: | 6.95.1.0 |
FileVersionNumber: | 1.5.1.6476 |
Subsystem: | Windows GUI |
SubsystemVersion: | 4 |
ImageVersion: | - |
OSVersion: | 4 |
EntryPoint: | 0x3e9a0e |
UninitializedDataSize: | - |
InitializedDataSize: | 3584 |
CodeSize: | 4094976 |
LinkerVersion: | 6 |
PEType: | PE32 |
ImageFileCharacteristics: | Executable, No line numbers, No symbols, 32-bit |
TimeStamp: | 2023:01:19 21:21:38+00:00 |
MachineType: | Intel 386 or later, and compatibles |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2368 | "C:\Users\admin\AppData\Local\Temp\adobe_photoshop_2022_234_mac_os_x.exe" | C:\Users\admin\AppData\Local\Temp\adobe_photoshop_2022_234_mac_os_x.exe | explorer.exe | ||||||||||||
User: admin Company: IC001 Integrity Level: MEDIUM Description: Software Installation Exit code: 3762504530 Version: 1.5.1.6476 Modules
| |||||||||||||||
2724 | "C:\Users\admin\AppData\Local\Temp\adobe_photoshop_2022_234_mac_os_x.exe" huac hpp=QzpcVXNlcnNcYWRtaW5cQXBwRGF0YVxMb2NhbFxUZW1wXGFkb2JlX3Bob3Rvc2hvcF8yMDIyXzIzNF9tYWNfb3NfeC5leGU= | C:\Users\admin\AppData\Local\Temp\adobe_photoshop_2022_234_mac_os_x.exe | adobe_photoshop_2022_234_mac_os_x.exe | ||||||||||||
User: admin Company: IC001 Integrity Level: HIGH Description: Software Installation Exit code: 0 Version: 1.5.1.6476 Modules
| |||||||||||||||
2740 | "saBSI.exe" /affid 91212 PaidDistribution=true InstallID=76d7c3e0-7997-4aae-9925-f595be7a34e1 subID=JB | C:\Users\admin\AppData\Local\Temp\adobe_photoshop_2022_234_mac_os_x.exe_1680300974\saBSI.exe | adobe_photoshop_2022_234_mac_os_x.exe | ||||||||||||
User: admin Company: McAfee, LLC Integrity Level: HIGH Description: McAfee WebAdvisor(bootstrap installer) Exit code: 4294967295 Version: 4,1,1,663 Modules
| |||||||||||||||
1872 | "C:\Users\admin\Downloads\kodi-20.0-Nexus_rc2-x64.exe" | C:\Users\admin\Downloads\kodi-20.0-Nexus_rc2-x64.exe | adobe_photoshop_2022_234_mac_os_x.exe | ||||||||||||
User: admin Company: XBMC Foundation Integrity Level: HIGH Description: Kodi 19.90.905.0 Setup Exit code: 2 Version: 19.90.905.0 Modules
|
(PID) Process: | (2368) adobe_photoshop_2022_234_mac_os_x.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 | |||
(PID) Process: | (2368) adobe_photoshop_2022_234_mac_os_x.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | IntranetName |
Value: 1 | |||
(PID) Process: | (2368) adobe_photoshop_2022_234_mac_os_x.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 1 | |||
(PID) Process: | (2368) adobe_photoshop_2022_234_mac_os_x.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 0 | |||
(PID) Process: | (2368) adobe_photoshop_2022_234_mac_os_x.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (2724) adobe_photoshop_2022_234_mac_os_x.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 | |||
(PID) Process: | (2724) adobe_photoshop_2022_234_mac_os_x.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | IntranetName |
Value: 1 | |||
(PID) Process: | (2724) adobe_photoshop_2022_234_mac_os_x.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 1 | |||
(PID) Process: | (2724) adobe_photoshop_2022_234_mac_os_x.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 0 | |||
(PID) Process: | (2724) adobe_photoshop_2022_234_mac_os_x.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US |
PID | Process | Filename | Type | |
---|---|---|---|---|
2368 | adobe_photoshop_2022_234_mac_os_x.exe | C:\Users\admin\AppData\Local\Temp\3dba2b032e844ea98475f6258ce8bb25\sciter32.dll | executable | |
MD5:B431083586E39D018E19880AD1A5CE8F | SHA256:B525FDCC32C5A359A7F5738A30EFF0C6390734D8A2C987C62E14C619F99D406B | |||
2368 | adobe_photoshop_2022_234_mac_os_x.exe | C:\Users\admin\AppData\Local\IC001\adobe_photoshop_2022_234__Url_r30kpen5joe55zehkaky51uluwlvtvfx\1.5.1.6476\csqaurxh.newcfg | xml | |
MD5:C76D70D8440A273C2B2A2764F33323B8 | SHA256:8F6658DFB498D9BC831670DFFD055D850D327A2DEFD82E1F24416316B037135D | |||
2368 | adobe_photoshop_2022_234_mac_os_x.exe | C:\Users\admin\AppData\Local\IC001\adobe_photoshop_2022_234__Url_r30kpen5joe55zehkaky51uluwlvtvfx\1.5.1.6476\user.config | xml | |
MD5:C76D70D8440A273C2B2A2764F33323B8 | SHA256:8F6658DFB498D9BC831670DFFD055D850D327A2DEFD82E1F24416316B037135D | |||
2368 | adobe_photoshop_2022_234_mac_os_x.exe | C:\Users\admin\AppData\Local\Temp\3dba2b032e844ea98475f6258ce8bb25\ServiceHide.Net.dll | executable | |
MD5:0B036CE556E8C7C403948068D810F32A | SHA256:FC9BF8465906F8F9C979D976BD833D403AF1C0D3000AD555420347794E6C4A4D | |||
2724 | adobe_photoshop_2022_234_mac_os_x.exe | C:\Users\admin\AppData\Local\Temp\adobe_photoshop_2022_234_mac_os_x.exe_1680300974\Resources\DownloadFolderPage.html | html | |
MD5:9DEA08DCA124C9CA58A082E62220ABEE | SHA256:00724E06138C68EB7AB40CDF3275CC7DB45698F10A98AC8C78B5F6582393F64C | |||
2724 | adobe_photoshop_2022_234_mac_os_x.exe | C:\Users\admin\AppData\Local\IC001\adobe_photoshop_2022_234__Url_r30kpen5joe55zehkaky51uluwlvtvfx\1.5.1.6476\hsrufirj.newcfg | xml | |
MD5:C76D70D8440A273C2B2A2764F33323B8 | SHA256:8F6658DFB498D9BC831670DFFD055D850D327A2DEFD82E1F24416316B037135D | |||
2724 | adobe_photoshop_2022_234_mac_os_x.exe | C:\Users\admin\AppData\Local\IC001\adobe_photoshop_2022_234__Url_r30kpen5joe55zehkaky51uluwlvtvfx\1.5.1.6476\user.config | xml | |
MD5:C76D70D8440A273C2B2A2764F33323B8 | SHA256:8F6658DFB498D9BC831670DFFD055D850D327A2DEFD82E1F24416316B037135D | |||
2368 | adobe_photoshop_2022_234_mac_os_x.exe | C:\Users\admin\AppData\Local\Temp\3dba2b032e844ea98475f6258ce8bb25\msvcp140.dll | executable | |
MD5:8FF1898897F3F4391803C7253366A87B | SHA256:51398691FEEF7AE0A876B523AEC47C4A06D9A1EE62F1A0AEE27DE6D6191C68AD | |||
2724 | adobe_photoshop_2022_234_mac_os_x.exe | C:\Users\admin\AppData\Local\Temp\adobe_photoshop_2022_234_mac_os_x.exe_1680300974\app.ico | image | |
MD5:4003EFA6E7D44E2CBD3D7486E2E0451A | SHA256:EFFD42C5E471EA3792F12538BF7C982A5CDA4D25BFBFFAF51EED7E09035F4508 | |||
2724 | adobe_photoshop_2022_234_mac_os_x.exe | C:\Users\admin\AppData\Local\Temp\adobe_photoshop_2022_234_mac_os_x.exe_1680300974\Resources\images\warning48x48.png | image | |
MD5:D3361CF0D689A1B34D84F483D60BA9C9 | SHA256:56739925AADA73F9489F9A6B72BFAAA92892B27D20F4D221380BA3EAE17F1442 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2724 | adobe_photoshop_2022_234_mac_os_x.exe | HEAD | 200 | 104.18.212.25:80 | http://webcompanion.com/nano_download.php?partner=IT200301 | unknown | — | — | malicious |
2724 | adobe_photoshop_2022_234_mac_os_x.exe | GET | 200 | 209.197.3.8:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?133020b60f3eaa92 | US | compressed | 61.1 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2724 | adobe_photoshop_2022_234_mac_os_x.exe | 104.18.212.25:80 | webcompanion.com | CLOUDFLARENET | — | malicious |
2724 | adobe_photoshop_2022_234_mac_os_x.exe | 104.18.67.73:443 | h2oapi.adaware.com | CLOUDFLARENET | — | malicious |
2724 | adobe_photoshop_2022_234_mac_os_x.exe | 104.18.68.73:443 | h2oapi.adaware.com | CLOUDFLARENET | — | malicious |
2368 | adobe_photoshop_2022_234_mac_os_x.exe | 104.18.68.73:443 | h2oapi.adaware.com | CLOUDFLARENET | — | malicious |
2724 | adobe_photoshop_2022_234_mac_os_x.exe | 104.17.9.52:443 | flow.lavasoft.com | CLOUDFLARENET | — | shared |
2724 | adobe_photoshop_2022_234_mac_os_x.exe | 172.67.189.175:443 | walliant.com | CLOUDFLARENET | US | malicious |
— | — | 209.197.3.8:80 | ctldl.windowsupdate.com | STACKPATH-CDN | US | whitelisted |
2740 | saBSI.exe | 35.166.221.252:443 | apis.mosaic.analytics.awscommon.mcafee.com | AMAZON-02 | US | unknown |
2740 | saBSI.exe | 104.208.16.0:443 | cu1pehnswad01.servicebus.windows.net | MICROSOFT-CORP-MSN-AS-BLOCK | US | unknown |
2724 | adobe_photoshop_2022_234_mac_os_x.exe | 185.31.172.243:443 | kodi.mirror.liteserver.nl | The Infrastructure Group B.V. | NL | unknown |
Domain | IP | Reputation |
---|---|---|
h2oapi.adaware.com |
| malicious |
www.google.com |
| whitelisted |
flow.lavasoft.com |
| whitelisted |
sos.adaware.com |
| whitelisted |
webcompanion.com |
| malicious |
walliant.com |
| malicious |
sdl.adaware.com |
| whitelisted |
kodi.mirror.liteserver.nl |
| unknown |
ctldl.windowsupdate.com |
| whitelisted |
cu1pehnswad01.servicebus.windows.net |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
2740 | saBSI.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
2740 | saBSI.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
Process | Message |
---|---|
adobe_photoshop_2022_234_mac_os_x.exe | Error: File not found - genericsetup.wrappers.sciter:console.tis
|
adobe_photoshop_2022_234_mac_os_x.exe | at sciter:init-script.tis
|
adobe_photoshop_2022_234_mac_os_x.exe | |
adobe_photoshop_2022_234_mac_os_x.exe | |
adobe_photoshop_2022_234_mac_os_x.exe | file:resources/tis/TranslateOfferTemplate.tis(82) : warning :'async' does not contain any 'await'
|
adobe_photoshop_2022_234_mac_os_x.exe | Error: File not found - genericsetup.wrappers.sciter:console.tis
|
adobe_photoshop_2022_234_mac_os_x.exe | at sciter:init-script.tis
|
adobe_photoshop_2022_234_mac_os_x.exe | |
adobe_photoshop_2022_234_mac_os_x.exe | |
adobe_photoshop_2022_234_mac_os_x.exe | file:resources/tis/TranslateOfferTemplate.tis(82) : warning :'async' does not contain any 'await'
|