File name: | be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe |
Full analysis: | https://app.any.run/tasks/06830c6f-3fdc-45c9-a4be-354643587b52 |
Verdict: | Malicious activity |
Analysis date: | January 17, 2020, 15:07:07 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed |
MD5: | 0337938D5CBBA3D67171358772CCCB35 |
SHA1: | 5C322FD4E9F9AF10C0620564864AAACB093494B4 |
SHA256: | BE32FBB2E5A8DE370E0CB9EB28EBFE4263D01F83C8848B933609E0D537BA1C0B |
SSDEEP: | 24576:HQNpuPoio8bRrrEGLANOK2ob/aKHI/KMwskVn3n+z6cfXSYUPZ0xAM4lG:HQNpufraNN2ODmkJm6chmg |
.exe | | | Win32 EXE PECompact compressed (v2.x) (51) |
---|---|---|
.exe | | | Win32 EXE PECompact compressed (generic) (35.9) |
.dll | | | Win32 Dynamic Link Library (generic) (5.6) |
.exe | | | Win32 Executable (generic) (3.8) |
.exe | | | Generic Win/DOS Executable (1.7) |
ProductVersion: | 3.0.0.463s |
---|---|
ProductName: | Adobe Download Manager |
OriginalFileName: | Adobe Download Manager |
LegalCopyright: | Copyright 2019 Adobe Inc. All rights reserved. |
InternalName: | Adobe Download Manager |
FileVersion: | 3.0.0.463s |
FileDescription: | Adobe Download Manager |
CompanyName: | Adobe Inc |
CharacterSet: | Unicode |
LanguageCode: | English (U.S.) |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Windows NT 32-bit |
FileFlags: | (none) |
FileFlagsMask: | 0x003f |
ProductVersionNumber: | 3.0.0.463 |
FileVersionNumber: | 3.0.0.463 |
Subsystem: | Windows GUI |
SubsystemVersion: | 5.1 |
ImageVersion: | - |
OSVersion: | 5.1 |
EntryPoint: | 0x1000 |
UninitializedDataSize: | - |
InitializedDataSize: | 2689536 |
CodeSize: | 2132992 |
LinkerVersion: | 11 |
PEType: | PE32 |
TimeStamp: | 2019:11:28 07:41:20+01:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 28-Nov-2019 06:41:20 |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000120 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 3 |
Time date stamp: | 28-Nov-2019 06:41:20 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x004A3000 | 0x0012FE00 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 7.99985 |
.rsrc | 0x004A4000 | 0x0000D000 | 0x0000C800 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.71263 |
.reloc | 0x004B1000 | 0x00000200 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.195869 |
ADVAPI32.dll |
COMCTL32.dll |
GDI32.dll |
OLEAUT32.dll |
SHELL32.dll |
SHLWAPI.dll |
USERENV.dll |
gdiplus.dll |
kernel32.dll |
ole32.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2828 | "C:\Users\admin\AppData\Local\Temp\be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe" | C:\Users\admin\AppData\Local\Temp\be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe | explorer.exe | |
User: admin Company: Adobe Inc Integrity Level: MEDIUM Description: Adobe Download Manager Exit code: 0 Version: 3.0.0.463s | ||||
1024 | "C:\Users\admin\AppData\Local\Temp\be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe" --pipename={4BB73A2D-186F-4F3E-98C4-1C54363DF903} --type=web --pid=2828 | C:\Users\admin\AppData\Local\Temp\be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe | be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe | |
User: admin Company: Adobe Inc Integrity Level: HIGH Description: Adobe Download Manager Exit code: 0 Version: 3.0.0.463s | ||||
584 | "C:\Users\admin\AppData\Local\Adobe\636B6A04-02EF-44F8-AD9D-55A7A5D81DA4\8F7FF70D-FF39-4D7B-8899-07A56BD77CF7\7DEC7718-5583-47BC-9EBA-416C64101B74" -install -iv 8 | C:\Users\admin\AppData\Local\Adobe\636B6A04-02EF-44F8-AD9D-55A7A5D81DA4\8F7FF70D-FF39-4D7B-8899-07A56BD77CF7\7DEC7718-5583-47BC-9EBA-416C64101B74 | be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe | |
User: admin Company: Adobe Integrity Level: HIGH Description: Adobe® Flash® Player Installer/Uninstaller 32.0 r0* Exit code: 0 Version: 32,0,0,314 | ||||
3376 | C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe -uninstall | C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe | — | 7DEC7718-5583-47BC-9EBA-416C64101B74 |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
2424 | "C:\Windows\system32\cmd.exe" /c del "C:\Users\admin\AppData\Local\Adobe\636B6A04-02EF-44F8-AD9D-55A7A5D81DA4\8F7FF70D-FF39-4D7B-8899-07A56BD77CF7\7DEC7718-5583-47BC-9EBA-416C64101B74" >> NUL | C:\Windows\system32\cmd.exe | — | 7DEC7718-5583-47BC-9EBA-416C64101B74 |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3956 | "C:\Windows\System32\Macromed\Flash\FlashHelperService.exe" -start | C:\Windows\System32\Macromed\Flash\FlashHelperService.exe | — | be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe |
User: admin Company: 重庆重橙网络科技有限公司 Integrity Level: HIGH Description: Flash Helper Service Exit code: 0 Version: 2.1.0.31 | ||||
1252 | "C:\Windows\System32\Macromed\Flash\FlashHelperService.exe" | C:\Windows\System32\Macromed\Flash\FlashHelperService.exe | services.exe | |
User: SYSTEM Company: 重庆重橙网络科技有限公司 Integrity Level: SYSTEM Description: Flash Helper Service Version: 2.1.0.31 | ||||
2500 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3436 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2500 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
1768 | explorer.exe | C:\Windows\explorer.exe | — | be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2828 | be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\160[1] | html | |
MD5:830D1685522E5F5C61E75AB32D828591 | SHA256:E4BDA931AAFB109E20E2D353ECBFE125671790910529528EE1B1025F41D7A030 | |||
2828 | be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe | C:\Users\admin\AppData\Local\Adobe\636B6A04-02EF-44F8-AD9D-55A7A5D81DA4\warning_icon.png | image | |
MD5:DE6D8A7F831194025F1CCF4B7054E6E5 | SHA256:0E7D5E9CF99C1D02047153D81A3C2A2C30CF8E15122776E0C0A982A036A48091 | |||
2828 | be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe | C:\Users\admin\AppData\Local\Adobe\636B6A04-02EF-44F8-AD9D-55A7A5D81DA4\status_icon_x_100.png | image | |
MD5:342913EB6644E7DFD68DC373DA8778EF | SHA256:70040FB98ADE75A67C7E581417BA14E7ABD8BDDACF18719491915E8984890996 | |||
2828 | be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe | C:\Users\admin\AppData\Local\Temp\Adobe_CDMLogs\Adobe_CDM.log | text | |
MD5:F3B25701FE362EC84616A93A45CE9998 | SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209 | |||
2828 | be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe | C:\Users\admin\AppData\Local\Adobe\636B6A04-02EF-44F8-AD9D-55A7A5D81DA4\status_icon_caution_125.png | image | |
MD5:4A2BF8C96F910B1B2AE63A9F4A0D4B8F | SHA256:0CB2F4EE1C451A8825EB8EDB45858B28345F73423C7A7AEF4168C46F7E3638BF | |||
2828 | be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe | C:\Users\admin\AppData\Local\Adobe\636B6A04-02EF-44F8-AD9D-55A7A5D81DA4\status_icon_caution_150.png | image | |
MD5:CA3872EAE64C5BFD8D41198990B11950 | SHA256:3438623C461F8F141976A931D3C00F6877D07CF4A8B534AF1EF9FDFE8B0C6174 | |||
2828 | be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe | C:\Users\admin\AppData\Local\Adobe\636B6A04-02EF-44F8-AD9D-55A7A5D81DA4\status_icon_caution_100.png | image | |
MD5:56F804DB5509B1CF08BE5C994AFC2322 | SHA256:C4768FC9A84B0D3ECDEEE93820703D769737B992EFD1F0CBE9F7A9D3BBDFA0FB | |||
2828 | be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe | C:\Users\admin\AppData\Local\Adobe\636B6A04-02EF-44F8-AD9D-55A7A5D81DA4\progressbar_darkgray_base_200.png | image | |
MD5:CD614F26DD67507EF8C17E5A3133A45E | SHA256:30558D6E8D8F862D10D1DF81DBB6C54503F3ADE7DD134DC2CE1E3F0AC9C4D0BC | |||
2828 | be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe | C:\Users\admin\AppData\Local\Adobe\636B6A04-02EF-44F8-AD9D-55A7A5D81DA4\status_icon_x_200.png | image | |
MD5:40A32023DBFCCA1A80B69408735E15C2 | SHA256:D5A9BFE6D64F5C09F1DE3DCC74B30520DB5F78BCC6FC1E9A87EB141D9B46EA61 | |||
2828 | be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe | C:\Users\admin\AppData\Local\Adobe\636B6A04-02EF-44F8-AD9D-55A7A5D81DA4\status_icon_check_200.png | image | |
MD5:A0DBCF7418EA80BC290749AE99FC27C8 | SHA256:4B5D76F716F5281F40A54A1B0F59953936172FD1F4198AEACE53799541E84C44 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2828 | be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe | GET | 302 | 52.49.100.189:80 | http://stats.adobe.com/b/ss/adbacdcprod/1/H.25.4/s93741719756191?AQB=1&ndh=1&t=17%2F0%2F2020%2015%3A7%3A55%205%200&ce=UTF-8&ns=adobecorp&pageName=acdc_fp_adm_launched&g=res%3A%2F%2FC%3A%5CUsers%5Cadmin%5CAppData%5CLocal%5CTemp%5Cbe32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe%2F160&ch=acdc_flashplayer&events=event96&products=%3Bflashplayer_adm&c1=adm&c2=acdc%20downloads&c3=get.adobe.com&c4=en_us&c5=en_us%3Aacdc_fp_adm_launched&v18=new&v22=friday%20-%208%3A00am&v73=acdc_flashplayer&s=1280x720&c=32&j=1.5&v=Y&k=N&bw=654&bh=401&ct=lan&hp=N&AQE=1 | IE | — | — | whitelisted |
584 | 7DEC7718-5583-47BC-9EBA-416C64101B74 | GET | 404 | 2.16.186.120:80 | http://fpdownload2.macromedia.com/get/flashplayer/update/current/install/version.xml32.0.0.314~installVector=108&previousVersion=26.0.0.131&pProc=be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe&lang=en&cpuWordLength=32&playerType=ax&os=win&osVer=13&isDebug=0 | unknown | html | 475 b | whitelisted |
2828 | be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe | GET | 200 | 52.49.100.189:80 | http://stats.adobe.com/b/ss/adbacdcprod/1/H.25.4/s93741719756191?AQB=1&pccr=true&vidn=2F10E6E60515C8C7-60000832C248A670&ndh=1&t=17%2F0%2F2020%2015%3A7%3A55%205%200&ce=UTF-8&ns=adobecorp&pageName=acdc_fp_adm_launched&g=res%3A%2F%2FC%3A%5CUsers%5Cadmin%5CAppData%5CLocal%5CTemp%5Cbe32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe%2F160&ch=acdc_flashplayer&events=event96&products=%3Bflashplayer_adm&c1=adm&c2=acdc%20downloads&c3=get.adobe.com&c4=en_us&c5=en_us%3Aacdc_fp_adm_launched&v18=new&v22=friday%20-%208%3A00am&v73=acdc_flashplayer&s=1280x720&c=32&j=1.5&v=Y&k=N&bw=654&bh=401&ct=lan&hp=N&AQE=1 | IE | image | 43 b | whitelisted |
2500 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
2828 | be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe | GET | 200 | 52.49.100.189:80 | http://stats.adobe.com/b/ss/adbacdcprod/1/H.25.4/s93756333179761?AQB=1&ndh=1&t=17%2F0%2F2020%2015%3A9%3A50%205%200&ce=UTF-8&ns=adobecorp&pageName=acdc_fp_adm_success_exitcode%3D0&g=res%3A%2F%2FC%3A%5CUsers%5Cadmin%5CAppData%5CLocal%5CTemp%5Cbe32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe%2F160&ch=acdc_flashplayer&events=event95&products=%3Bflashplayer_adm&c1=adm&c2=acdc%20downloads&c3=get.adobe.com&c4=en_us&c5=en_us%3Aacdc_fp_adm_success_exitcode%3D0&v18=new&v22=friday%20-%208%3A00am&v73=acdc_flashplayer&s=1280x720&c=32&j=1.5&v=Y&k=N&bw=654&bh=401&ct=lan&hp=N&AQE=1 | IE | image | 43 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2828 | be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe | 59.63.238.227:443 | www.flash.cn | CHINANET Jiangx province IDC network | CN | unknown |
2828 | be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe | 140.249.240.232:443 | www.flash.cn | No.31,Jin-rong Street | CN | suspicious |
2828 | be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe | 203.205.224.26:443 | api.flash.cn | Tencent Building, Kejizhongyi Avenue | CN | suspicious |
2828 | be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe | 184.51.8.204:443 | dlmping2.adobe.com | Akamai Technologies, Inc. | US | whitelisted |
2828 | be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe | 52.49.100.189:80 | stats.adobe.com | Amazon.com, Inc. | IE | unknown |
584 | 7DEC7718-5583-47BC-9EBA-416C64101B74 | 104.99.234.17:443 | fpdownload.macromedia.com | Akamai Technologies, Inc. | US | unknown |
584 | 7DEC7718-5583-47BC-9EBA-416C64101B74 | 2.16.186.120:80 | fpdownload2.macromedia.com | Akamai International B.V. | — | whitelisted |
2828 | be32fbb2e5a8de370e0cb9eb28ebfe4263d01f83c8848b933609e0d537ba1c0b.exe | 203.205.224.11:443 | api.flash.cn | Tencent Building, Kejizhongyi Avenue | CN | suspicious |
2500 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3436 | iexplore.exe | 119.167.164.62:443 | static.2144.cn | CHINA UNICOM China169 Backbone | CN | unknown |
Domain | IP | Reputation |
---|---|---|
www.flash.cn |
| whitelisted |
api.flash.cn |
| suspicious |
dlmping2.adobe.com |
| whitelisted |
stats.adobe.com |
| whitelisted |
fpdownload.macromedia.com |
| whitelisted |
fpdownload2.macromedia.com |
| whitelisted |
tongji.flash.cn |
| whitelisted |
www.bing.com |
| whitelisted |
static.2144.cn |
| malicious |
hm.baidu.com |
| whitelisted |