File name:

Acrobat_Keygen.exe

Full analysis: https://app.any.run/tasks/09f08af1-49c0-49a8-97f3-a2b0419c9c3e
Verdict: Malicious activity
Analysis date: March 24, 2025, 23:44:03
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
MD5:

4C91FD071034E8F7D0F7DD307E801BD3

SHA1:

5FF5C3A4E48DEDB29ED098AAA6F7042FCBA6486E

SHA256:

DCBBB8FAEF5BE39428BD3FFE6C1A4A98DA43C23DF3A88C5DFC9C42A40AF6B8C4

SSDEEP:

24576:Tio28wtGBthBV357gB1LMaKcdpOdaH7rRcu+jZ5KaFknes:TiFtGBthBV357gB1LMfcdpOdaH7rRcuH

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • NetDisabler.exe (PID: 7632)
      • NetDisabler.exe (PID: 7728)

  • SUSPICIOUS

    • Application launched itself

      • Acrobat_Keygen.exe (PID: 7568)

    • Executable content was dropped or overwritten

      • Acrobat_Keygen.exe (PID: 7568)

    • Reads security settings of Internet Explorer

      • Acrobat_Keygen.exe (PID: 7596)
      • Acrobat_Keygen.exe (PID: 7812)

    • Executing commands from ".cmd" file

      • Acrobat_Keygen.exe (PID: 7812)

    • Starts CMD.EXE for commands execution

      • Acrobat_Keygen.exe (PID: 7812)

    • There is functionality for taking screenshot (YARA)

      • Acrobat_Keygen.exe (PID: 7812)
      • Acrobat_Keygen.exe (PID: 7568)

  • INFO

    • Checks supported languages

      • Acrobat_Keygen.exe (PID: 7568)
      • Acrobat_Keygen.exe (PID: 7596)
      • NetDisabler.exe (PID: 7728)
      • Acrobat_Keygen.exe (PID: 7812)

    • The sample compiled with english language support

      • Acrobat_Keygen.exe (PID: 7568)

    • Reads the computer name

      • Acrobat_Keygen.exe (PID: 7596)
      • NetDisabler.exe (PID: 7728)
      • Acrobat_Keygen.exe (PID: 7812)

    • Create files in a temporary directory

      • Acrobat_Keygen.exe (PID: 7568)
      • NetDisabler.exe (PID: 7728)

    • Process checks computer location settings

      • Acrobat_Keygen.exe (PID: 7596)
      • Acrobat_Keygen.exe (PID: 7812)

    • Reads mouse settings

      • NetDisabler.exe (PID: 7728)

    • Checks proxy server information

      • slui.exe (PID: 4776)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:05:17 10:54:24+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 78336
InitializedDataSize: 55808
UninitializedDataSize: -
EntryPoint: 0x1383f
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: TEAM XFORCE
FileDescription: Adobe Keygen
InternalName: Keygen
LegalCopyright: X-FORCE 2015 SMOKING THE COMPETITION
OriginalFileName: keygen.exe
PrivateBuild: June 29, 2015
ProductName: Keygen
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
134
Monitored processes
8
Malicious processes
1
Suspicious processes
3

Behavior graph

Click at the process to see the details
start acrobat_keygen.exe acrobat_keygen.exe no specs netdisabler.exe no specs netdisabler.exe acrobat_keygen.exe no specs cmd.exe no specs conhost.exe no specs slui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
4776C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
7568"C:\Users\admin\Desktop\Acrobat_Keygen.exe" C:\Users\admin\Desktop\Acrobat_Keygen.exe
explorer.exe
User:
admin
Company:
TEAM XFORCE
Integrity Level:
MEDIUM
Description:
Adobe Keygen
Modules
Images
c:\users\admin\desktop\acrobat_keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
7596"C:\Users\admin\Desktop\Acrobat_Keygen.exe" -sfxwaitall:0 "NetDisabler.exe" /DC:\Users\admin\Desktop\Acrobat_Keygen.exeAcrobat_Keygen.exe
User:
admin
Company:
TEAM XFORCE
Integrity Level:
MEDIUM
Description:
Adobe Keygen
Exit code:
0
Modules
Images
c:\users\admin\desktop\acrobat_keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
7632"C:\Users\admin\AppData\Local\Temp\AcrobatKeygen\NetDisabler.exe" /DC:\Users\admin\AppData\Local\Temp\AcrobatKeygen\NetDisabler.exeAcrobat_Keygen.exe
User:
admin
Company:
www.sordum.org
Integrity Level:
MEDIUM
Description:
Net Disabler
Exit code:
3221226540
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\acrobatkeygen\netdisabler.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
7728"C:\Users\admin\AppData\Local\Temp\AcrobatKeygen\NetDisabler.exe" /DC:\Users\admin\AppData\Local\Temp\AcrobatKeygen\NetDisabler.exe
Acrobat_Keygen.exe
User:
admin
Company:
www.sordum.org
Integrity Level:
HIGH
Description:
Net Disabler
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\acrobatkeygen\netdisabler.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\psapi.dll
7812"C:\Users\admin\Desktop\Acrobat_Keygen.exe" -sfxwaitall:0 "CheckDisabler.cmd" C:\Users\admin\Desktop\Acrobat_Keygen.exeAcrobat_Keygen.exe
User:
admin
Company:
TEAM XFORCE
Integrity Level:
MEDIUM
Description:
Adobe Keygen
Modules
Images
c:\users\admin\desktop\acrobat_keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
7880C:\WINDOWS\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\AcrobatKeygen\CheckDisabler.cmd" "C:\Windows\SysWOW64\cmd.exeAcrobat_Keygen.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
7888\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
1 496
Read events
1 496
Write events
0
Delete events
0

Modification events

No data
Executable files
2
Suspicious files
1
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
7568Acrobat_Keygen.exeC:\Users\admin\AppData\Local\Temp\AcrobatKeygen\NetDisabler.exeexecutable
MD5:3032A3A5EA3A7F16124DFD8A85562AA1
SHA256:9E5AE53145637ABD7B3992DE092EB389614CC2710C4CD01EE0CFD60D8BA104D5
7568Acrobat_Keygen.exeC:\Users\admin\AppData\Local\Temp\AcrobatKeygen\CheckDisabler.cmdtext
MD5:BCC6ABF6D0CC156AEEA63C138ACC1F26
SHA256:CA9A9FF0E37E159BB47020EAA48421F9CE7C6532A1D147038BB1B0F1CCB19197
7728NetDisabler.exeC:\Users\admin\AppData\Local\Temp\autC526.tmpbinary
MD5:6014E202B7E6A357BAADAD3F03ED3367
SHA256:603D14D15F4967E2F5C3D54596D12AF82F2D13C56D5864E667083ED2669BE393
7568Acrobat_Keygen.exeC:\Users\admin\AppData\Local\Temp\AcrobatKeygen\Keygen.exeexecutable
MD5:EB5F4D94D12C511D7BFE8608652ADB6A
SHA256:B50816ECC6EC849FCB0ED0677C8A6B1F0867A74638679BCAFC4F63DCC5B2E1EF
7728NetDisabler.exeC:\Users\admin\AppData\Local\Temp\hztxhxctext
MD5:DCAEA61547D2810E843C46B17DAC5A80
SHA256:FFC1F55AA2BDA254088E642B40BC1EB414E4857523BB3E36794E7F6FCCF2F80F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
13
DNS requests
4
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
192.168.100.255:137
whitelisted
2104
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6148
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
google.com
  • 142.250.186.174
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Acrobat_Keygen.exe