download:

ADE_4.5_Installer.exe

Full analysis: https://app.any.run/tasks/de5d14f0-fc03-45e7-b602-5687d6cc5523
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: February 15, 2019, 10:58:23
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

234D9B45ABC89B827A9A891A4AE1A36A

SHA1:

4CEB926D10D85D24D948157F4DF8A4032BAE1E8D

SHA256:

E1C4CA37E099B726FFD951EAAC651D6A6180BA8063B3577774047DF2F3DF9D9B

SSDEEP:

196608:nrEXIHeqrlYFEpEFNGZV11F/UO2ZgSV7foxR8/WNehOpu6i+7:2I+qr+QEWN7iV7fo8fOpI+7

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • ADE_4.5_Installer.exe (PID: 3096)
      • ADE_4.5_Installer.exe (PID: 3088)
      • DigitalEditions.exe (PID: 2988)

    • Changes the autorun value in the registry

      • SymInstallStub.exe (PID: 2204)

    • Application was dropped or rewritten from another process

      • SymInstallStub.exe (PID: 2204)
      • DigitalEditions.exe (PID: 2988)
      • SymInstallStub.exe (PID: 3480)
      • SymInstallStub.exe (PID: 3528)
      • ADEAutoUpdater_450.exe (PID: 3748)
      • SymInstallStub.exe (PID: 1396)
      • SymInstallStub.exe (PID: 2876)

    • Downloads executable files from the Internet

      • ADE_4.5_Installer.exe (PID: 3088)

    • Loads the Task Scheduler DLL interface

      • SymInstallStub.exe (PID: 2204)
      • ADE_4.5_Installer.exe (PID: 3088)

  • SUSPICIOUS

    • Creates files in the user directory

      • SymInstallStub.exe (PID: 2204)
      • ADE_4.5_Installer.exe (PID: 3088)

    • Creates files in the program directory

      • SymInstallStub.exe (PID: 2204)
      • ADE_4.5_Installer.exe (PID: 3088)

    • Creates files in the Windows directory

      • SymInstallStub.exe (PID: 2204)

    • Modifies the open verb of a shell class

      • ADE_4.5_Installer.exe (PID: 3088)

    • Executable content was dropped or overwritten

      • ADE_4.5_Installer.exe (PID: 3096)
      • ADE_4.5_Installer.exe (PID: 3088)

    • Application launched itself

      • ADE_4.5_Installer.exe (PID: 3096)

    • Reads Internet Cache Settings

      • ADE_4.5_Installer.exe (PID: 3088)
      • DigitalEditions.exe (PID: 2988)

    • Creates a software uninstall entry

      • ADE_4.5_Installer.exe (PID: 3088)

  • INFO

    • Reads settings of System Certificates

      • DigitalEditions.exe (PID: 2988)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:12:11 22:50:45+01:00
PEType: PE32
LinkerVersion: 6
CodeSize: 24576
InitializedDataSize: 118784
UninitializedDataSize: 1024
EntryPoint: 0x32bf
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 4.5.10.0
ProductVersionNumber: 4.5.10.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: ASCII
CompanyName: Adobe Systems Incorporated
Debugger: -
FileDescription: Adobe Digital Editions 4.5.10
FileVersion: 1
InternalName: Adobe Digital Editions 4.5.10
LegalCopyright: © 2006-2018 Adobe Systems Incorporated and its licensors. All rights reserved.
LegalTrademarks: Adobe® Digital Editions
OriginalFileName: DigitalEditions.exe
ProductName: Adobe Digital Editions 4.5.10
ProductVersion: 4.5.10.0

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 11-Dec-2016 21:50:45
Detected languages:
  • English - United States
CompanyName: Adobe Systems Incorporated
Debugger: 0
FileDescription: Adobe Digital Editions 4.5.10
FileVersion: 1.0
InternalName: Adobe Digital Editions 4.5.10
LegalCopyright: © 2006-2018 Adobe Systems Incorporated and its licensors. All rights reserved.
LegalTrademarks: Adobe® Digital Editions
OriginalFilename: DigitalEditions.exe
ProductName: Adobe Digital Editions 4.5.10
ProductVersion: 4.5.10.0

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x000000D8

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 5
Time date stamp: 11-Dec-2016 21:50:45
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_LINE_NUMS_STRIPPED
  • IMAGE_FILE_LOCAL_SYMS_STRIPPED
  • IMAGE_FILE_RELOCS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
0x00001000
0x00005E59
0x00006000
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.42419
.rdata
0x00007000
0x00001246
0x00001400
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
5.0004
.data
0x00009000
0x0001A818
0x00000400
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
5.21193
.ndata
0x00024000
0x0000C000
0x00000000
IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0
.rsrc
0x00030000
0x00009CE8
0x00009E00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
5.93039

Resources

Title
Entropy
Size
Codepage
Language
Type
1
5.29934
830
UNKNOWN
English - United States
RT_MANIFEST
2
4.44842
9640
UNKNOWN
English - United States
RT_ICON
3
4.79013
4264
UNKNOWN
English - United States
RT_ICON
4
5.17999
1128
UNKNOWN
English - United States
RT_ICON
103
2.44608
62
UNKNOWN
English - United States
RT_GROUP_ICON
104
2.6935
316
UNKNOWN
English - United States
RT_DIALOG
105
2.66174
256
UNKNOWN
English - United States
RT_DIALOG
106
2.88094
284
UNKNOWN
English - United States
RT_DIALOG
107
2.62276
196
UNKNOWN
English - United States
RT_DIALOG
109
3.05474
182
UNKNOWN
English - United States
RT_DIALOG

Imports

ADVAPI32.dll
COMCTL32.dll
GDI32.dll
KERNEL32.dll
SHELL32.dll
USER32.dll
ole32.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
49
Monitored processes
9
Malicious processes
4
Suspicious processes
2

Behavior graph

Click at the process to see the details
start drop and start ade_4.5_installer.exe ade_4.5_installer.exe syminstallstub.exe digitaleditions.exe syminstallstub.exe no specs syminstallstub.exe adeautoupdater_450.exe syminstallstub.exe no specs syminstallstub.exe

Process information

PID
CMD
Path
Indicators
Parent process
1396"C:\Users\admin\AppData\Local\Temp\SymInstallStub.exe" /partnerid=adobeebook /productlist=ns /staging=false /delay=0 /launchedby=6C:\Users\admin\AppData\Local\Temp\SymInstallStub.exe
explorer.exe
User:
admin
Company:
Symantec Corporation
Integrity Level:
HIGH
Description:
SymInstallStub
Exit code:
4
Version:
3.8.3.55
Modules
Images
c:\users\admin\appdata\local\temp\syminstallstub.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2204"C:\Users\admin\AppData\Local\Temp\SymInstallStub.exe" /partnerid=adobeebook /productlist=ns /staging=falseC:\Users\admin\AppData\Local\Temp\SymInstallStub.exe
ADE_4.5_Installer.exe
User:
admin
Company:
Symantec Corporation
Integrity Level:
HIGH
Description:
SymInstallStub
Exit code:
0
Version:
3.8.3.55
Modules
Images
c:\users\admin\appdata\local\temp\syminstallstub.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2876"C:\Users\admin\AppData\Local\Temp\SymInstallStub.exe" /partnerid=adobeebook /productlist=ns /staging=false /delay=0 /launchedby=6C:\Users\admin\AppData\Local\Temp\SymInstallStub.exeexplorer.exe
User:
admin
Company:
Symantec Corporation
Integrity Level:
MEDIUM
Description:
SymInstallStub
Exit code:
3221226540
Version:
3.8.3.55
Modules
Images
c:\users\admin\appdata\local\temp\syminstallstub.exe
c:\systemroot\system32\ntdll.dll
2988"C:\Program Files\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe" C:\Program Files\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe
ADE_4.5_Installer.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe Digital Editions 4.5.10
Exit code:
0
Version:
4.5.10.0
Modules
Images
c:\program files\adobe\adobe digital editions 4.5\digitaleditions.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3088"C:\Users\admin\AppData\Local\Temp\ADE_4.5_Installer.exe" /UAC:10122 /NCRC C:\Users\admin\AppData\Local\Temp\ADE_4.5_Installer.exe
ADE_4.5_Installer.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
HIGH
Description:
Adobe Digital Editions 4.5.10
Exit code:
1223
Version:
1.0
Modules
Images
c:\users\admin\appdata\local\temp\ade_4.5_installer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
3096"C:\Users\admin\AppData\Local\Temp\ADE_4.5_Installer.exe" C:\Users\admin\AppData\Local\Temp\ADE_4.5_Installer.exe
explorer.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe Digital Editions 4.5.10
Exit code:
1223
Version:
1.0
Modules
Images
c:\users\admin\appdata\local\temp\ade_4.5_installer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
3480"C:\Users\admin\AppData\Local\Temp\SymInstallStub.exe" /partnerid=adobeebook /productlist=ns /staging=false /delay=0 /launchedby=6C:\Users\admin\AppData\Local\Temp\SymInstallStub.exeexplorer.exe
User:
admin
Company:
Symantec Corporation
Integrity Level:
MEDIUM
Description:
SymInstallStub
Exit code:
3221226540
Version:
3.8.3.55
Modules
Images
c:\users\admin\appdata\local\temp\syminstallstub.exe
c:\systemroot\system32\ntdll.dll
3528"C:\Users\admin\AppData\Local\Temp\SymInstallStub.exe" /partnerid=adobeebook /productlist=ns /staging=false /delay=0 /launchedby=6C:\Users\admin\AppData\Local\Temp\SymInstallStub.exe
explorer.exe
User:
admin
Company:
Symantec Corporation
Integrity Level:
HIGH
Description:
SymInstallStub
Exit code:
0
Version:
3.8.3.55
Modules
Images
c:\users\admin\appdata\local\temp\syminstallstub.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3748"C:\Program Files\Adobe\Adobe Digital Editions 4.5\ADEAutoUpdater_450.exe" -checkForUpdate https://adedownload.adobe.com/pub/adobe/digitaleditions/sha2/adeupdaterconfig.cfg 4.5.10.185749 en_USC:\Program Files\Adobe\Adobe Digital Editions 4.5\ADEAutoUpdater_450.exe
DigitalEditions.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
4294967295
Modules
Images
c:\program files\adobe\adobe digital editions 4.5\adeautoupdater_450.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
Total events
1 429
Read events
1 264
Write events
165
Delete events
0

Modification events

(PID) Process:(3088) ADE_4.5_Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Adobe Digital Editions 4.5
Operation:writeName:InstallDir
Value:
C:\Program Files\Adobe\Adobe Digital Editions 4.5
(PID) Process:(3088) ADE_4.5_Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Adobe Digital Editions 4.5
Operation:writeName:InstallPath
Value:
C:\Program Files\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe
(PID) Process:(3088) ADE_4.5_Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Adobe Digital Editions 4.5
Operation:writeName:FileVersion
Value:
1.1
(PID) Process:(3088) ADE_4.5_Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Adobe Digital Editions 4.5
Operation:writeName:ProductVersion
Value:
4.5.10.0
(PID) Process:(3088) ADE_4.5_Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Digital Editions 4.5
Operation:writeName:DisplayName
Value:
Adobe Digital Editions 4.5
(PID) Process:(3088) ADE_4.5_Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Digital Editions 4.5
Operation:writeName:UninstallString
Value:
"C:\Program Files\Adobe\Adobe Digital Editions 4.5\uninstall.exe"
(PID) Process:(3088) ADE_4.5_Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Digital Editions 4.5
Operation:writeName:NoModify
Value:
1
(PID) Process:(3088) ADE_4.5_Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Digital Editions 4.5
Operation:writeName:NoRepair
Value:
1
(PID) Process:(3088) ADE_4.5_Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Digital Editions 4.5
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe,-101
(PID) Process:(3088) ADE_4.5_Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Digital Editions 4.5
Operation:writeName:Publisher
Value:
Adobe Systems Incorporated
Executable files
34
Suspicious files
6
Text files
37
Unknown types
22

Dropped files

PID
Process
Filename
Type
3088ADE_4.5_Installer.exeC:\Program Files\Adobe\Adobe Digital Editions 4.5\ADEAutoUpdater_450.exeexecutable
MD5:
SHA256:
3088ADE_4.5_Installer.exeC:\Program Files\Adobe\Adobe Digital Editions 4.5\migration.exeexecutable
MD5:
SHA256:
3088ADE_4.5_Installer.exeC:\Program Files\Adobe\Adobe Digital Editions 4.5\rmsdk_wrapper.dllexecutable
MD5:
SHA256:
3096ADE_4.5_Installer.exeC:\Users\admin\AppData\Local\Temp\nsmA8EA.tmp\System.dllexecutable
MD5:3F176D1EE13B0D7D6BD92E1C7A0B9BAE
SHA256:FA4AB1D6F79FD677433A31ADA7806373A789D34328DA46CCB0449BBF347BD73E
3096ADE_4.5_Installer.exeC:\Users\admin\AppData\Local\Temp\nsmA8EA.tmp\UAC.dllexecutable
MD5:4814167AA1C7EC892E84907094646FAA
SHA256:32DD7269ABF5A0E5DB888E307D9DF313E87CEF4F1B597965A9D8E00934658822
3088ADE_4.5_Installer.exeC:\Users\admin\AppData\Local\Temp\nsfB137.tmp\System.dllexecutable
MD5:3F176D1EE13B0D7D6BD92E1C7A0B9BAE
SHA256:FA4AB1D6F79FD677433A31ADA7806373A789D34328DA46CCB0449BBF347BD73E
3088ADE_4.5_Installer.exeC:\Users\admin\AppData\Local\Temp\nsfB137.tmp\UAC.dllexecutable
MD5:4814167AA1C7EC892E84907094646FAA
SHA256:32DD7269ABF5A0E5DB888E307D9DF313E87CEF4F1B597965A9D8E00934658822
3096ADE_4.5_Installer.exeC:\Users\admin\Documents\My Digital Editions\welcome.epubcompressed
MD5:E453290017E3CF4014A4CD96950365FE
SHA256:A3F8F736CC3E7799FCB151BC7C1BA097C94D12ED689623B6E2CC3229ABDA30D5
3096ADE_4.5_Installer.exeC:\Users\admin\Documents\My Digital Editions\Manifest\welcome.epub.xmlxml
MD5:
SHA256:
3088ADE_4.5_Installer.exeC:\Program Files\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exeexecutable
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
15
DNS requests
7
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3088
ADE_4.5_Installer.exe
GET
200
40.112.176.188:80
http://stats.norton.com/n/p?module=9151&product=SymCCIS&version=2.1.3.25&language=09.01&os=6.1.7601.1.0&y=1033&b=adobeebook&a=CallCriteriaChecker&f=10&c=false&d=false&e=0x0&error=0&j=ns&k=ns=1000&g=-1&l=0.486
US
text
13 b
whitelisted
3088
ADE_4.5_Installer.exe
GET
200
40.112.176.188:80
http://stats.norton.com/n/p?module=9151&product=SymCCIS&version=2.1.3.25&language=09.01&os=6.1.7601.1.0&y=1033&b=adobeebook&a=SetProductOfferStatus&f=ns&o=1&error=0&i=0
US
text
13 b
whitelisted
3088
ADE_4.5_Installer.exe
GET
200
40.112.176.188:80
http://stats.norton.com/n/p?module=9151&product=SymCCIS&version=2.1.3.25&language=09.01&os=6.1.7601.1.0&y=1033&b=adobeebook&a=RunInstallStub&f=ns&c=false&d=false&e=0x0&error=0&m=0
US
text
13 b
whitelisted
3088
ADE_4.5_Installer.exe
GET
400
40.112.176.188:443
http://stats.norton.com:443/n/p?module=9160&product=SCC&version=4.7.2.36&language=09.01&os=6.1.7601.1.0&y=1033&a=adobeebook&b=local&c=ns&d=ns=1000&e=0x0&error=0&n=0&j=0&k=0&l=none&m=none&o=none&q=none&t=none&u=-1&v=none
US
html
264 b
whitelisted
3088
ADE_4.5_Installer.exe
GET
200
152.195.132.156:80
http://liveupdate.symantecliveupdate.com/upgrade/NSS/SymCCIS/Production/SymInstallStub.exe
US
executable
1.76 Mb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3088
ADE_4.5_Installer.exe
23.58.217.61:443
adedownload.adobe.com
Akamai Technologies, Inc.
US
whitelisted
3088
ADE_4.5_Installer.exe
40.112.176.188:443
stats.norton.com
Microsoft Corporation
US
whitelisted
3088
ADE_4.5_Installer.exe
40.112.176.188:80
stats.norton.com
Microsoft Corporation
US
whitelisted
3088
ADE_4.5_Installer.exe
152.195.132.156:80
liveupdate.symantecliveupdate.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2204
SymInstallStub.exe
152.195.132.156:443
liveupdate.symantecliveupdate.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2204
SymInstallStub.exe
40.112.176.188:443
stats.norton.com
Microsoft Corporation
US
whitelisted
3528
SymInstallStub.exe
152.195.132.156:443
liveupdate.symantecliveupdate.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3088
ADE_4.5_Installer.exe
192.147.130.117:443
adeinstall.adobe.com
Adobe Systems Inc.
US
unknown
3748
ADEAutoUpdater_450.exe
23.58.217.61:443
adedownload.adobe.com
Akamai Technologies, Inc.
US
whitelisted
2988
DigitalEditions.exe
192.147.130.145:443
adeactivate.adobe.com
Adobe Systems Inc.
US
unknown

DNS requests

Domain
IP
Reputation
adedownload.adobe.com
  • 23.58.217.61
whitelisted
stats.norton.com
  • 40.112.176.188
unknown
liveupdate.symantecliveupdate.com
  • 152.195.132.156
unknown
adeinstall.adobe.com
  • 192.147.130.117
whitelisted
adeactivate.adobe.com
  • 192.147.130.145
whitelisted

Threats

PID
Process
Class
Message
3088
ADE_4.5_Installer.exe
Misc activity
ADWARE [PTsecurity] NSIS.DealPly.xiazai
3088
ADE_4.5_Installer.exe
A Network Trojan was detected
ET POLICY Norton Update User-Agent (Install Stub)
3088
ADE_4.5_Installer.exe
Misc activity
ADWARE [PTsecurity] NSIS.DealPly.xiazai
3088
ADE_4.5_Installer.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3088
ADE_4.5_Installer.exe
A Network Trojan was detected
ET POLICY Norton Update User-Agent (Install Stub)
3088
ADE_4.5_Installer.exe
Misc activity
ADWARE [PTsecurity] NSIS.DealPly.xiazai
3088
ADE_4.5_Installer.exe
A Network Trojan was detected
ET POLICY Norton Update User-Agent (Install Stub)
3088
ADE_4.5_Installer.exe
Misc activity
ADWARE [PTsecurity] NSIS.DealPly.xiazai
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ADE_4.5_Installer.exe