e93cf7c4...3775 | Network
Logo
Try VMRay Analyzer
VTI SCORE: 93/100
Dynamic Analysis Report
Classification: Dropper, Rootkit, Spyware, Downloader

e93cf7c4f464ff015bda21fed805744beaf2d631ccd7cc81eb8a434a5bc73775 (SHA256)

adobereader_dcupd_en_cra_install.exe

Windows Exe (x86-32)

Created at 2018-08-28 10:26:00

...

Notifications (2/3)

Some extracted files may be missing in the report since the total file extraction size limit was reached during the analysis. You can increase the limit in the configuration settings.

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

Code overwrite was observed during this analysis. Note that the analysis results may be affected by this modification by the sample.

Network Overview

Hosts (1)
»
Hostname IP Address Location Protocols Reputation Status WHOIS Data
adobemacromedia.com 104.28.4.137 United States HTTP, TCP, UDP
Has Blacklisted URL
Show WHOIS
DNS Queries (1)
»
Hostname Categories Names Source Reputation Status
adobemacromedia.com - - PCAP
Blacklisted
URLs (2)
»
URL Categories Names Source HTTP Status Code Reputation Status
HTTP://adobemacromedia.com/setup.exe Malware Mal/HTMLGen-A Function Log -
Blacklisted
http://adobemacromedia.com/setup.exe Malware Mal/HTMLGen-A PCAP -
Blacklisted

Connections

DNS (1)
»
Operation Additional Information Success Count Logfile
Resolve Name host = adobemacromedia.com, address_out = 104.28.4.137 True 1 -
TCP Sessions (1)
»
Information Value
Total Data Sent 97.87 KB
Total Data Received 2.66 MB
Contacted Host Count 1
Contacted Hosts 104.28.4.137
TCP Session #1
»
Information Value
Source PCAP
Stream ID 0
Remote Address 104.28.4.137
Remote Port 80
Local Address 192.168.0.118
Local Port 49158
Data Sent 97.87 KB
Data Received 2.66 MB
Time Highest Layer Additional Information Success
52.771860 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
52.793418 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.793996 s HTTP Data Sent: 0.20 KB, Data Received: 0.05 KB True
52.876523 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.877176 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.892918 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.893182 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.894357 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.895593 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.896797 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.898288 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.898763 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.899481 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.900353 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.909429 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.912082 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.912476 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.915725 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.916449 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.917294 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.918042 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.918514 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.919150 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.919884 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.920732 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.921536 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.922347 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.927841 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.928174 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.928682 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.929523 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.930396 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.930824 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.931327 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.932106 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.932617 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.933104 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.934160 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.934654 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.934856 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.935411 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.935955 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.936440 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.937265 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.939853 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.941589 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.949724 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.953961 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.954271 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.954476 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.954697 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.955000 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.955696 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.955961 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.956326 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.956798 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.957125 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.957392 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.957812 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.958235 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.958501 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.961138 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.961462 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.961664 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.961972 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.962507 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.963219 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.963459 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.963666 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.964158 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.965139 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.965593 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.965845 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.966083 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.966811 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.967128 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.967379 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.967567 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.967845 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.968091 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.968345 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.968648 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.969085 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.969431 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.969754 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.970167 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.970390 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.970676 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.970858 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.971264 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.971865 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.972296 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.972888 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.973170 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.973861 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.974519 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.976202 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.976498 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.992050 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
52.997993 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.007801 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.008175 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.013121 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.013600 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.013924 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.014466 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.014941 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.015254 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.015470 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.015893 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.016175 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.016593 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.016964 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.017226 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.017562 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.017899 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.018205 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.018460 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.019050 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.019398 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.021253 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.128621 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.141743 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.141943 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.142207 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.142556 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.142887 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.143258 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.143661 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.143909 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.144208 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.144412 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.144750 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.144987 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.145174 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.145385 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.145671 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.145967 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.146310 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.146634 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.147326 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.147626 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.147853 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.148144 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.148566 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.148846 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.149129 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.149357 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.149579 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.243253 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
The remaining entries of this session are omitted for performance reasons and can be found in analysis.pcap .
UDP Sessions (1)
»
Total Data Sent 0.08 KB
Total Data Received 0.11 KB
Contacted Host Count 1
Contacted Hosts 192.168.0.1
UDP Session #1
»
Information Value
Source PCAP
Stream ID 121
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.118
Local Port 56449
Data Sent 0.08 KB
Data Received 0.11 KB
Time Highest Layer Additional Information Success
52.768714 s DNS Data Sent: 0.08 KB, Data Received: 0.11 KB True
HTTP Sessions (1)
»
Information Value
Total Data Sent 0.20 KB
Total Data Received 12.88 MB
Contacted Host Count 1
Contacted Hosts adobemacromedia.com
HTTP Session #1
»
Information Value
Source Function Log
User Agent AdvancedInstaller
Server Name adobemacromedia.com
Server Port 80
Data Sent 0.20 KB
Data Received 12.88 MB
Operation Additional Information Success Count Logfile
Open Session user_agent = AdvancedInstaller, access_type = INTERNET_OPEN_TYPE_PRECONFIG, flags = INTERNET_FLAG_ASYNC True 1
Fn
Open Connection protocol = HTTP, server_name = adobemacromedia.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.0, target_resource = /setup.exe, accept_types = 26737692, flags = INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_KEEP_CONNECTION, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = adobemacromedia.com/setup.exe False 1
Fn
Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_CONTENT_LENGTH, size_out = 4 True 1
Fn
Data
Read Response size = 610, size_out = 610 True 1
Fn
Data
Read Response size = 8192, size_out = 8192 True 1648
Fn
Data
Read Response size = 8094, size_out = 8094 True 1
Fn
Data
Close Session - True 1
Fn
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image