JBX Analysis Report

Loading ...

General Information

Analysis ID:27416
Start time:15:14:07
Start date:16/11/2012
Overall analysis duration:0h 7m 7s
Sample file name:ap2.php@f=f7d19.pdf
Cookbook file name:Ret Dump.jbs
Analysis system description:XP SP3 (Office 2003 SP1, Java 1.5.0, Acrobat Reader 8.1.2, Internet Explorer 6, Flash 10.1.82.76)
Number of analysed new started processes analysed:1
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
SCAE enabled:true
SCAE success:false, ratio: 0%

Classification / Threat Score

Persistence, Installation, Boot Survival:
Hiding, Stealthiness, Detection and Removal Protection:
Security Solution / Mechanism bypass, termination and removal, Anti Debugging, VM Detection:
Spreading:
Exploiting:
Networking:
Data spying, Sniffing, Keylogging, Ebanking Fraud:

Matching Signatures

Behavior Signatures
Creates temporary files
Reads ini files
Urls found in memory or binary data
Creates mutexes\BaseNamedObjects\oleacc-msaa-loaded \BaseNamedObjects\Global\AcrobatViewerIsRunning
Found strings which match to known bank urls
Found strings which match to known social media urls
May tried to detect the virtual machine to hinder analysis (VM artifact strings found in memory)
Performs DNS lookups
Detected shellcode (checkout the disassembly section)
Document exploit detected (UrlDownloadToFile)
Document exploit detected (performs DNS queries)
NOP-sled detected (often used during heap spraying before exploitation)
Tries to resolve domain names, but no domain seems valid (experied dropper behavior)

Code Signatures
Contains functionality to download additional files from the internet

Startup

  • system is xp2
  • AcroRd32.exe (PID: 1768 MD5: 80660C611B596FFE8AF4074B31AA6FB7)
  • cleanup

Created / dropped Files

File PathMD5
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AcrE011.tmpDC3C88F445A3EA5374710FC217720FB0

Contacted Domains

NameIPName ServerActiveRegistrare-Mail
vr.kalba.netunknownunknownfalseunknownunknown

Contacted IPs

IPCountryPingableOpen Ports
195.186.1.121SWITZERLANDfalse

Static File Info

File type:PDF document, version 1.6
File name:ap2.php@f=f7d19.pdf
File size:17029
MD5:d86d9b77f6abeb70596019dec77fa71d
SHA1:e3a7c36cb2e9b5131acb66cb2f04de58452a22ea
SHA256:823e1eb33e370d2801a3807253f7b75580396ca9e91f01533cdc993745a9d6ee
SHA512:a096651af352139e322b6539f3f92ebbcc22645a3595004ce2af84aa0477bf8346747a42401a30f5bf2b23c70595354b524194c84e525b0abdbdda7deff8597e

String Analysis

URLs
String valueSource
http://a.ads2.msads.net/cis/11/000/000/000/022/056.jAcroRd32.exe
http://a.ads2.msads.net/cis/56/000/000/000/000/000.gAcroRd32.exe
http://a.rad.msn.com/adsadclient31.dll?getsad=&dpjs=4&pn=msft&id=1be25b89169c67282f395932129c67da&muAcroRd32.exe
http://ad.doubleclick.net/ad/n6374.132541.msn.com/b5976918;sz=1x1;ord=189708926AcroRd32.exe
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/2373.1225.tk.177x20/9920374AcroRd32.exe
http://adobe.tt.omtrdc.net/m2/adobe/sc/standard?mboxhost=kb2.adobe.com&mboxsession=1327395957406-706AcroRd32.exe
http://ads1.msn.com/library/dapmsn.AcroRd32.exe
http://ads2.msads.net/cis/18/000/000/000/021/868.pAcroRd32.exe
http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.AcroRd32.exe
http://amch.questionmarket.com/adsc/d944682/3/944772/randm.AcroRd32.exe
http://api-public.addthis.com/url/shares.json?url=http%3a%2f%2fwww.oldapps.com%2fadobe_reader.php%3fAcroRd32.exe
http://api-public.addthis.com/url/shares.json?url=http%3a%2f%2fwww.oldapps.com%2fadobe_reader.php&caAcroRd32.exe
http://api-public.addthis.com/url/shares.json?url=http%3a%2f%2fwww.oldapps.com&callback=_ate.cbs.sc_AcroRd32.exe
http://api.bing.com/qsonhs.aspx?form=msn005&AcroRd32.exe
http://api.demandbase.com/api/v2/ip.js?key=e4086fa3ea9d74ac2aae2719a0e5285dc7075d7b&var=s_dmdbase_v_AcroRd32.exe
http://apis.google.com/js/plusone.AcroRd32.exe
http://blst.msn.com/as/wea3/i/en-us/law/32.gAcroRd32.exe
http://cache.oahermes.com/css/main_1.cAcroRd32.exe
http://cache.oahermes.com/css/oa.cAcroRd32.exe
http://cache.oahermes.com/css/style.cAcroRd32.exe
http://cache.oahermes.com/css/style1.cAcroRd32.exe
http://cache.oahermes.com/fancybox/blank.gAcroRd32.exe
http://cache.oahermes.com/fancybox/fancy_close.pAcroRd32.exe
http://cache.oahermes.com/fancybox/fancy_nav_left.pAcroRd32.exe
http://cache.oahermes.com/fancybox/fancy_nav_right.pAcroRd32.exe
http://cache.oahermes.com/fancybox/fancybox.pAcroRd32.exe
http://cache.oahermes.com/image/arrow_green.gAcroRd32.exe
http://cache.oahermes.com/image/arrow_grey.gAcroRd32.exe
http://cache.oahermes.com/image/bg_midcon.gAcroRd32.exe
http://cache.oahermes.com/image/bg_midconpr.pAcroRd32.exe
http://cache.oahermes.com/image/dotted_bg.gAcroRd32.exe
http://cache.oahermes.com/image/download.pAcroRd32.exe
http://cache.oahermes.com/image/footer_bg.pAcroRd32.exe
http://cache.oahermes.com/image/grey_tab.pAcroRd32.exe
http://cache.oahermes.com/image/logo.pAcroRd32.exe
http://cache.oahermes.com/image/mid_blackbg.gAcroRd32.exe
http://cache.oahermes.com/image/mid_bottom.gAcroRd32.exe
http://cache.oahermes.com/image/mid_cat_ind.gAcroRd32.exe
http://cache.oahermes.com/image/mid_leftcorner.pAcroRd32.exe
http://cache.oahermes.com/image/mid_rightcorner.pAcroRd32.exe
http://cache.oahermes.com/image/midnv1.pAcroRd32.exe
http://cache.oahermes.com/image/more.gAcroRd32.exe
http://cache.oahermes.com/image/nav_1.gAcroRd32.exe
http://cache.oahermes.com/image/oasprite2.pAcroRd32.exe
http://cache.oahermes.com/image/os1.pAcroRd32.exe
http://cache.oahermes.com/image/point.gAcroRd32.exe
http://cache.oahermes.com/image/search.pAcroRd32.exe
http://cache.oahermes.com/image/sep1.gAcroRd32.exe
http://cache.oahermes.com/image/shadow.gAcroRd32.exe
http://cache.oahermes.com/image/top_curve_midbottompr.pAcroRd32.exe
http://cache.oahermes.com/image/top_curve_midcontpr.pAcroRd32.exe
http://cache.oahermes.com/image/windowtab.pAcroRd32.exe
http://cache.oahermes.com/images/input_bg_slice.pAcroRd32.exe
http://cache.oahermes.com/images/open_new_window.pAcroRd32.exe
http://cache.oahermes.com/js/custom01.AcroRd32.exe
http://cache.oahermes.com/softimg/pdf-logo.gAcroRd32.exe
http://cdn.api.twitter.com/1/urls/count.json?url=http%3a%2f%2fwww.oldapps.com%2f&callback=twttr.receAcroRd32.exe
http://cgi.adobe.com/special/acrobat/updaAcroRd32.exe
http://ch.questionmarket.com/w3c/audit2007/p3p_dynamiclogic.xmAcroRd32.exe
http://col.stb.s-msn.com/i/25/b339a1e8e65447642b9f0ddad0e.jAcroRd32.exe
http://col.stb.s-msn.com/i/26/d59641387bf748337c126ad1957c2.jAcroRd32.exe
http://col.stb.s-msn.com/i/30/24fdf2cd8be5e4cfb52e27f92bdef4.jAcroRd32.exe
http://col.stb.s-msn.com/i/37/423d8428977d46cc6ebfecc452b0d0.jAcroRd32.exe
http://col.stb.s-msn.com/i/3a/b0da1e93d2fae7a81098776a2efdfd.jAcroRd32.exe
http://col.stb.s-msn.com/i/3e/7cef4323cd2894f4fb6a6d5ae5aa9e.jAcroRd32.exe
http://col.stb.s-msn.com/i/55/f3731528f70d131f63b12e5ce4ce.jAcroRd32.exe
http://col.stb.s-msn.com/i/5a/a825aeb11f7fbaa1682967885b0bb.jAcroRd32.exe
http://col.stb.s-msn.com/i/65/cdab2f44a1591d2b308c20c6c15375.jAcroRd32.exe
http://col.stb.s-msn.com/i/6f/40e0e7b0930b1dfead9e668b98d6.jAcroRd32.exe
http://col.stb.s-msn.com/i/98/bc71769ba96df69cfe934397d8824a.jAcroRd32.exe
http://col.stb.s-msn.com/i/9d/5ee4ca92f2c86b9b7969e3851ff30.jAcroRd32.exe
http://col.stb.s-msn.com/i/9e/f415cf42cce232a2532ba451bef3.jAcroRd32.exe
http://col.stb.s-msn.com/i/a4/f1284a44194776bf5c17c6e522a529.jAcroRd32.exe
http://col.stb.s-msn.com/i/b7/eb75d45b8948f72ee451223e95a96.gAcroRd32.exe
http://col.stb.s-msn.com/i/d0/4278717f7c190e446356444e97f5a.jAcroRd32.exe
http://col.stb.s-msn.com/i/d1/2a789319d730bbfee7294a39a8c679.jAcroRd32.exe
http://col.stb.s-msn.com/i/d2/61c2fc3513db668220918204e27.jAcroRd32.exe
http://col.stb.s-msn.com/i/d8/9e3c8db312445bb97be3c0469d3731.jAcroRd32.exe
http://col.stb.s-msn.com/i/e2/37ba92e210d341bfdbf4126422a3d2.gAcroRd32.exe
http://col.stb.s-msn.com/i/e9/ae875fab1f44e47994f2fee50c187.jAcroRd32.exe
http://col.stb.s-msn.com/i/fd/c7a5cbf8b632766bf5188569661116.jAcroRd32.exe
http://col.stc.s-msn.com/br/sc/css/36/8c1ae01e8fd4f4408590d43df0f4e3.cAcroRd32.exe
http://col.stc.s-msn.com/br/sc/css/3c/e52849405b21b1b7b78858e8f94f2f.cAcroRd32.exe
http://col.stc.s-msn.com/br/sc/i/07/617475cf39bf6f5c0bd6ecb985335c.gAcroRd32.exe
http://col.stc.s-msn.com/br/sc/i/0c/c57bc2a7d38843d7c4aa8028fc9f82.gAcroRd32.exe
http://col.stc.s-msn.com/br/sc/i/5f/5280118e68aedbc5821d17132a5340.gAcroRd32.exe
http://col.stc.s-msn.com/br/sc/i/7d/7fda667169fb45760dd7152ddafd78.gAcroRd32.exe
http://col.stc.s-msn.com/br/sc/i/c1/cc36ca69630adc1a2052edc7351a47.gAcroRd32.exe
http://col.stc.s-msn.com/br/sc/i/f8/614595fba50d96389708a4135776e4.gAcroRd32.exe
http://col.stc.s-msn.com/br/sc/i/ff/adchoices_gif2.gAcroRd32.exe
http://col.stc.s-msn.com/br/sc/i/icons/bing_websearch_2.jAcroRd32.exe
http://col.stj.s-msn.com/br/sc/js/51/anatm.AcroRd32.exe
http://col.stj.s-msn.com/br/sc/js/cf/ece838bdac41f565b1c59d87c4c9cf63.AcroRd32.exe
http://col.stj.s-msn.com/br/sc/js/jquery/jquery-1.4.2.min.AcroRd32.exe
http://community.adobe.com/help/badge/ionsupport.AcroRd32.exe
http://connect.facebook.net/en_us/all.AcroRd32.exe
http://crl.verisign.com/class3codesigning2001.crlAcroRd32.exe
http://crl.verisign.com/pca3.1.1.crAcroRd32.exe
http://download-euro.oldapps.com/adobe_reader/adberdr812_en_us.eAcroRd32.exe
http://download.adobe.com/pub/adobe/reader/all/7x/7.0/enu/reader.pdfadobeAcroRd32.exe
http://ec.atdmt.com/bAcroRd32.exe
http://edge.quantserve.com/quant.AcroRd32.exe
http://feeds.feedburner.com/~fc/oldapps?bg=ff6600&fg=000000&animAcroRd32.exe
http://google.com/pagead/drt/AcroRd32.exe
http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2739591798241468&output=html&h=280&slotnAcroRd32.exe
http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2739591798241468&output=html&h=60&slotnaAcroRd32.exe
http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2739591798241468&output=html&h=600&slotnAcroRd32.exe
http://googleads.g.doubleclick.net/pagead/drtAcroRd32.exe
http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xmlAcroRd32.exe
http://googleads.g.doubleclick.net/pagead/imgad?id=cicagicqzv7ypxdqahiyajii5h9ywd4r-AcroRd32.exe
http://googleads.g.doubleclick.net/pagead/imgad?id=cicagmdo7cc9vhdqahiyajiihogkdjt61AcroRd32.exe
http://googleads.g.doubleclick.net/pagead/imgad?id=cin76tkr2bqv2aeq0aiymaiycfin0jjcqpAcroRd32.exe
http://googleads.g.doubleclick.net/pagead/imgad?id=ckjbp_hsivvsdbdqahiyajiiind9b_dwcAcroRd32.exe
http://googleads.g.doubleclick.net/pagead/imgad?id=cksvvrfn2tgqjaeq0aiymaiycpwvqa7rs7AcroRd32.exe
http://googleads.g.doubleclick.net/pagead/imgad?id=clxtyc3fj4klugeq0aiymaiycnfy3iuegkAcroRd32.exe
http://googleads.g.doubleclick.net/pagead/imgad?id=colbhodsp-iarrduaxg8mgg2iu8vplicAcroRd32.exe
http://js.dmtry.com/antenna2.js?246_1807_36579_9&sz=300x2AcroRd32.exe
http://kb2.adobe.com/cps/155/tn_15507.htAcroRd32.exe
http://kb2.adobe.com/cps/css/feedbackbadge.cAcroRd32.exe
http://kb2.adobe.com/cps/css/kb2style.cAcroRd32.exe
http://kb2.adobe.com/cps/ssi/assets/jquery-1.5.1.min.AcroRd32.exe
http://kb2.adobe.com/cps/ssi/assets/jquery.query.AcroRd32.exe
http://kb2.adobe.com/cps/ssi/assets/search_button.pAcroRd32.exe
http://kb2.adobe.com/css/support/cps.cAcroRd32.exe
http://kb2.adobe.com/include/img/truste_seal_eu.gAcroRd32.exe
http://kb2.adobe.com/lib/com.adobe/hover.hAcroRd32.exe
http://kb2.adobe.com/uber/js/omniture/mbox.AcroRd32.exe
http://kb2.adobe.com/ubi/template/identity/adobe.AcroRd32.exe
http://kb2.adobe.com/ubi/template/identity/adobe/cookie.AcroRd32.exe
http://kb2.adobe.com/ubi/template/identity/adobe/globalfooter.AcroRd32.exe
http://kb2.adobe.com/ubi/template/identity/adobe/pane/screen.cAcroRd32.exe
http://kb2.adobe.com/ubi/template/identity/adobe/screen/tag-title.cAcroRd32.exe
http://kb2.adobe.com/ubi/template/identity/adobe/tabnav/tabzen.cAcroRd32.exe
http://kb2.adobe.com/ubi/template/identity/adobe/tree.AcroRd32.exe
http://kb2.adobe.com/ubi/template/identity/adobe/u/adaptcustommouse.AcroRd32.exe
http://kb2.adobe.com/ubi/template/identity/adobe/u/link.AcroRd32.exe
http://kb2.adobe.com/ubi/template/identity/lib/animator.AcroRd32.exe
http://kb2.adobe.com/ubi/template/identity/lib/sifr3-r419/css/sifr-print.cAcroRd32.exe
http://kb2.adobe.com/ubi/template/identity/lib/sifr3-r419/css/sifr-screen.cAcroRd32.exe
http://kb2.adobe.com/ubi/template/identity/lib/style-nurse.hAcroRd32.exe
http://kb2.adobe.com/ubi/template/identity/product.cs4/invoke/fire_sifr.AcroRd32.exe
http://kb2.adobe.com/ubi/template/identity/product.cs4/screen/content-header.sifr.cAcroRd32.exe
http://kb2.adobe.com/ubi/template/identity/product.cs4/tree/print.cAcroRd32.exe
http://kb2.adobe.com/ubi/template/identity/product.cs4/tree/white.cAcroRd32.exe
http://kb2.adobe.com/ubi/template/identity/product.cs4/xnav.AcroRd32.exe
http://kb2.adobe.com/ubi/template/identity/product.cs4/xnav/screen.cAcroRd32.exe
http://mediacdn.disqus.com/1322687430/build/system//defaults.cAcroRd32.exe
http://mediacdn.disqus.com/1322687430/build/system/def.htAcroRd32.exe
http://mediacdn.disqus.com/1322687430/build/system/disqus.jAcroRd32.exe
http://mediacdn.disqus.com/1322687430/build/system/embed.AcroRd32.exe
http://mediacdn.disqus.com/1322687430/build/system/reply.htAcroRd32.exe
http://mediacdn.disqus.com/1322687430/build/themes/dsq7884a9652e94555c70f96b6be63be216.csAcroRd32.exe
http://mediacdn.disqus.com/1322687430/build/themes/dsq7884a9652e94555c70f96b6be63be216.jAcroRd32.exe
http://mediacdn.disqus.com/1322687430/images/noavatar32.pAcroRd32.exe
http://mediacdn.disqus.com/1322687430/images/themes/houdini/backgrounds-sprite.pAcroRd32.exe
http://mediacdn.disqus.com/1322687430/images/themes/narcissus/dsq-loader-dark.gAcroRd32.exe
http://mediacdn.disqus.com/1322687430/images/toolbar/toolbar-bg.pAcroRd32.exe
http://mediacdn.disqus.com/1322687430/images/toolbar/toolbar-sprite-2.0.pAcroRd32.exe
http://mediacdn.disqus.com/1322687430/js/dist/lib.AcroRd32.exe
http://ns.adobe.com/acrobat/rss/inboAcroRd32.exe
http://ns.adobe.com/acrobat/rss/inbox/:hiddAcroRd32.exe
http://ns.adobe.com/acrobat/rss/reviewAcroRd32.exe
http://ns.adobe.com/acrobat/rss/reviews/:AcroRd32.exe
http://ns.adobe.com/acrobat/rss/reviews/:bAcroRd32.exe
http://ns.adobe.com/acrobat/rss/reviews/:connectionstatAcroRd32.exe
http://ns.adobe.com/acrobat/rss/reviews/:docAcroRd32.exe
http://ns.adobe.com/acrobat/rss/reviews/:docliAcroRd32.exe
http://ns.adobe.com/acrobat/rss/reviews/:doctitAcroRd32.exe
http://ns.adobe.com/acrobat/rss/reviews/:foldAcroRd32.exe
http://ns.adobe.com/acrobat/rss/reviews/:hasconnectAcroRd32.exe
http://ns.adobe.com/acrobat/rss/reviews/:isinitiatAcroRd32.exe
http://ns.adobe.com/acrobat/rss/reviews/:isoffliAcroRd32.exe
http://ns.adobe.com/acrobat/rss/reviews/:isonliAcroRd32.exe
http://ns.adobe.com/acrobat/rss/reviews/:lastsyAcroRd32.exe
http://ns.adobe.com/acrobat/rss/reviews/:latestversiAcroRd32.exe
http://ns.adobe.com/acrobat/rss/reviews/:locatiAcroRd32.exe
http://ns.adobe.com/acrobat/rss/reviews/:methAcroRd32.exe
http://ns.adobe.com/acrobat/rss/reviews/:remoteuAcroRd32.exe
http://ns.adobe.com/acrobat/rss/reviews/:serverrevieAcroRd32.exe
http://ns.adobe.com/acrobat/rss/reviews/:workspaAcroRd32.exe
http://ns.adobe.com/xdpAcroRd32.exe
http://oa-comments.disqus.com/embed.AcroRd32.exe
http://oa-comments.disqus.com/thread.js?url=http%3a%2f%2fwww.oldapps.com%2fadobe_reader.php%3fold_adAcroRd32.exe
http://ocsp.verisign.com/ocsp/statuAcroRd32.exe
http://oldapps.coAcroRd32.exe
http://oldapps.com/betasearch.php?cx=007779823686351122034%3ai7o_lb6edjm&cof=forid%3a9&ie=utf-8&q=acAcroRd32.exe
http://oldapps.com/favicon.iAcroRd32.exe
http://p4.fsuqxtdj4673q.i6pflvtd7ttkkl76.if.v4.ipv6-exp.l.google.com/intl/en/ipv6/exp/iframe.htAcroRd32.exe
http://p4.fsuqxtdj4673q.i6pflvtd7ttkkl76.if.v4.ipv6-exp.l.google.com/intl/en/ipv6/exp/redir.htAcroRd32.exe
http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.pAcroRd32.exe
http://pagead2.googlesyndication.com/pagead/expansion_embed.AcroRd32.exe
http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.pAcroRd32.exe
http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.pAcroRd32.exe
http://pagead2.googlesyndication.com/pagead/js/graphics.AcroRd32.exe
http://pagead2.googlesyndication.com/pagead/js/r20111110/r20110914/abg.AcroRd32.exe
http://pagead2.googlesyndication.com/pagead/js/r20111110/r20110914/show_ads_impl.AcroRd32.exe
http://pagead2.googlesyndication.com/pagead/render_ads.AcroRd32.exe
http://pagead2.googlesyndication.com/pagead/show_ads.AcroRd32.exe
http://pagead2.googlesyndication.com/pagead/sma8.AcroRd32.exe
http://platform.twitter.com/js/xd/jsonrpc.AcroRd32.exe
http://platform.twitter.com/js/xd/parent.AcroRd32.exe
http://platform.twitter.com/widgets.AcroRd32.exe
http://platform.twitter.com/widgets/hub.htAcroRd32.exe
http://platform.twitter.com/widgets/images/tweet.dfbf1dd98bad9f5b5addd80494650dca.pAcroRd32.exe
http://platform.twitter.com/widgets/tweet_button.htAcroRd32.exe
http://rad.msn.com/adsadclient31.dll?getsad=&dpjs=4&pn=msft&id=1be25b89169c67282f395932129c67da&muidAcroRd32.exe
http://s1.2mdn.net/viewad/2809226/1x1.gAcroRd32.exe
http://s7.addthis.com/js/250/addthis_widget.AcroRd32.exe
http://s7.addthis.com/js/250/plugin.sharecounter.AcroRd32.exe
http://s7.addthis.com/static/r07/counter71.cAcroRd32.exe
http://s7.addthis.com/static/r07/sh69.htAcroRd32.exe
http://s7.addthis.com/static/r07/widget35_32x32.pAcroRd32.exe
http://s7.addthis.com/static/r07/widget71.cAcroRd32.exe
http://s7.addthis.com/static/r07/widgetbig71.cAcroRd32.exe
http://s7.addthis.com/static/t00/nsc01.gAcroRd32.exe
http://s7.addthis.com/static/t00/tbc02.gAcroRd32.exe
http://schemas.microsoft.com/sharepoint/soaAcroRd32.exe
http://screenshots.oahermes.com/10/small_1_adobe_raeder-9.pAcroRd32.exe
http://screenshots.oahermes.com/10/small_2_adobe_raeder-9-tools.pAcroRd32.exe
http://screenshots.oahermes.com/10/small_3_adobe_raeder-9-about.pAcroRd32.exe
http://screenshots.oahermes.com/10/small_41_adobe%20reader%208.1.2-about.pAcroRd32.exe
http://screenshots.oahermes.com/10/small_42_adobe%20reader%208.1.2-main-window.pAcroRd32.exe
http://screenshots.oahermes.com/10/small_43_adobe%20reader%208.1.2-tools.pAcroRd32.exe
http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/ql9vukdcc4r.pAcroRd32.exe
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/3vr-wui-xma.cAcroRd32.exe
http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/2y3yodppa_k.AcroRd32.exe
http://tps30.doubleverify.com/visit.gif?ctx=965891&cmp=1113445&sid=772433&plc=123456&adid=&dvtagver=AcroRd32.exe
http://vr.kalba.net/d.php?f=f7d19&eAcroRd32.exe
http://www.adobe.com$isocountry$special/products/acrobat/apip.htmlhttp://www.adobe.com$isocountry$miAcroRd32.exe
http://www.adobe.com/acrobat&doAcroRd32.exe
http://www.adobe.com/acrobat/AcroRd32.exe
http://www.adobe.com/acrobat/http://www.adobe.com/offer/110400http://www.adobe.com/acrofamily/main.hAcroRd32.exe
http://www.adobe.com/acrobattheAcroRd32.exe
http://www.adobe.com/acrobatthisAcroRd32.exe
http://www.adobe.com/go/sc_learn_morethisAcroRd32.exe
http://www.adobe.com/images/shared/download_buttons/get_flash_player.gAcroRd32.exe
http://www.adobe.com/products/acrobat/alternate.html&downloadAcroRd32.exe
http://www.adobe.com/products/acrobat/readstep2.htAcroRd32.exe
http://www.adobe.com/security/partners_cds.htmlhttp://www.adobe.com/products/acrobat/readstep2.htmlcAcroRd32.exe
http://www.adobe.com/support/expert_support/main.htmlhttp://www.adobe.com/support/products/acrobat.hAcroRd32.exe
http://www.adobe.com/support/techdocs/332720.htmlhttp://www.adobe.com/support/jp/support/acro8j_prn.AcroRd32.exe
http://www.adobe.com/type/AcroRd32.exe
http://www.adobe.com/type/http://www.adobe.coAcroRd32.exe
http://www.adobe.com/type/http://www.adobe.com/type/legal.htAcroRd32.exe
http://www.adobe.com/type/legal.htAcroRd32.exe
http://www.bing.com/partner/primedns.gAcroRd32.exe
http://www.bing.com/s/as/899538/en.AcroRd32.exe
http://www.dictionary.com/cgi-bin/dict.pl?terAcroRd32.exe
http://www.google-analytics.com/ga.AcroRd32.exe
http://www.google.ch/extern_js/f/cgjkzricy2grmeu4acwrmfo4acwrma44acwrmbc4acwrmdw4acwrmfe4acwrmao4ajoAcroRd32.exe
http://www.google.ch/extern_js/f/cgjkzricy2grmfo4acwrma44acwrmao4ajocamhllcswgdgaliacujacza/i-5po2l6AcroRd32.exe
http://www.google.ch/images/mgyhp_sm.pAcroRd32.exe
http://www.google.ch/images/nav_logo_hp2.pAcroRd32.exe
http://www.google.ch/images/srpr/nav_logo80.pAcroRd32.exe
http://www.google.ch/intl/en_com/images/srpr/logo1w.pAcroRd32.exe
http://www.google.ch/search?hl=de&source=hp&q=flashAcroRd32.exe
http://www.google.ch/url?q=http://kb2.adobe.com/cps/155/tn_15507.html&sa=u&ei=jg80t6pwkmkp8aozwog_agAcroRd32.exe
http://www.google.comAcroRd32.exe
http://www.google.com/adsense/search/ads.js?vAcroRd32.exe
http://www.google.com/afsonline/show_afs_search.AcroRd32.exe
http://www.google.com/cse/api/branding.cAcroRd32.exe
http://www.google.com/cse/style/look/default.cAcroRd32.exe
http://www.google.com/cse?cx=007779823686351122034%3ai7o_lb6edjm&cof=forid%3a9&ie=utf-8&q=acrobatAcroRd32.exe
http://www.google.com/cse?q=acrobat%20reader&client=google-coop&hl=en&r=s&cx=007779823686351122034%3AcroRd32.exe
http://www.google.com/jsaAcroRd32.exe
http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657AcroRd32.exe
http://www.google.com/uds/?file=ads&v=3&packages=search&asyncAcroRd32.exe
http://www.google.com/uds/?file=search&vAcroRd32.exe
http://www.google.com/uds/api/ads/3.0/727076703967082c2c700dd75598e13c/search.i.AcroRd32.exe
http://www.google.com/uds/api/ads/3.0/727076703967082c2c700dd75598e13c/search.in.AcroRd32.exe
http://www.google.com/uds/api/search/1.0/80172cf7a55bd7af40ed212a27aba261/defaultAcroRd32.exe
http://www.google.com/uds/gwebsearch?callback=google.search.websearch.rawcompletion&rsz=filtered_cseAcroRd32.exe
http://www.google.com/uds/stats?r0=afs_render&u_his=2&u_tz=-480&dt=1322772175029&u_w=792&u_h=660&bs=AcroRd32.exe
http://www.google.com/url?q=http://www.oldapps.com/adobe_reader.php&sa=u&ei=y-vxtq2lc8e78gph9nxjdq&vAcroRd32.exe
http://www.googleadservices.com/pagead/p3p.xmlAcroRd32.exe
http://www.msn.coAcroRd32.exe
http://www.oldapps.com/adobe_reader.pAcroRd32.exe
http://www.oldapps.com/adobe_reader.php?app=9940256ca2663d6cd21f6704b564c5AcroRd32.exe
http://www.oldapps.com/adobe_reader.php?old_adobe=AcroRd32.exe
http://www.oldapps.com/adobe_reader.php?old_adobe=17?downloAcroRd32.exe
http://www.oldapps.com/favicon.iAcroRd32.exe
http://www.w3.org/1999/xhtAcroRd32.exe
http://www.w3.org/1999/xhtmlAcroRd32.exe
http://www.xfa.org/schema/xci/1.AcroRd32.exe
http://www.xfa.org/schema/xfa-data/1AcroRd32.exe
http://www.xfa.org/schema/xfa-data/1.AcroRd32.exe
http://www.xfa.org/schema/xfa-data/1.0/AcroRd32.exe
http://www.xfa.org/schema/xfa-template/2.AcroRd32.exe
http://www.xfa.org/schema/xfa-template/2.5AcroRd32.exe
http://wwwimages.adobe.com/uber/js/omniture_s_code.AcroRd32.exe
http://wwwimages.adobe.com/ubi/template/identity/adobe/screen/sitefooter/close.pAcroRd32.exe
http://wwwimages.adobe.com/ubi/template/identity/adobe/screen/sitefooter/region_black.pAcroRd32.exe
http://wwwimages.adobe.com/ubi/template/identity/adobe/screen/sitefooter/region_blue.pAcroRd32.exe
http://wwwimages.adobe.com/ubi/template/identity/adobe/screen/sitefooter/tile_fat_8bit.pAcroRd32.exe
http://wwwimages.adobe.com/ubi/template/identity/adobe/screen/siteheader/arrow_dark.pAcroRd32.exe
http://wwwimages.adobe.com/ubi/template/identity/adobe/screen/siteheader/cart_dark.pAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/images/shared/download_buttons/get_flash_player.gAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/lib/com.adobe/module/productselector/gvascript.AcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/lib/com.adobe/module/searchbuddy.AcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/lib/com.adobe/template/search/buddy/screen.cAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/lib/com.adobe/urlparser.AcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/carousel/noscript.cAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/globalnav.AcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/modal.AcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/print.cAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/screen.cAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/screen/common.cAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/screen/data.cAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/screen/gfooter.cAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/screen/gfooter_override.cAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/screen/gnav.cAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/screen/icon.cAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/screen/icon/search.gAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/screen/layout.cAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/screen/list.menu.cAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/screen/sitefooter/evidon.pAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/screen/sitefooter/icon_acrobat.AcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/screen/sitefooter/icon_creativeAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/screen/sitefooter/icon_digipub.AcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/screen/sitefooter/icon_flashserAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/screen/sitefooter/icon_mobile.pAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/screen/sitefooter/icon_omnitureAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/screen/sitefooter/icon_photoshoAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/screen/siteheader/icon_search_mAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/screen/siteheader/info.pAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/screen/siteheader/logo.pAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/screen/siteheader/search.pAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/screen/siteheader/sh_divider.pAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/screen/star.cAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/adobe/screen/wcms.cAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/lib/prototype.AcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/lib/sifr3-r419/flash/myriad-semi-boldAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/lib/sifr3-r419/js/source/sifr.AcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/lib/style-nurse.AcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/lib/swfobject.AcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/lib/swfobject.addon.AcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/product.cs4/screen.css?whiAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/product.cs4/screen/gfooter_override.cAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/product.cs4/screen/gnav_override.cAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/product.cs4/screen/no-pocket.css?whiAcroRd32.exe
http://wwwimages.adobe.com/www.adobe.com/ubi/template/identity/product.cs4/xnav/noscript.cAcroRd32.exe
https://apis.google.com/js/plusone.AcroRd32.exe
https://googleads.g.doubleclick.net/pagead/drt/si?p=caa&ut=afakxlqaaaaattfuxi4tmhrc-kjskin8shs2ap-vnAcroRd32.exe
https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xmlAcroRd32.exe
https://idisk.mac.coAcroRd32.exe
https://ocsp.verisign.coAcroRd32.exe
https://plus.google.com/_/apps-static/_/js/widget/gcm_ppbAcroRd32.exe
https://plus.google.com/_/apps-static/_/js/widget/googleapis_clientAcroRd32.exe
https://plusone.google.com/_/apps-static/_/js/plusone/p1bAcroRd32.exe
https://plusone.google.com/_/apps-static/_/ss/plusone/ver=27trch45rjpg/am=AcroRd32.exe
https://ssl.gstatic.com/s2/oz/images/stars/po/publisher/sprite.pAcroRd32.exe
https://www.adobeereg.com/https://www.winsoft.fr/registration/registration1.jsp?pageid=regmp1adobeAcroRd32.exe
https://www.verisign.com/rpAcroRd32.exe
https://www.verisign.com/rpaAcroRd32.exe
Bank names
String valueSource
e of saved files or print spool files may be large.Maintains simpler vector objects, but rasterizes more complex areas involving transparency. Ideal for artwork with only a few transparent objects. Some printers may yield rough transitions between bordering vector and raster objects and make hairlines appear thicker. Appropriate for low-memory systems.Maintains most objects as vector data, but rasterizes very complex transparent regions. Generally the best setting for printing and exporting most pages. With some printers, improves transition issues between bordering vector and raster objects.Maintains most of the page content as vectors, rasterizing only extremely complex areas. Produces high quality output that is generally resolution-independent. Higher occurrences of transparent regions will increase processing time. With some printers improves transition issues between bordering vector and raster objects.The entire page is printed or exported as vector data, to the greatest extent possible. This produces the highest quality resolution-independent output. Processing of complex pages may be very time and memory intensiveSelect an ICC Profile that describes the target output device. If 'Printer/PostScript Color Management' is selected, convert any ICC profiles to PostScript CSAs, and color will be managed in the printer RIP. If 'Same as Source (No Color Management)' is selected, embedded profiles are ignored, and only device values are sent.Emit this plate by converting it to one or more process colors.Emit this plateDon't emit this plateDouble-click on the plate entry to launch the Ink Manager.HorizontalVerticalHorizontal and VerticalPreparing Printing Flattening Multiple FilesCompositeAs ImageSimplexDuplex Flip Long EdgeDuplex Flip Short EdgeThe current setup requires a printer capable of printing both sides. The selected printer may not support it. Do you still want to continue printing?PreserveConvertConvert to AlternateMap to %SPOTNAMEDecalibrateDevice RGB: Device CMYK: Device Gray: Calibrated RGB: Calib equals www.regions.com (Regions Bank)AcroRd32.exe
ove invalid lin&ksRemove unreferenced &named destinationsOptimize the PDF for fast web v&iewDiscard Objects SettingsDiscard all &form submission, import and reset actionsF&latten form fieldsDiscard all &JavaScript actionsDiscard all e&xternal cross referencesDiscard all alternate ima&gesDiscard do&cument tagsDiscard embedded page &thumbnailsDiscard p&rivate data of other applicationsDiscard &hidden layer content and flatten visible layersDetect an&d merge image fragmentsCon&vert smooth lines to curvesDiscard embedded pri&nt settingsDiscard boo&kmarksDiscard embedded search &indexDiscard user related informationDiscard all co&mments, forms and multimediaDiscard document &information and metadataDiscard all &object dataDiscard &file attachmentsDiscard e&xternal cross referencesDiscard &hidden layer content and flatten visible layersDiscard p&rivate data of other applicationsTransparency SettingsFlattens transparent regions in the pageConversion WarningsAdd Header and Footer&Saved Settings:Sa&ve Settings...Save current settings as:&Delete&Left:&Right:&Top:&Bottom:&Page Number Format:&Date Format:Left Header TextCenter Header TextRight Header TextLeft Footer TextCenter Footer TextRight Footer Text&All Pages&Pages from:Save SettingsLine Separator:Line Width: Pa&ge Range Options...Page Range OptionsPage Nu&mber and Date Format...Page Number and Date FormatAppearance Options&Appearance Options...Text Background Color:&InsertIns&ertRe&moveIns&ert Date&Insert Page Number&PreviewPage &Range&Subset:All Pagesfrom:t&o:FontFo&ntSi&ze:&Align:Na&me:St&yle:Mar&gins (inches)Te&xt:S&tart Page Number:Repla&ce existing headers and footers on these pages&Shrink document to avoid overwriting the document's text and graphics&Keep position and size of header/footer text constant when printing on different page sizesBIUCPreviewPrevie&w Pageof %nBates Numbering Options&Number of Digits:&Start Number:&Prefix:&Suffix:Create LinkCreate Link from SelectionLink Appearance&Page:1234567890&Zoom:File:&Address:Link Action&Go to a page viewOpen equals www.regions.com (Regions Bank)AcroRd32.exe
Social media names
String valueSource
Don't show againSave a Blank Copy of this FormData typed into this form will not be saved. Adobe Reader can only save a blank copy of this form.Save a Blank CopyPlease print your completed form if you would like a copy for your records.The document you are saving is a blank copy of your form. This blank copy does not contain any information you may have typed into the form.CancelOKContinueEmail a Blank Copy of this FormThe email method you just chose will email a blank copy of this form. The blank copy will not contain any data you may have typed into this form.Email a Blank CopyThis form contains an email submit button, located on the form. Clicking this email submit button will email a data file containing data you type into this form.blankcopySelect Email ClientPlease indicate the option which best describes how you send mail.Desktop Email ApplicationChoose this option if you currently use an email application such as Microsoft Outlook Express, Microsoft Outlook, Eudora, or Mail.Internet EmailChoose this option if you currently use an Internet email service such as Yahoo or Microsoft Hotmail.OtherChoose this option if your preferred desktop email application is not available or you do not know which option to choose.PrintHelpNon-interactive for commentingSave for commentingSave a non-interactive copy of the form for commentin equals www.hotmail.com (Hotmail)AcroRd32.exe
Don't show againSave a Blank Copy of this FormData typed into this form will not be saved. Adobe Reader can only save a blank copy of this form.Save a Blank CopyPlease print your completed form if you would like a copy for your records.The document you are saving is a blank copy of your form. This blank copy does not contain any information you may have typed into the form.CancelOKContinueEmail a Blank Copy of this FormThe email method you just chose will email a blank copy of this form. The blank copy will not contain any data you may have typed into this form.Email a Blank CopyThis form contains an email submit button, located on the form. Clicking this email submit button will email a data file containing data you type into this form.blankcopySelect Email ClientPlease indicate the option which best describes how you send mail.Desktop Email ApplicationChoose this option if you currently use an email application such as Microsoft Outlook Express, Microsoft Outlook, Eudora, or Mail.Internet EmailChoose this option if you currently use an Internet email service such as Yahoo or Microsoft Hotmail.OtherChoose this option if your preferred desktop email application is not available or you do not know which option to choose.PrintHelpNon-interactive for commentingSave for commentingSave a non-interactive copy of the form for commentin equals www.yahoo.com (Yahoo)AcroRd32.exe
http://cdn.api.twitter.com/1/urls/count.json?url=http%3A%2F%2Fwww.oldapps.com%2F&callback=twttr.receiveCou equals www.twitter.com (Twitter)AcroRd32.exe
http://connect.facebook.net/en_US/all. equals www.facebook.com (Facebook)AcroRd32.exe
http://platform.twitter.com/js/xd/jsonrpc. equals www.twitter.com (Twitter)AcroRd32.exe
http://platform.twitter.com/js/xd/parent. equals www.twitter.com (Twitter)AcroRd32.exe
http://platform.twitter.com/widgets. equals www.twitter.com (Twitter)AcroRd32.exe
http://platform.twitter.com/widgets/hub.ht equals www.twitter.com (Twitter)AcroRd32.exe
http://platform.twitter.com/widgets/images/tweet.dfbf1dd98bad9f5b5addd80494650dca.p equals www.twitter.com (Twitter)AcroRd32.exe
http://platform.twitter.com/widgets/tweet_button.ht equals www.twitter.com (Twitter)AcroRd32.exe
VM Artifacts
String valueSource
\??\C:\WINDOWS\system32\VBoxService.eAcroRd32.exe
\??\C:\WINDOWS\system32\VBoxTray.eAcroRd32.exe
RadioavSearchPushButtonavSearchCommentsPushButtonavSearchAttachmentsPushButtonavSearchSpecifiedAttachmentsPushButtonavSearchAndRedactPushButtonavSearchingForavLookingForavSearchingInavLookingInavSearchBrowseCaptionavDoneSearchavNewBasicSearchavSearchResultsavSearchFIXMEavSearchSearchingavSearchSearchingPageavSearchFinishedavSearchFinishedLookingavSearchFinishedInavSearchFinishedLookingInavSearchSearchTermAndLocationavSearchHitsAndDocumentsavSearchDocsavSearchInstancesavSearchElipsesavSearchCollapseFilePathsavSearchReturnResultsavSearchLookInavSearchAdditionalCriteriaavSearchOnInternetavSearchOnInternetVenderNameavSearchAdvancedavSearchRefineavNewSearchavSearchAcrossavSearchUseBasicavSearchBeginNewavSearchCurrentPDFDocumentsavSearchEditIndexOfPDFDocumentsavSearchIndexOfPDFDocumentsavSearchMatchWholeWordsavSearchCaseSensitiveavSearchBookmarksavSearchCommentsavSearchAttachmentsavHowPreciseavSearchTheInternetavRefineSearchWhatavSortByavRelevanceRankingavDateModifiedavFilenameavLocationavSortNoneavProximityavStemmingavSearchNoteavSearchSearchAcrossavSearchDependingavSearchOnlyPDFsavSearchExactWordavSearchAllWordsavSearchAnyWordsavSearchBooleanQueryavMCNoneSelectedavMCCreationDateavMCModificationDateavMCAuthoravMCTitleavMCSubjectavMCFileNameavMCKeywordsavMCCommentsavMCBookmarksavMCImagesavMCDocXMPavMCObjectDataavMCAttachmentsavCOEqualsavCOContainsavCONotEqualavCOLessThanavCOGreaterThanavCOIsNotavSearchArrangeWindowsavSearchArrangeWindowsToolTipavSearchArrangeWindowLeftavSearchArrangeWindowRightavSearchAndRedactCandidatesavSearchAndRedactCheckAllavSearchAndRedactUncheckAllavSearchAndRedactWarningavConfirmPasteavPasteButtonavReplaceButtonavBuiltInavMacRomanavMacExpertavWindowsavStandardavCustomavType1avMMavType3avTrueTypeavType0avCIDType0avCIDType2avUnknownavEmbeddedavEmbeddedOTavSubsetavSubsetOTavTypeavEncodingavSubstituteUnknownavSubstituteavSubstituteTypeavAppleMenuavSpecialCharactersMenuItemavNewBlankDocumentavDocManSubMenuavCheckOutMenuItemavCheckInMenuItemavUndoCheckOutMenuItemavApproveMenuItemavPublishMenuItemavRejectMenuItemavApplicationRightsMenuItemavSaveACopyMenuItemavQuitReaderMenuItemavPrintBadFromavPrintBadToavPrintInvalidRangeavPrintEmptyRangeavRedactSelectedTextMenuItemavRedactUndoavRedactRedoavCopySelectedGraphicMenuItemavSelectAllTextMenuItemavDeselectAllTextMenuItemavPrintSelectionMenuItemavGetInfoImageavImageInfoavConfirmCreateImageCatalogavAGMComDocResavAGMComPageResavAGMStmDocFontavAGMStmDocResavAGMDLCSAavAGMDLCRDavAGMDLGradavAGMStmImageavAGMStmOPIavAGMPRSepavAGMDLSepavAGMStmDocPSavAGMDocEPIavAGMPageEPIavAGMPCavAGMPPIavAGMPImageProgressavEmptyPageRangeavPrintDevIndependentavPrintSettingavPrintPanelDefSettingsavPrintPanelPSavPrintPanelTransparencyavPrintPanelTransparencyAmpavPrintPanelColoravPrintPanelMarksBleedsavPrintPanelLayersavFlatPresetsMenuItemavGeneralPrefsMenuItemHelpavFixedZoomMenuItemavFullScreenMenuItemWindowMenuavProofSetupMenuavProofCustomMenuItemavProofInkBlackMenuItemavProofPaperWhiteMenuItemavProofColorsMenuItemavOverprintPreviewMenuItemavPDFAPolicySubMenuavPDFAPolicyNeveravPDFAPolicyAlwaysavPDFAPolicyWhenCompliantavOpenLinkInNewWindowavFunctionKeyPaletteMenuItemavAdvancedMenuavPrintProductionSubMenuavDocumentProcessingSubMenuavLookUpDefinitionMenuItemavLookUpWordMenuItem2avTileMonitorsMenuItemavCantLoadResourceavServicesMenuItemavHideAcrobatMenuItemavHideReaderMenuItemavHideOthersMenuItemavShowAllMenuItemavMinimizeMenuItemavMinimizeAllMenuItemavZoomWindowMenuItemavBringAllToFrontMenuItemavReadingSplitavSpreadsheetSplitavRemoveSplitavHideThisButtonavShowToolbarsMenuItemHelpavHideToolbarsMenuItemavHideToolbarsMenuItemHelpavHideToolbarsWarningavShowHideToolbarButtonTipavZoomToolsContextMenuavPropertyToolbarMenuItemHelpavPropertyBarDefaultLabelavTaskButtonsSubMenuavTasksHomeTitleavTasksCreatePDFTitleavTasksCombineFilesTitleavTasksSearchTitleavTasksEngineeringTitleavTasksOutputTitleavTasksExportTitleavShowHowToMenuItemavHideHowToMenuItemavShowAllTaskButtonsMenuItemavHowToMoreTopicsTitleavTasksDockLeftavTasksDockRightavDockCloseMenuItemavTasksShowAtStartupavTasksShowAtStartupMenuItemavDefaultAAcroRd32.exe

Network Behavior

TCP Packets
TimestampSource PortDest PortSource IPDest IP
Nov 16, 2012 15:19:05.650413036 CET5689753192.168.0.13195.186.1.121
Nov 16, 2012 15:19:06.506470919 CET5356897195.186.1.121192.168.0.13
UDP Packets
TimestampSource PortDest PortSource IPDest IP
Nov 16, 2012 15:19:05.650413036 CET5689753192.168.0.13195.186.1.121
Nov 16, 2012 15:19:06.506470919 CET5356897195.186.1.121192.168.0.13
DNS Queries
TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
Nov 16, 2012 15:19:05.650413036 CET192.168.0.13195.186.1.1210xcd37Standard query (0)vr.kalba.netA (IP address)IN (0x0001)
DNS Answers
TimestampSource IPDest IPTrans IDReplay CodeNameCNameAddressTypeClass
Nov 16, 2012 15:19:06.506470919 CET195.186.1.121192.168.0.130xcd37Name error (3)vr.kalba.netnonenoneA (IP address)IN (0x0001)

Code Manipulation Behavior

System Behavior

Analysis Process: AcroRd32.exe PID: 1768 Parent PID: 532

General
Start time:10:12:45
Start date:24/01/2012
Path:C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
Wow64 process (32bit):false
Commandline:unknown
Imagebase:0x400000
File size:341616 bytes
MD5 hash:80660C611B596FFE8AF4074B31AA6FB7

Chronological Activities

Disassembly

Shellcode Analysis

Function 02F90000, API count: 0, instr count: 2133
Function 02F9000A, API count: 0, instr count: 32
Function 02F9000E, API count: 0, instr count: 17
Function 02F9003F, API count: 0, instr count: 38
Function 02F900AE, API count: 0, instr count: 11
Function 02F900BC, API count: 0, instr count: 5
Function 02F900C7, API count: 3, instr count: 59
APIs
  • LoadLibraryA.KERNEL32, ref: 02F900D2
  • URLDownloadToFileA.URLMON, ref: 02F90139
  • TerminateThread.KERNEL32, ref: 02F90166
Strings
AddressValue
2f90186http://vr.kalba.net/d.php?f=f7d19&e=4

Code Analysis

Analysis Process: AcroRd32.exe PID: 1768 Parent PID: 532

Executed Functions
Non-executed Functions