Windows Analysis Report
pdfprosuite.exe.zip

ID:	1540378
Product:	CloudBasic
Start time:	17:53:03
Start date:	23.10.2024
Sample:	pdfprosuite.exe.zip
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	8311446f4d49f353a699b04243a06d66
SHA1:	34d3b4930ea2b34587e9ded7057a48f5999fb7f9
SHA256:	1c6db95c0ace1d561fd0088c5f3a59846a90e711cae948c9ae57be9b0ef01f0e
Filetype:	ZIP compressed archive (8000/1) 100.00%

Name	Type	MD5	SHA1	SHA256

System Summary

Source: classification engine

Classification label: clean0.winZIP@3/0@0/0

Source: C:\Users\user\Desktop\pdfprosuite.exe\pdfprosuite.exe

File created: C:\Users\user\.node_repl_history

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6400:120:WilError_03

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\Desktop\pdfprosuite.exe\pdfprosuite.exe "C:\Users\user\Desktop\pdfprosuite.exe\pdfprosuite.exe"
Source: C:\Users\user\Desktop\pdfprosuite.exe\pdfprosuite.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Users\user\Desktop\pdfprosuite.exe\pdfprosuite.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\Desktop\pdfprosuite.exe\pdfprosuite.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\pdfprosuite.exe\pdfprosuite.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\pdfprosuite.exe\pdfprosuite.exe	Section loaded: winmm.dll
Source: C:\Users\user\Desktop\pdfprosuite.exe\pdfprosuite.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\pdfprosuite.exe\pdfprosuite.exe	Section loaded: powrprof.dll
Source: C:\Users\user\Desktop\pdfprosuite.exe\pdfprosuite.exe	Section loaded: umpdc.dll
Source: C:\Users\user\Desktop\pdfprosuite.exe\pdfprosuite.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\pdfprosuite.exe\pdfprosuite.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Desktop\pdfprosuite.exe\pdfprosuite.exe	Section loaded: kernel.appcore.dll

Source: pdfprosuite.exe.zip

Static file information: File size 26479845 > 1048576

Hooking and other Techniques for Hiding and Protection

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\pdfprosuite.exe\pdfprosuite.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Language, Device and Operating System Detection

Source: C:\Users\user\Desktop\pdfprosuite.exe\pdfprosuite.exe

Queries volume information: C:\Users\user\.node_repl_history VolumeInformation