{
	"id": "a8eb202c-a1eb-42e4-b6cb-dad7e367715d",
	"created_at": "2026-04-06T00:15:41.77409Z",
	"updated_at": "2026-04-10T03:20:56.255972Z",
	"deleted_at": null,
	"sha1_hash": "b28eb4ff03c5e860b3f1a392fb6de1b2f69b7c84",
	"title": "Developer tools, technical documentation and coding examples",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 55575,
	"plain_text": "Developer tools, technical documentation and coding examples\r\nBy wibjorn\r\nArchived: 2026-04-05 21:52:27 UTC\r\nMalware signed with the Adobe code signing certificate\r\nMalware signed with the Adobe code signing certificate\r\n msft-mmpc\r\n87,678 Points 4 3 2\r\nFirst Forums Reply Blog Party Starter Blog Conversation Starter\r\n3 Oct 2012 7:29 PM\r\nComments 0\r\nLikes\r\nLast week, Adobe released an advisory (APSA12-01) announcing the upcoming revocation of an Adobe code\r\nsigning certificate as it was compromised and used to sign at least two malicious utilities. They identified a\r\ncompromised build server that required access to the code signing infrastructure and have forensic evidence that\r\nlinks it to the signing of these malicious utilities. They have confirmed that the private key was not compromised\r\nand this build server was used to sign the malicious utilities using the standard protocol used for valid Adobe\r\nsoftware.\r\nAs a member of the Microsoft Active Protections Program (MAPP), the MMPC and other members received\r\ninformation about this compromise and immediately deployed protection for our customers – Win32/Adbposer.\r\nOne of the primary goals of this attack is to evade antivirus and other security products as most of them have a\r\nfeature/optimization to trust binaries signed by trusted certificates. The MMPC removed the compromised\r\ncertificate from our trusted certificate list right away. For your protection please ensure that your virus definition\r\nversion is greater than 1.137.689.0.\r\nThe malicious utilities include a tool used to dump passwords and a malicious ISAPI filter. Following are the\r\ndetails of the samples:\r\nPwDump7.exe\r\nSHA1: c615a284e5f3f41cf829bbb939f2503b39349c8d\r\nSignature timestamp: Thursday, July 26, 2012 8:44:40 PM PDT (GMT -7:00)\r\nDetected as PWS:Win32/Adbposer.A\r\nhttps://web.archive.org/web/20140804175025/http:/blogs.technet.com/b/mmpc/archive/2012/10/03/malware-signed-with-the-adobe-code-signing-certificate.aspx\r\nPage 1 of 3\n\nlibeay.dll\r\nSHA1: 934543f9ecc28ebefbd202c8e98833c36831ea75\r\nSignature timestamp: Thursday, July 26, 2012 8:44:13 PM PDT (GMT -7:00)\r\nDetected as PWS:Win32/Adbposer.A.dll\r\nmyGeeksmail.dll\r\nSHA1: fecb579abfbc74f7ded61169214349d203a34378\r\nSignature timestamp: Wednesday, July 25, 2012 8:48:59 PM (GMT -7:00)\r\nDetected as Trojan:Win32/Adbposer.B\r\nAdobe has revoked the certificate today for all software code signed after July 10, 2012 and are also in the process\r\nof issuing updates signed using a new digital certificate for all affected products.\r\nWe have been tracking this issue very closely and the telemetry shows that this issue is not prevalent and is being\r\nused in highly targeted attacks only. We will continue to monitor for new malware leveraging this issue.\r\nTanmay Ganacharya\r\nMMPC\r\nComments\r\nMicrosoft technical documentation\r\nThe home for Microsoft documentation and learning for developers and technology professionals.\r\nIndex\r\nProduct Directory\r\nIndex\r\nProduct Directory\r\nFeatured\r\nMicrosoft Learn\r\nWhether you're just starting or an experienced professional, our hands-on approach helps you arrive at your goals\r\nfaster, with more confidence and at your own pace.\r\nExplore a topic in-depth through guided paths or learn how to accomplish a specific task through\r\nindividual modules.\r\nBrowse all learning options\r\nJump-start your career and demonstrate your achievements through industry-recognized Microsoft\r\ncertifications.\r\nhttps://web.archive.org/web/20140804175025/http:/blogs.technet.com/b/mmpc/archive/2012/10/03/malware-signed-with-the-adobe-code-signing-certificate.aspx\r\nPage 2 of 3\n\nExplore Certifications\r\nView streaming technical content about Microsoft products from the experts that build and use it every day.\r\nStart watching now\r\nRecommended Resources\r\nStartups\r\nStronger together: Calling Social Entrepreneurs around the globe with COVID-19 solutions.\r\nStudents\r\nPut professional developer tools and software in the hands of students.\r\nLearn events\r\nVideo content by developers and technical enthusiasts devoted to including you in the conversation.\r\nInterested in the latest announcements and updates to Microsoft Docs? Check out the team blog\r\nSource: https://web.archive.org/web/20140804175025/http:/blogs.technet.com/b/mmpc/archive/2012/10/03/malware-signed-with-the-adobe-co\r\nde-signing-certificate.aspx\r\nhttps://web.archive.org/web/20140804175025/http:/blogs.technet.com/b/mmpc/archive/2012/10/03/malware-signed-with-the-adobe-code-signing-certificate.aspx\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://web.archive.org/web/20140804175025/http:/blogs.technet.com/b/mmpc/archive/2012/10/03/malware-signed-with-the-adobe-code-signing-certificate.aspx"
	],
	"report_names": [
		"malware-signed-with-the-adobe-code-signing-certificate.aspx"
	],
	"threat_actors": [],
	"ts_created_at": 1775434541,
	"ts_updated_at": 1775791256,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b28eb4ff03c5e860b3f1a392fb6de1b2f69b7c84.pdf",
		"text": "https://archive.orkl.eu/b28eb4ff03c5e860b3f1a392fb6de1b2f69b7c84.txt",
		"img": "https://archive.orkl.eu/b28eb4ff03c5e860b3f1a392fb6de1b2f69b7c84.jpg"
	}
}