I received multiple accounts of 'LoadLib' exploit prevented in Adobe Reader Alerts produced in Sophos Central. Not sure if it is a driver (hpvpldrv04.dll) issue that requires updating...?
2018-01-26T12:03:57.899Z [Alert] LoadLib, familyId=b78e9604-190b-4c06-b3f8-4f0a60c15f9a, PID 7988, C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
2018-01-26T12:03:57.899Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180126120357899-4.xml
2018-01-26T12:03:57.909Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\4b6f307b-630c-4d5b-b8dd-6235f7ab3f36.json
Mitigation LoadLib
Platform 6.1.7601/x86 v616 06_3c
PID 7988
Application C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
Description Adobe Reader 11.0.10
EIP 7086B4F8 (hpvpldrv04.dll)
Heap address 19CE0000
Length 512KB
19CE0000 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 MZ..............
19CE0010 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ........@.......
19CE0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
19CE0030 00 00 00 00 00 00 00 00 00 00 00 00 E0 00 00 00 ................
19CE0040 0E 1F BA 0E 00 B4 09 CD 21 B8 01 4C CD 21 54 68 ........!..L.!Th
19CE0050 69 73 20 70 72 6F 67 72 61 6D 20 63 61 6E 6E 6F is program canno
19CE0060 74 20 62 65 20 72 75 6E 20 69 6E 20 44 4F 53 20 t be run in DOS
19CE0070 6D 6F 64 65 2E 0D 0D 0A 24 00 00 00 00 00 00 00 mode....$.......
19CE0080 65 2B 59 E4 21 4A 37 B7 21 4A 37 B7 21 4A 37 B7 e+Y.!J7.!J7.!J7.
19CE0090 28 32 A2 B7 3E 4A 37 B7 28 32 B4 B7 44 4A 37 B7 (2..>J7.(2..DJ7.
19CE00A0 06 8C 4C B7 22 4A 37 B7 21 4A 36 B7 6A 4A 37 B7 ..L."J7.!J6.jJ7.
19CE00B0 28 32 B3 B7 FD 4A 37 B7 28 32 A5 B7 20 4A 37 B7 (2...J7.(2.. J7.
19CE00C0 28 32 A6 B7 20 4A 37 B7 52 69 63 68 21 4A 37 B7 (2.. J7.Rich!J7.
19CE00D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
19CE00E0 50 45 00 00 4C 01 04 00 46 B1 58 4B 00 00 00 00 PE..L...F.XK....
19CE00F0 00 00 00 00 E0 00 02 21 0B 01 09 00 00 2A 06 00 .......!.....*..
19CE0100 00 20 01 00 00 00 00 00 F0 6E 04 00 00 10 00 00 . .......n......
19CE0110 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 .@..............
19CE0120 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 ................
19CE0130 00 80 07 00 00 04 00 00 00 00 00 00 02 00 00 00 ................
19CE0140 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 ................
19CE0150 00 00 00 00 10 00 00 00 F0 BF 06 00 70 00 00 00 ............p...
19CE0160 54 BA 06 00 28 00 00 00 00 00 00 00 00 00 00 00 T...(...........
19CE0170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Process Trace
1 C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe [7988]
"C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe" "C:\Users\suldu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\EVRSRO7W\Final Draft v2 Dec17.pdf"
2 C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE [6520]
3 C:\Windows\explorer.exe [5756]
4 C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [5880]
C:\Windows\system32\userinit.exe
5 C:\Windows\System32\winlogon.exe [700]
winlogon.exe
This thread was automatically locked due to age.