Hi, a friend of mine (that isn't very tech-inclined) has an anti-virus software that flagged the hash value of Creative_Cloud_Set-Up.exe as malware, and as someone with an IT background they asked me to help figure it out. I took the hash from their file and checked it on VirusTotal but there was no information at all on it which was suspicious. I wasn't sure if they had a legitimate version of the setup file straight from Adobe so I figured I'd try installing it myself to see if the hashes line up. I downloaded Creative_Cloud_Set-Up.exe straight from Adobe (at this link: https://www.adobe.com/creativecloud/desktop-app.html) and I used CertUtil -hashfile <filepath of the file> MD5 to generate an MD5 hash to compare and my hash was different from theirs. However, my hash also wasn't in VirusTotal either, which I found very odd since my file came straight from the trusted source. I decided to try downloading the file again, once in a virtual machine running the same OS (Windows 10) and once on my same machine that I originally downloaded it on, used the same CertUtil command again, and found that all 3 copies of my Creative_Cloud_Set-Up.exe file had different hashes from each other and that my friend's hash was different as well
Why is the file hash of Creative_Cloud_Set-Up.exe changing every time it's installed? Each time, I checked the hash before ever opening the file so the file was never interacted with by me
I'll also add that each time, I would delete the file from my downloads folder so that I wasn't checking the hash of a copy of the file like Creative_Cloud_Set-Up.exe (1) for example
1
Reply
AdChoices