Trojan-Downloader.Win32.Rakhni is a long-lived Trojan family that is still functioning to this day. The downloader is an executable file written in Delphi encrypted with a simple substitution cipher. After execution, the downloader displays a message box with an error text to explain to the victim why no PDF file opened. To hide the presence of the malicious software in the system the malware developer made their creation look like the products of Adobe Systems Incorporated. This is reflected in the icon, the name of the. executable file and the fake digital signature that uses the name.”]
Source: https://securelist.com/to-crypt-or-to-mine-that-is-the-question/86307/