home

AcroRd32.exe

Adobe Acrobat Reader DC

Adobe Systems, Incorporated

This is installed with multiple programs including Adobe Acrobat Reader DC - Russian and Adobe Acrobat Reader DC. The file has been seen being downloaded from bmail.uol.com.br and multiple other hosts.
Publisher:
Adobe Systems Incorporated  (signed by Adobe Systems, Incorporated)

Product:
Adobe Acrobat Reader DC

Description:
Adobe Acrobat Reader DC

Version:
15.7.20033.133275

MD5:
05db71a5890e14cf1a385685d5b87a21

SHA-1:
ea093831de887bdd07676d1b4c86e5a09f722e9f

SHA-256:
1323d50b8f6b5127a3ef6644b8b69e999c454c045a2d8ec476c4b6165df4ed03

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 12:36:59 AM UTC  (today)

File size:
1.7 MB (1,794,720 bytes)

Product version:
15.7.20033.133275

Copyright:
Copyright 1984-2015 Adobe Systems Incorporated and its licensors. All rights reserved.

Original file name:
AcroRd32.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\adobe\acrobat reader dc\reader\acrord32.exe

Digital Signature
Signed by:
Adobe Systems, Incorporated

Authority:
Symantec Corporation

Valid from:
7/29/2013 5:00:00 PM

Valid to:
7/25/2015 4:59:59 PM

Subject:
CN="Adobe Systems, Incorporated", OU=AcrobatXI, O="Adobe Systems, Incorporated", L=San Jose, S=California, C=US, SERIALNUMBER=2748129, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
75FB51C8768EF6927BF41DA1A234A1D9

File PE Metadata
Compilation timestamp:
3/17/2015 12:29:30 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:PtvbZ4+FOmtFTqFThO2LAR4O8b8ITDnlKH:PddpO2Tq5kH

Entry address:
0x12B7

Entry point:
E8, EE, 01, 00, 00, E9, 73, 90, 0D, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 6A, FE, 68, 48, C3, 53, 00, 68, 30, 9F, 4D, 00, 64, A1, 00, 00, 00, 00, 50, 83, EC, 5C, A1, 20, F6, 54, 00, 31, 45, F8, 33, C5, 89, 45, E4, 53, 56, 57, 50, 8D, 45, F0, 64, A3, 00, 00, 00, 00, 89, 65, E8, 8B, 4D, 08, 89, 4D, D4, 8B, 4D, 0C, 89, 4D, 98, 8B, 75, 14, 8B, 5D, 18, BF, 22, 00, 00, C0, 89, 7D, 9C, 85, F6, 74, 24, 8B, 46, 08, 85, C0, 74, 1D, 8B, 50, 04, 85, D2, 74, 16, 66, 83, 38, 08, 72...
 
[+]

Entropy:
6.2988

Code size:
1 MB (1,088,000 bytes)

The file AcroRd32.exe has been discovered within the following programs.

Adobe Acrobat DC  by Adobe Systems Incorporated
www.adobe.com
4% remove it
Adobe Acrobat Reader DC  by Adobe Systems Incorporated
10% remove it
Adobe Acrobat Reader DC - Italiano  by Adobe Systems Incorporated
4% remove it
Adobe Acrobat Reader DC - Polish  by Adobe Systems Incorporated
7% remove it
Adobe Acrobat Reader DC - Russian  by Adobe Systems Incorporated
5% remove it
Extended Asian Language font pack for Adobe Acrobat Reader DC  by Adobe Systems Incorporated
12% remove it
 
Powered by Should I Remove It?

The file AcroRd32.exe has been seen being distributed by the following 8 URLs.

http://bmail.uol.com.br/attachment?msg_id=MTIwMTA&ctype=AcroRd32.exe&disposition=attachment&folder=DRAFT

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-U8VWUH2PfLMJinGXVgFf-Fn7TqAx5LbwIEeAYFHO47fGDQfhwpU8zym4DPxADN0M16LosaTOfImUY1y0-2LjAQ/messages/@.id==AJB2imIAD2ECWAefCQRJqFjdg5U/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=c38be6c5-e6af-1d3c-011a-45004a010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBYzZnLkUF6OJ4p1YXsjCLEjxkT24kZSh32PoOWbP2bQ6OHkwjkTn57nhRydAekEk0QaVo2iytam4EeY4Pp4xKii&error=https://mg.mail.yahoo.com/.../iframemsg?id=51305af0-4e95-3fb5-db2a-4618f21bd8f1

http://newmail.012.net.il/uwc/webmail/.../AcroRd32.exe

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-FBHAYx9owpJxOYp8Pj5ARUGsJDv188xS3f8IRuFwJ-D4uBtTH_MpD4NYjUoZ0yzb/messages/@.id==AFK-imIAA-J2VyFyvg8LkGt884I/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=0216ea38-c8f0-c3a4-01db-250023010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBblOeiSJ5yWenCCfGCtU_MkDGVGQzbycySR0JrToCvLXg&error=https://br-mg5.mail.yahoo.com/.../iframemsg?id=70057274-1ba9-374c-b8b1-c9f477ef3bc1

https://mariasgasteiz-my.sharepoint.com/personal/7c1e1_mariasgasteizo365_educamos_com/.../AcroRd32.exe

http://cms.mu.edu.sa/.../CTSGetDoc

https://mail.fach.mil.cl/service/home/.../?auth=co&loc=es_ES&id=6067&part=2

http://zalacznik.wp.pl/0/.../AcroRd32.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.