home

adobe-reader-x.exe

NextRadioTV

The application adobe-reader-x.exe by NextRadioTV has been detected as adware by 9 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from cdnus.ironcdn.com.
Publisher:
NextRadioTV  (signed and verified)

MD5:
20d5589057cff8357de0e2872ef68034

SHA-1:
2b19de0b6652bd0d37ec998fbee9afa3c21aca08

SHA-256:
d614dddb501cc9f8b6965eab1d6c043884a3b3f2e1e4580fba0dab0d96fd4ede

Scanner detections:
9 / 68

Status:
Adware

Explanation:
The installer is a co-bundle distribution utility that might contain adware or various unwanted programs. While the software it is providing is typically clean, the donwload manager offers could be classified as unwanted.

Analysis date:
12/4/2024 7:23:41 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Adware/Win32.InstallCore
2012.12.20

Avira AntiVirus
ADWARE/InstallCore.Gen
7.11.54.110

Dr.Web
Adware.InstallCore.80
9.0.1.0225

ESET NOD32
Win32/InstallCore.AZ (variant)
9.7818

F-Prot
W32/InstallCore.W.gen
v6.4.7.1.166

herdProtect (fuzzy)
variant of haihaisoft-pdf-reader.exe (Adware)
2015.9.25.9

Malwarebytes
PUP.Optional.InstallCore
v2015.08.13.01

Reason Heuristics
PUP.installCore.NextRadioTV (M)
15.8.13.13

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.15811

File size:
1.1 MB (1,199,496 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\adobe-reader-x.exe

Digital Signature
Signed by:
NextRadioTV

Authority:
COMODO CA Limited

Valid from:
8/6/2012 2:00:00 AM

Valid to:
8/7/2013 1:59:59 AM

Subject:
CN=NextRadioTV, O=NextRadioTV, STREET=12 rue d Oradour sur Glane, L=Paris, S=IDF, PostalCode=75015, C=FR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F6B0E6D7739316BE77DBC3CE3EF38235

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:PfUvMbHrpoNFDSVqu9nIEwWfgddaAbyOUntlqZF:PfUvW1bwenIEwWfCHyOU3A

Entry address:
0xD5A90

Entry point:
55, 8B, EC, 83, C4, F0, B8, BC, A1, 40, 00, E8, C1, E0, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
866 KB (886,784 bytes)

The file adobe-reader-x.exe has been seen being distributed by the following URL.

http://cdnus.ironcdn.com/.../Adobe-Reader-X.exe

Remove adobe-reader-x.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.