adobe-reader-xi-11.0.10.exe

Application

Bibado Investments, S.L.

The application adobe-reader-xi-11.0.10.exe, “Application Setup ” by Bibado Investments, S.L has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Bibado Downloader installer. With this installer, users are expecting to download Adobe's free Reader but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
web   (signed by Bibado Investments, S.L.)

Product:
Application

Description:
Application Setup

Version:
2.7.4.6

MD5:
9e0611acd8bc9a67071bc8165c6d5d57

SHA-1:
e3f356278d914159b9a1fc92c88c3ee6b93c36fa

SHA-256:
8de8cf099411724c62e5afa6cd14e9ce8adff486b0a90b59675881f5f8688786

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
1/14/2025 9:05:45 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Bibado.BibadoInvestments.Bundler (M)
16.2.11.21

File size:
992.1 KB (1,015,880 bytes)

Product version:
4.2.1

Copyright:
Internet

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Bibado Downloader (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\adobe-reader-xi-11.0.10.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
1/12/2016 7:27:03 PM

Valid to:
4/2/2017 3:02:01 PM

Subject:
CN="Bibado Investments, S.L.", O="Bibado Investments, S.L.", L=Alcorcon, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121212301396FAE08B19C17F8D9578163C9

File PE Metadata
Compilation timestamp:
6/20/1992 3:52:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:BA2IK6wP1B2S23/pcjqN56HmqUBHXWH8wrtqQCjzCw:BFpdP/2NRcmN5muuqQCyw

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9210

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file adobe-reader-xi-11.0.10.exe has been seen being distributed by the following URL.

Remove adobe-reader-xi-11.0.10.exe - Powered by Reason Core Security