» adobe reader.exe
Overview
Analysis
File Details

adobe reader.exe

install mgr

POPELER SYSTEM, S.L.

The setup program uses the Firseria/Solimba AppInstaller (DownloadMR) which is a monetization download manager that bundles additional adware offers, typically by wrapping legitimate applications. The application adobe reader.exe by POPELER SYSTEM, S.L has been detected as adware by 26 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.

File name:

adobe reader.exe

Publisher:

popeler·sl (signed by POPELER SYSTEM, S.L.)

Product:

install mgr

Description:

Installer

Version:

3.1.16.4

MD5:

613ae7b7ad962ecad41c76f263631432

SHA-1:

98789dc490598665e2bd548541bcb98335761b18

SHA-256:

680bf093c372c9301eaf29a1a71c2b48533bbb9992a1bcd50d622ffbed0394a8

Scanner detections:

26 / 68

Status:

Adware

Explanation:

Uses the Solimba installer to bundle adware offers.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

1/14/2025 11:34:27 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.Kazy.132995

826

Agnitum Outpost

PUA.Firseria

7.1.1

AhnLab V3 Security

PUP/Win32.FirseriaInstaller

2014.08.06

Avira AntiVirus

APPL/Firseria.Gen

7.11.165.100

avast!

Win32:Solimba-S [PUP]

2014.9-141031

AVG

Adware BundleApp_r

2015.0.3304

Baidu Antivirus

Adware.Win32.FirseriaInstaller

4.0.3.141031

Bitdefender

Gen:Variant.Application.Bundler.Kazy.132995

1.0.20.1520

Dr.Web

Adware.Downware.6300

9.0.1.0304

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.Kazy.132995

8.14.10.31.07

ESET NOD32

Win32/FirseriaInstaller.S potentially unwanted application

8.7.0.302.0

Fortinet FortiGate

Riskware/Generic.AC.3413

10/31/2014

F-Prot

W32/A-a2151e6a

v6.4.7.1.166

F-Secure

Gen:Variant.Application.Bundler

11.2014-31-10_6

G Data

Win32.Application.Morstar

14.10.24

IKARUS anti.virus

AdWare.Win32.FirseriaInstaller

t3scan.1.6.1.0

K7 AntiVirus

Unwanted-Program

13.182.12959

MicroWorld eScan

Gen:Variant.Application.Bundler.Kazy.132995

15.0.0.912

NANO AntiVirus

Riskware.Win32.Fiseria.dcnyjg

0.28.2.61349

Panda Antivirus

Adware/Firseria

14.10.31.07

Quick Heal

Adware.Firseria.A5

10.14.14.00

Reason Heuristics

PUP.Installer.POPELERSYSTEMSL.M

14.10.31.19

Sophos

Solimba Installer

4.98

Vba32 AntiVirus

Downware.Morstar

3.12.26.3

VIPRE Antivirus

Threat.4895151

31208

Zillya! Antivirus

Adware.Fiseria.Win32.532

2.0.0.1917

File size:

501.5 KB (513,552 bytes)

Product version:

3.1.18

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Solimba DownloadMR

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\adobe reader.exe

Digital Signature

Signed by:

POPELER SYSTEM, S.L.

Authority:

Thawte, Inc.

Valid from:

8/28/2013 9:00:00 PM

Valid to:

8/29/2014 8:59:59 PM

Subject:

CN="POPELER SYSTEM, S.L.", OU=IT, O="POPELER SYSTEM, S.L.", L=Badalona, S=Barcelona, C=ES

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

58806C1A153885D4BFE2E3370340491F

File PE Metadata

Compilation timestamp:

7/21/2014 12:54:29 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:EPAxcZ3wriM6GtjfADIRLEMjPlz1NUp8Pbn5XAmEMCdz570ZGVwGlJhWhYB61fE0:EPR9ZM6GRfB/YizOuGHhWO7a3vWcHAo

Entry address:

0xE4C8

Entry point:

E8, 4E, 6E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 00, 71, 47, 00, 89, 0D, FC, 70, 47, 00, 89, 15, F8, 70, 47, 00, 89, 1D, F4, 70, 47, 00, 89, 35, F0, 70, 47, 00, 89, 3D, EC, 70, 47, 00, 66, 8C, 15, 18, 71, 47, 00, 66, 8C, 0D, 0C, 71, 47, 00, 66, 8C, 1D, E8, 70, 47, 00, 66, 8C, 05, E4, 70, 47, 00, 66, 8C, 25, E0, 70, 47, 00, 66, 8C, 2D, DC, 70, 47, 00, 9C, 8F, 05, 10, 71, 47, 00, 8B, 45, 00, A3, 04, 71, 47, 00, 8B, 45, 04, A3, 08, 71, 47, 00, 8D, 45, 08, A3, 14, 71, 47... 
[+]

Code size:

117.5 KB (120,320 bytes)

Remove adobe reader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.