» adobe reader.exe
Overview
Analysis
File Details

adobe reader.exe

Trusted Download llc

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application adobe reader.exe by Trusted Download llc has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Softpulse SoftwareBundler installer. It is also typically executed from the user's temporary directory.

File name:

adobe reader.exe

Publisher:

Trusted Download llc (signed and verified)

MD5:

418f5f93c16cf99ab41b97de1b5b0995

SHA-1:

b769ed38455568ac8ca551ad7775eb36c291c3b7

SHA-256:

9adafb35a2faf7b471e8e98aeefecd2af085f4213979a72116ba8d12de32dbaf

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/15/2024 6:04:35 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Softpulse (M)

17.3.9.4

File size:

586 KB (600,104 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Softpulse SoftwareBundler

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\adobe reader.exe

Digital Signature

Signed by:

Trusted Download llc

Authority:

Symantec Corporation

Valid from:

12/22/2015 7:00:00 AM

Valid to:

1/21/1917 6:59:59 AM

Subject:

CN=Trusted Download llc, O=Trusted Download llc, L=Wilmington, S=Delaware, C=US

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

656B40553E7A76EE193F67DC6F5AB6E2

File PE Metadata

Compilation timestamp:

3/23/2016 12:09:42 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

Entry address:

0x1A23CF

Entry point:

60, E8, 00, 00, 00, 00, 58, 05, 5A, 0B, 00, 00, 8B, 30, 03, F0, 2B, C0, 8B, FE, 66, AD, C1, E0, 0C, 8B, C8, 50, AD, 2B, C8, 03, F1, 8B, C8, 57, 51, 49, 8A, 44, 39, 06, 88, 04, 31, 75, F6, 2B, C0, AC, 8B, C8, 80, E1, F0, 24, 0F, C1, E1, 0C, 8A, E8, AC, 0B, C8, 51, 02, CD, BD, 00, FD, FF, FF, D3, E5, 59, 58, 8B, DC, 8D, A4, 6C, 90, F1, FF, FF, 51, 2B, C9, 51, 51, 8B, CC, 51, 66, 8B, 17, C1, E2, 0C, 52, 57, 83, C1, 04, 51, 50, 83, C1, 04, 56, 51, E8, 5E, 00, 00, 00, 8B, E3, 5E, 5A, 2B, C0, 89, 04, 32, B4, 10... 
[+]

Entropy:

7.8788

Packer / compiler:

ASPack v1.08.04

Code size:

1.1 MB (1,104,384 bytes)

Remove adobe reader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.