adobe_reader.exe

FASt download got

The application adobe_reader.exe by FASt download got has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from get.down1227group.info.
Publisher:
FASt download got  (signed and verified)

MD5:
116bba0268ffab3e555269987cf3b9c0

SHA-1:
d05727441c2e54d3095ec1c3ba0e9d79708a7f60

SHA-256:
404d34ac0ef920e43f49e4737caa2bcccf52c70fa483479a3c3c3b18b3a15e78

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/25/2024 6:27:09 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.04.17

Avira AntiVirus
ADWARE/Adware.Gen7
3.6.1.96

AVG
Downloader
2016.0.3137

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.OutBrowse.263
9.0.1.05190

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
7.0.302.0

McAfee
Adware-OutBrowse.e
5600.6793

Quick Heal
Adware.NSIS.OutBrowse.A
4.15.14.00

Reason Heuristics
Threat.Outbrowse.Installer
15.4.16.19

VIPRE Antivirus
Threat.5085447
38882

File size:
577.7 KB (591,544 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\adobe_reader.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
3/7/2015 7:00:00 PM

Valid to:
1/27/2016 6:59:59 PM

Subject:
CN=FASt download got, O=FASt download got, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6926AADF837998BE41687093EA536238

File PE Metadata
Compilation timestamp:
12/5/2009 5:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:gBOjLyAVydIZNSolPKFa02/x3+wj7xUK3rZaN:gBQLtydIZIPFa9xuwjtli

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9430

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file adobe_reader.exe has been seen being distributed by the following URL.

Remove adobe_reader.exe - Powered by Reason Core Security