adobe_reader.exe

vid plaY

The application adobe_reader.exe by vid plaY has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from download.downloadease.net.
Publisher:
vid plaY  (signed and verified)

MD5:
b0fde0dd37fa4ec615c295fade9d6792

SHA-1:
e3718f0438fb0167e18e0ca5d669704a8df1c490

SHA-256:
072c98523688764c2ba1a24f37ade0590e534fcb10598477ee1079000b77e7ad

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/24/2024 5:37:01 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.04.20

AVG
Downloader
2016.0.3134

Dr.Web
Trojan.OutBrowse.334
9.0.1.05190

ESET NOD32
Win32/OutBrowse.BU potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/OutBrowse
4/19/2015

G Data
Win32.Application.Agent.AT4F3R
15.4.25

K7 AntiVirus
Adware
13.202.15641

McAfee
Trojan.Adware-OutBrowse.e
16.8.708.2

NANO AntiVirus
Trojan.Win32.OutBrowse.dpxqwg
0.30.16.1110

Norman
Suspicious_Gen4.IFSYO
11.20150419

Quick Heal
Adware.NSIS.OutBrowse.A
4.15.14.00

Reason Heuristics
Threat.Outbrowse.Installer.Outborwse
15.4.19.18

Sophos
Generic PUA NA
4.98

Trend Micro House Call
Suspici.304ED7F9
7.2.109

VIPRE Antivirus
Threat.5085447
39354

File size:
566.6 KB (580,240 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\adobe_reader.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
3/15/2015 8:00:00 PM

Valid to:
12/17/2015 6:59:59 PM

Subject:
CN=vid plaY, O=vid plaY, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
35A9C40292102727C460D1CD1111D5B0

File PE Metadata
Compilation timestamp:
12/5/2009 5:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:1B/qj+LrUGevdRS8q/lqyHRq0v554wPSxzE3TjjdNhTo:1B/q5bC8q/YyHJvSxzaTPdLT

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9408

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file adobe_reader.exe has been seen being distributed by the following URL.

Remove adobe_reader.exe - Powered by Reason Core Security