clientmonitor.exe

Adobe Acrobat Reader DC

KeyFinder LTD

The executable clientmonitor.exe has been detected as malware by 7 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.
Publisher:
Adobe Systems Incorporated  (signed by KeyFinder LTD)

Product:
Adobe Acrobat Reader DC

Version:
4.12.7

MD5:
7fafb28603f1ece82d3ef58cd05a6ee5

SHA-1:
382e11f64356f2b5f3d09da3688b3d877683335b

SHA-256:
42a6d5806550168047ba5f25bfa96e72e3bdfa6c85ce3a9a1b710e6f544418bb

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
12/25/2024 7:49:17 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
160518-2

Emsisoft Anti-Malware
Trojan.GenericKD.3242314
9.0.0.4157

ESET NOD32
MSIL/Injector.PGP trojan
8.0.319.0

F-Secure
Trojan.GenericKD.3242314
5.15.96

Kaspersky
Trojan.MSIL.Inject
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.223.515.0

Norman
Trojan.GenericKD.3242314
28.05.2016 15:32:18

File size:
873.5 KB (894,472 bytes)

Product version:
4.12.7

Copyright:
Copyright 1984-2016 Adobe Systems Incorporated and its licensors. All rights reserved.

Original file name:
1212122.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\clientmonitor.exe

Digital Signature
Signed by:

Authority:
Starfield Technologies, Inc.

Valid from:
2/26/2013 12:03:53 AM

Valid to:
4/26/2016 8:44:03 PM

Subject:
CN=KeyFinder LTD, O=KeyFinder LTD, L=Eastbourne, S="EAST SUSSEX ", C=GB

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B12EAD0A0A9F5

File PE Metadata
Compilation timestamp:
5/17/2016 7:22:00 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:5tYZ4J+UzLjFfy1dKGCpulVVQREc7Yu6iXcEyZpsbWvfNyNQLSUOAkQMYgFnb1tG:3YZ4HPjF6iGRQREoXXcZphHXGt1XuMvW

Entry address:
0xA7C4E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3706

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
664 KB (679,936 bytes)

Scheduled Task
Task name:
Antimalware Protection

Trigger:
Logon (Runs on logon)


Remove clientmonitor.exe - Powered by Reason Core Security