home

AcroRd32.exe

Adobe Reader

Adobe Systems, Incorporated

It runs as a scheduled task under the Windows Task Scheduler. This is installed with Adobe Acrobat XI Pro. The file has been seen being downloaded from mail.aol.com and multiple other hosts.
Publisher:
Adobe Systems Incorporated  (signed by Adobe Systems, Incorporated)

Product:
Adobe Reader

Description:
Adobe Reader

Version:
11.0.04.63

MD5:
66cba380c78a1d1649e9b6cc41763b02

SHA-1:
f400a9255b6e4bfbf7479e526f6d02831d1dc7f8

SHA-256:
b7bb07f7d7a3065ee9dbcc24aa8777297a7ca0a6b3765373280e2f2bce62301c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 4:44:56 PM UTC  (today)

File size:
1.3 MB (1,411,448 bytes)

Product version:
11.0.04.63

Copyright:
Copyright 1984-2012 Adobe Systems Incorporated and its licensors. All rights reserved.

Original file name:
AcroRd32.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\adobe\reader 11.0\reader\acrord32.exe

Digital Signature
Signed by:
Adobe Systems, Incorporated

Authority:
Symantec Corporation

Valid from:
7/29/2013 7:00:00 PM

Valid to:
7/25/2014 6:59:59 PM

Subject:
CN="Adobe Systems, Incorporated", OU=Acrobat XI, O="Adobe Systems, Incorporated", L=San Jose, S=California, C=US, SERIALNUMBER=2748129, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
68ADD7AFFC72183C31865ACD3CB2D70C

File PE Metadata
Compilation timestamp:
9/5/2013 8:36:01 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:nfSkX7aDZJDfLi348shV8QEEf2cwToINuxxnJs834O8b8ITDnlBJHl7:6kX7atlBKQEEf2/PuDnJs834O8b8ITDL

Entry address:
0x1039

Entry point:
E8, FB, 01, 00, 00, E9, BA, 69, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 6A, FE, 68, E0, 37, 52, 00, 68, F0, C7, 40, 00, 64, A1, 00, 00, 00, 00, 50, 83, EC, 5C, A1, F8, 29, 53, 00, 31, 45, F8, 33, C5, 89, 45, E4, 53, 56, 57, 50, 8D, 45, F0, 64, A3, 00, 00, 00, 00, 89, 65, E8, 8B, 5D, 08, 8B, 45, 0C, 89, 45, A4, 8B, 75, 14, 8B, 4D, 18, 89, 4D, A0, BF, 22, 00, 00, C0, 89, 7D, AC, 85, F6, 74, 21, 8B, 46, 08, 85, C0, 74, 1A, 8B, 48, 04, 85, C9, 74, 13, 66, 83, 38, 08, 72, 0D, 51...
 
[+]

Entropy:
6.3498

Code size:
960.5 KB (983,552 bytes)

Scheduled Task
Task name:
{C86E1E1B-0893-4C8E-AD4E-DFEE33FF42CB}

Trigger:
Registration (Runs on registration)


The file AcroRd32.exe has been discovered within the following programs.

Adobe Acrobat XI Pro  by Adobe Systems Incorporated
Adobe Acrobat is a set of application software to view, create, manipulate, print and manage files in Portable Document Format (PDF). Acrobat and Reader are widely used as a method of presenting information with a fixed layout similar to a paper publication.
www.adobe.com
6% remove it
Adobe Acrobat XI Standard  by Adobe Systems Incorporated
Publisher's description - “Whether you need to create, edit, or sign PDF documents, you can do it easier with Adobe® Acrobat® XI Standard — the solution that makes PDFs work harder so you don't have to.”
4% remove it
Adobe Reader XI  by Adobe Systems Incorporated
Adobe Acrobat and Adobe Reader XI are a set of applications designed to view, create, manipulate, print and manage files in Portable Document Format (PDF). Acrobat and Reader are widely used as a method of presenting information with a fixed layout similar to a paper publication.
3% remove it
Adobe Reader XI (11.0.03)  by Adobe Systems Incorporated
Publisher's description - “Adobe Reader lets you read and print from any system any document created as an Adobe Portable Document Format (PDF) file, with its original appearance preserved.”
9% remove it
Adobe Reader XI (11.0.04)  by Adobe Systems Incorporated
Publisher's description - “Adobe Reader software is the free trusted standard for reliably viewing, printing, and annotating PDF documents. It’s the only PDF file viewer that can open and interact with all types of PDF content, including forms and multimedia.”
10% remove it
Extended Asian Language font pack for Adobe Reader XI  by Adobe Systems Incorporated
Publisher's description - “Adobe Reader XI Font Pack enables you to display and interact with documents authored in languages other than those supported in your native Adobe Reader. It is needed to correctly display a document when an author does not embed the appropriate font into the document.”
3% remove it
 
Powered by Should I Remove It?

The file AcroRd32.exe has been seen being distributed by the following 10 URLs.

https://mail.aol.com/.../getPart?uid=32018041&partId=2&scope=STANDARD&saveAs=AcroRd32.exe

https://doc-10-as-docs.googleusercontent.com/docs/securesc/qig8sbc6pue1fd4nq981sg3fv6hc9106/okqfsug7svtdg611gpocrcptgi7sirsa/1436637600000/.../07708109256098940192/0BxJ6j2HXAH6bM0tlRmFWekZmYzg?e=download

https://app.chartrequest.com/authorizations/.../document

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-drPYpv_7NSdsdPBxvCQBCIW341dAc-RnQc81mTqK4q_lwxZjEhYEEjXcv8K6FVw2GH4nkLovJSeSm65J69qU1w/messages/@.id==AGNUimIAArWfVxcRMgTp0ON-t60/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=38b52fcb-6efb-4651-01fe-240016010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBb0Sz7eq_Ql-NF2eEOKbTtk_tmbZU_QP6bd5QzJLzvu9w&error=https://au-mg5.mail.yahoo.com/.../iframemsg?id=ec6d0e97-5d8b-2f88-df3b-ea4c0b182fa3

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_1_682749_AL5K2kIAAHWzVmuQmQPr6A18jAc&fid=Inbox&pid=3&clean=0&appid=YahooMailNeo&ymreqid=c2e2c2ca-02f1-a9e3-010e-f00040010000

https://mail.google.com/mail/ca/u/.../?ui=2&ik=e76d373110&view=att&th=1432002f42807ee2&attid=0.1&disp=safe&realattid=f_hpjv12gg0&zw

http://us-mg6.mail.yahoo.com/.../download?mid=2_0_0_3_2394_AB13k0UAABOMUjvMsvC9wL LL7Q&fid=Draft&pid=2&clean=0&appid=YahooMailNeo

https://mail-attachment.googleusercontent.com/.../?ui=2&ik=de5cf7bc1d&view=att&th=142379eb252bc538&attid=0.1&disp=safe&realattid=f_hnrdu2cu0&zw&saduie=AG9B_P_xmWJXdFB8p7rBTPV-Yydb&sadet=1383912640213&sads=9vWpvkv-u3NSE8aJzI9LHolMI18&sadssc=1

https://mail-attachment.googleusercontent.com/.../?ui=2&ik=de5cf7bc1d&view=att&th=142379eb252bc538&attid=0.1&disp=safe&realattid=f_hnrdu2cu0&zw&saduie=AG9B_P_xmWJXdFB8p7rBTPV-Yydb&sadet=1383912640213&sads=9vWpvkv-u3NSE8aJzI9LHolMI18

https://mail.ntlworld.com/.../?ui=2&ik=de5cf7bc1d&view=att&th=142379eb252bc538&attid=0.1&disp=safe&realattid=f_hnrdu2cu0&zw

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.