» adobe.exe
Overview
Analysis
File Details
Behaviors (1)

adobe.exe

{D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

The executable adobe.exe has been detected as malware by 28 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Adobe’.

File name:

adobe.exe

Publisher:

{D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7} (signed and verified)

MD5:

dad61d8db8c5db1569c7f54951dd5ef6

SHA-1:

032b1f1b138aa6c2a7ae9a7685c2d5e57cf73737

SHA-256:

e4641d3a53b9b56a52106e80b70ed2265c1320e011e8e5e10dc1814b61cb0531

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

4/26/2024 6:51:30 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1776880

645

Agnitum Outpost

Trojan.Bublik

7.1.1

Avira AntiVirus

TR/Dropper.MSIL.Gen

3.6.1.96

avast!

Win32:Malware-gen

2014.9-150501

AVG

MSIL3

2016.0.3123

Baidu Antivirus

Trojan.MSIL.Injector

4.0.3.1551

Bitdefender

Trojan.GenericKD.1776880

1.0.20.605

Comodo Security

UnclassifiedMalware

21832

Dr.Web

BackDoor.Comet.884

9.0.1.0121

Emsisoft Anti-Malware

Trojan.GenericKD.1776880

8.15.05.01.02

ESET NOD32

MSIL/Injector.DXW (variant)

9.11503

Fortinet FortiGate

W32/Bublik.B!tr

5/1/2015

F-Secure

Trojan.GenericKD.1776880

11.2015-01-05_6

G Data

Trojan.GenericKD.1776880

15.5.25

IKARUS anti.virus

Trojan.MSIL.Injector

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.202.15646

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.2110

McAfee

Artemis!DAD61D8DB8C5

5600.6779

MicroWorld eScan

Trojan.GenericKD.1776880

16.0.0.363

NANO AntiVirus

Trojan.Win32.Comet.dbibcl

0.30.16.1110

Norman

Troj_Generic.VBVAF

11.20150501

nProtect

Trojan.GenericKD.1776880

15.04.17.01

Panda Antivirus

Generic Malware

15.05.01.02

Qihoo 360 Security

HEUR/Malware.QVM03.Gen

1.0.0.1015

Quick Heal

Trojan.Bublik.r3

5.15.14.00

Sophos

Mal/Cleaman-B

4.98

Vba32 AntiVirus

Trojan.Bublik

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

39516

File size:

454 KB (464,928 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\adobe.exe

Digital Signature

Signed by:

{D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

Authority:

{D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

Valid from:

4/29/2014 6:09:56 PM

Valid to:

4/30/2015 12:09:56 AM

Subject:

CN={D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

Issuer:

CN={D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

Serial number:

1E6CC65BB239DD99402691D1631F5B0C

File PE Metadata

Compilation timestamp:

5/28/2014 6:05:51 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:pBSBPdW5uJaI6CiQzwd5DE3ddh6b9KbGU+9FBD3Qn7:pBS9diI6Ci8bo1fN3Qn7

Entry address:

0x6255E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

385.5 KB (394,752 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Adobe

Command:

C:\users\{user}\appdata\roaming\adobe\adobe.exe

Remove adobe.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.