home

adobe_reader_setup.exe

Adobe Reader Installer

Downloadinfo

The Adlogica setup manager, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application adobe_reader_setup.exe, “Deploy Adobe Reader along with various offers” by Downloadinfo has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the Adlogica Downloader installer. This version of the installer will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension.
Publisher:
Downloadinfo  (signed and verified)

Product:
Adobe Reader Installer

Description:
Deploy Adobe Reader along with various offers

Version:
11

MD5:
98bbc3934bc14cc454bbfbfd3b29ec9f

SHA-1:
8329d1dea8e660bb1cd251c34f7bf729a6e69028

SHA-256:
d19f4e379c78ee613765e62d18aa05f55e453d867ad266bc7ee4dcd948077621

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Bundles the Mindspark (MyWebSearch/Ask) toolbar, a web browser extension that will modify a user's search and home pages.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/25/2024 10:52:47 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:PUP-gen [PUP]
2014.9-140524

AVG
Skodna.Generic
2015.0.3465

Dr.Web
Adware.Downware.2468
9.0.1.0144

ESET NOD32
Win32/Toolbar.MyWebSearch (variant)
8.9733

K7 AntiVirus
Unwanted-Program
13.176.11907

Malwarebytes
PUP.Optional.Downloadster
v2014.05.24.02

Reason Heuristics
PUP.Installer.Downloadinfo.S
14.8.7.17

Sophos
Ez Toolbar Downloader
4.98

File size:
1.3 MB (1,364,840 bytes)

Product version:
11

Copyright:
©DownloadInfo

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adlogica Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\adobe_reader_setup.exe

Digital Signature
Signed by:
Downloadinfo

Authority:
COMODO CA Limited

Valid from:
8/13/2013 8:00:00 PM

Valid to:
8/14/2015 7:59:59 PM

Subject:
CN=Downloadinfo, O=Downloadinfo, STREET=96 Jessie st 4th floor, L=SAN FRANCISCO, S=CA, PostalCode=94105, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0086FD7D8A08F1EAEB6084518153EB026C

File PE Metadata
Compilation timestamp:
9/16/2013 7:17:45 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:X9OSiCcFYIYdv+tDUwadbW5Q+mrR3e5xW/e+qeT8hSCWUD6/vkRTcLdl:NiSKmrR3Xe+WQY6/qTc/

Entry address:
0x110400

Entry point:
55, 8B, EC, 83, C4, F0, B8, A0, E9, 50, 00, E8, D4, 71, EF, FF, 8B, 0D, A0, A5, 51, 00, 8B, 09, B2, 01, A1, 38, 3E, 4C, 00, E8, D0, F2, F4, FF, 8B, 15, 94, A6, 51, 00, 89, 02, A1, A0, A5, 51, 00, 8B, 00, E8, D4, 8A, F5, FF, A1, A0, A5, 51, 00, 8B, 00, B2, 01, E8, 6E, A9, F5, FF, 8B, 0D, 78, A3, 51, 00, A1, A0, A5, 51, 00, 8B, 00, 8B, 15, F0, 1D, 50, 00, E8, C6, 8A, F5, FF, A1, A0, A5, 51, 00, 8B, 00, E8, F2, 8B, F5, FF, E8, 29, 4B, EF, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.6731

Developed / compiled with:
Microsoft Visual C++

Code size:
1.1 MB (1,111,552 bytes)

The file adobe_reader_setup.exe has been seen being distributed by the following 3 URLs.

http://downloader2.downloadinfo.co/download.php?id=91111e20905e0f6e2e36c367174b3b562ed6c307&z=2&p=eyJweSI6ImRpIiwicnMiOiJzYWZlIiwicnQiOiJzZWFyY2giLCJjIjoiaW4iLCJvIjoid2luOCIsImIiOiJjaDMyIiwidV9pZCI6ImRpXzUyZTM3ZjBjZjEzMDc1LjcyODgwNzAwIiwicGFfaWQiOiIyIiwic3RfaWQiOiIwIiwic3BfaWQiOiIwMDAwLTAwMDAiLCJ0cyI6MTM5MDY0MDkwOSwia3ciOiJhZG9iZSByZWFkZXJzIiwiY3UiOiJhZG9iZSByZWFkZXJzIiwiY2EiOm51bGx9

http://dls.downloadinfo.co/.../adobe_reader_setup.exe

http://downloader2.downloadinfo.co/download.php?id=91111e20905e0f6e2e36c367174b3b562ed6c307&z=2&p=eyJweSI6ImRpIiwicnMiOiJzYWZlIiwicnQiOiJzZWFyY2giLCJjIjoidXMiLCJvIjoid2luOCIsImIiOiJjaDMxIiwidV9pZCI6ImRpXzUyYTcwNzhiYmNhOWY4Ljg0NjU2MjgyIiwicGFfaWQiOiIyIiwic3RfaWQiOiIwIiwic3BfaWQiOiIwMDAwLTAwMDAiLCJ0cyI6MTM4NjY3ODE1NSwia3ciOiJhZG9iZXJlYWRlciIsImN1IjoiYWRvYmVyZWFkZXIiLCJjYSI6bnVsbH0=

Remove adobe_reader_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.