» adobeafr.exe
Overview
Analysis
File Details
Behaviors (1)

adobeafr.exe

Project1

.

The executable adobeafr.exe has been detected as malware by 7 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘AdobeAFR’.

File name:

adobeafr.exe

Publisher:

Product:

Project1

Version:

1.00

MD5:

6469e52cb3c92a3305aba3c7866a5a7f

SHA-1:

2d8b747a67d4858d0ce1186fb99478c4bee4de4f

SHA-256:

73c32a0def787822a30c078ffa43da5a6dc8c4c5f7d1e215a466c58b6879a28a

Scanner detections:

7 / 68

Status:

Malware

Analysis date:

5/4/2024 4:11:27 PM UTC (today)

Scan engine

Detection

Engine version

Clam AntiVirus

Win.Trojan.Mepaow-10

0.98/23207

Dr.Web

Trojan.DownLoader5.4057

9.0.1.05190

ESET NOD32

Win32/VB.SCL trojan

6.3.12010.0

F-Prot

W32/VB.EX.gen

4.6.5.141

F-Secure

Variant.Symmi.3509

5.16.24

Kaspersky

Trojan.Win32.Mepaow

15.0.2.529

Microsoft Security Essentials

Backdoor:Win32/Blohi.A

1.237.1169.0

File size:

1.1 MB (1,163,578 bytes)

Product version:

1.00

Original file name:

Install.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\microsoft activesyncs\adobeafr.exe

File PE Metadata

Compilation timestamp:

3/17/2011 5:11:29 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x295C

Entry point:

68, 90, 2E, B9, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 20, 21, 22, 71, 12, C7, DE, 4F, AD, 10, 1A, 09, 62, 7D, 92, 76, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 2D, 43, 30, 30, 30, 2D, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, 30, 34, 36, 7D, 23, 32, 2E, 00, 00, 00, 00, FF, CC, 31, 00, 02, 41, FB, F8, 47, ED, 89, 8C, 4D, 8F, 20, DB, 6F, E6, 60, 90, E1, D8, 23, 19, 2B, A5, 65, 60, 48, 8C, 31, 22, B6, 10, 46, 18, 60, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Entropy:

6.4511

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

776 KB (794,624 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

AdobeAFR

Command:

C:\Program Files\microsoft activesyncs\adobeafr.exe

Remove adobeafr.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.