» AdobeARM.exe
Overview
Analysis
File Details
Behaviors (1)

AdobeARM.exe

Adobe Reader and Acrobat Manager

Adobe Systems, Incorporated

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Adobe ARM’.

File name:

AdobeARM.exe

Publisher:

Adobe Systems Incorporated (signed by Adobe Systems, Incorporated)

Product:

Adobe Reader and Acrobat Manager

Version:

1.801.10.4720

MD5:

9a1d63bee2601480ec3afb8440b73653

SHA-1:

7bd0d85c34b1767f24984746a1cd9a51d7cc3952

SHA-256:

63ea338018656f9ffdadca22f431737e2ce5dc0408ba96b72e9f5677dd8b0c79

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 4:12:34 AM UTC (today)

File size:

997.2 KB (1,021,128 bytes)

Product version:

1.801.10.4720

Original file name:

AdobeARM.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\common files\adobe\arm\1.0\adobearm.exe

Digital Signature

Signed by:

Adobe Systems, Incorporated

Authority:

Symantec Corporation

Valid from:

7/30/2013 7:00:00 AM

Valid to:

7/26/2015 6:59:59 AM

Subject:

CN="Adobe Systems, Incorporated", OU=AcrobatXI, O="Adobe Systems, Incorporated", L=San Jose, S=California, C=US, SERIALNUMBER=2748129, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:

CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

75FB51C8768EF6927BF41DA1A234A1D9

File PE Metadata

Compilation timestamp:

11/21/2014 1:03:56 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:/dzFuqW7mmusNTu9An4SrnDPgM7yCNtON0eFd:/dzFuqUmS8SfyCN4+eFd

Entry address:

0x4514D

Entry point:

E8, 95, 7A, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, 50, 7D, 49, 00, 75, 02, F3, C3, E9, 17, 7B, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, 6F, 2D, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, F7, 21, 00, 00, 83, C4, 14, 8B, C6, EB, 45, 39, 7D, 10, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, B0, 08, 00, 00, 83, C4, 0C, EB, C1, FF, 75, 0C, 57, FF, 75, 08, E8, CF, 0D, 00, 00, 83, C4, 0C, 39, 7D, 10, 74, B6, 39, 75, 0C, 73... 
[+]

Code size:

388 KB (397,312 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Adobe ARM

Command:

"C:\Program Files\common files\adobe\arm\1.0\adobearm.exe"

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.