home

adobeflash.exe

Adobe Acrobat Reader DC

The executable adobeflash.exe, “Adobe Acrobat Reader DC ” has been detected as malware by 31 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler named adobeflash triggered to execute each time a user logs in. The file has been seen being downloaded from downloadwww32.adrive.com.
Publisher:
Adobe Systems Incorporated*  (Invalid match)

Product:
Adobe Acrobat Reader DC

Description:
Adobe Acrobat Reader DC

Version:
15.9.20077.160923

MD5:
4237cb2af49b18c061140ba971a185b4

SHA-1:
c17cc01aa1a4dd9020a2aaf5366326c4fd2d4534

SHA-256:
79662b515a362cfbe6a9cd639776b8aecd3cf8f6c191d9f4e4a85a2d5470362b

Scanner detections:
31 / 68

Status:
Malware

Analysis date:
5/3/2024 1:42:43 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2928104
384

Agnitum Outpost
Backdoor.Androm
7.1.1

AhnLab V3 Security
Win-Trojan/FCN.140610
2016.01.17

Avira AntiVirus
TR/Dropper.MSIL.32501
8.3.2.4

Arcabit
Trojan.Generic.D2CADE8
1.0.0.642

avast!
Win32:Malware-gen
2014.9-160117

AVG
MSIL9
2017.0.2862

Baidu Antivirus
Trojan.MSIL.Injector
4.0.3.16117

Bitdefender
Trojan.GenericKD.2928104
1.0.20.85

Comodo Security
UnclassifiedMalware
23978

Dr.Web
Trojan.DownLoader18.13144
9.0.1.017

Emsisoft Anti-Malware
Trojan.GenericKD.2928104
8.16.01.17.02

ESET NOD32
MSIL/Injector.MZV (variant)
10.12880

Fortinet FortiGate
MSIL/Injector.MYT!tr
1/17/2016

F-Secure
Trojan.GenericKD.2928104
11.2016-17-01_1

G Data
Trojan.GenericKD.2928104
16.1.25

IKARUS anti.virus
Trojan.MSIL.Injector
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.18450

Kaspersky
Backdoor.Win32.Androm
14.0.0.804

McAfee
RDN/Generic BackDoor
5600.6518

Microsoft Security Essentials
VirTool:MSIL/Injector.IH
1.1.12400.0

MicroWorld eScan
Trojan.GenericKD.2928104
17.0.0.51

NANO AntiVirus
Trojan.Win32.DownLoader18.dzhlyr
1.0.14.5380

nProtect
Trojan.GenericKD.2928104
16.01.15.02

Panda Antivirus
Trj/CI.A
16.01.17.02

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1077

Quick Heal
TrojanPWS.ZBot
1.16.14.00

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R00XC0ELL15
10.465.17

VIPRE Antivirus
Trojan.Win32.Generic
46558

Zillya! Antivirus
Backdoor.Androm.Win32.31246
2.0.0.2615

File size:
528 KB (540,672 bytes)

Product version:
15.9.20077.160923

Copyright:
Copyright 1984-2015 Adobe Systems Incorporated and its licensors. All rights reserved.

Original file name:
AcroRd32.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\680624\adobeflash.exe

File PE Metadata
Compilation timestamp:
12/15/2015 8:20:39 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:BIHKgdsFYznK7RtvEWkc5YtjACPysCtM1990k6w00SLiEXgnQiKo4+Y:BIHKgEYznKdtvEWkyupxZ00SLicCy

Entry address:
0x58615

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.0789

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
348 KB (356,352 bytes)

Scheduled Task
Task name:
adobeflash

Trigger:
Logon (Runs on logon)


The file adobeflash.exe has been seen being distributed by the following URL.

https://downloadwww32.adrive.com/public/.../K9Yeu6.html

Remove adobeflash.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.