home

reader_sl.exe

Adobe Acrobat

Adobe Systems Incorporated

The executable reader_sl.exe, “Adobe Acrobat SpeedLauncher” has been detected as malware by 33 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Adobe Reader Speed Launcher’. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.
Publisher:
Adobe Systems Incorporated

Product:
Adobe Acrobat

Description:
Adobe Acrobat SpeedLauncher

Version:
9.0.0.2008061200

MD5:
dde90cd93403eafc44780e7bd073038d

SHA-1:
230aab68014af6868934c9f609ffaa5e5587513e

SHA-256:
112edade72c659d8929903e02ecd0aadcebf1a327a30d20dce81580c69b2a4a5

Scanner detections:
33 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/18/2024 4:14:19 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Sality.3
838

Agnitum Outpost
Win32.Sality.FA.Gen
7.1.1

AhnLab V3 Security
Win32/Kashu.E
2014.10.20

Avira AntiVirus
W32/Sality.AT
7.11.30.172

avast!
Win32:SaliCode
141003-0

AVG
Win32/Sality
2014.0.4040

Baidu Antivirus
Virus.Win32.Sality.$Emu
4.0.3.141019

Bitdefender
Win32.Sality.3
1.0.20.1460

Bkav FE
W32.Sality.PE
1.3.0.4959

Dr.Web
Win32.Sector.22
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
8.14.10.19.11

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
11.2014-19-10_1

G Data
Win32.Sality
14.10.24

IKARUS anti.virus
Virus.Win32.Sality
t3scan.1.7.8.0

K7 AntiVirus
Virus
13.184.13727

Kaspersky
Virus.Win32.Sality
15.0.0.494

McAfee
W32/Sality.gen.z
5600.6972

Microsoft Security Essentials
Threat.Undefined
1.185.3705.0

MicroWorld eScan
Win32.Sality.3
15.0.0.876

NANO AntiVirus
Virus.Win32.Sality.yusp
0.28.2.62671

Norman
Sality.ZHB
11.20141019

nProtect
Win32.Sality.3
14.10.19.01

Qihoo 360 Security
Malware.QVM19.Gen
1.0.0.1015

Quick Heal
W32.Sality.U
10.14.14.00

Sophos
Mal/Sality-D
4.98

Total Defense
Win32/Sality.AA
37.0.11237

Trend Micro House Call
PE_SALITY.ER
7.2.292

Trend Micro
PE_SALITY.ER
10.465.19

Vba32 AntiVirus
Virus.Win32.Sality.bakb
3.12.26.3

VIPRE Antivirus
Threat.4734158
33706

ViRobot
Win32.Sality.N
2011.4.7.4223

File size:
97.9 KB (100,208 bytes)

Product version:
9.0.0.2008061200

Copyright:
Copyright 1984-2008 Adobe Systems Incorporated and its licensors. All rights reserved.

Original file name:
AcroSpeedLaunch.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\adobe\reader 9.0\reader\reader_sl.exe

File PE Metadata
Compilation timestamp:
6/12/2008 11:37:53 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:qk0J0pXOeQIErTCnXl2FvTGlAyIZF4zyUl:qbkOeGrmkilQZF4zyq

Entry address:
0x3DA4

Entry point:
81, E1, 1F, 6E, E3, 0D, 8B, CB, C7, C3, 6B, 24, 82, EE, C7, C5, 85, 33, A0, 2B, 3B, DB, 74, 08, 81, D1, C1, A8, DA, 7F, 8B, D8, FF, CD, 8A, C6, 34, 19, BF, C9, 2A, FF, FF, 80, DB, C9, 81, F7, 41, B8, 03, 00, F6, D3, 8D, 17, 1C, 92, 81, C2, 78, 6D, 03, 00, 73, 05, B9, CF, 24, DE, B9, 33, D6, 88, F8, 81, F9, 12, 3E, 00, 00, 77, 08, 0F, AF, FD, BD, 47, 26, 6B, C4, 71, 0D, 0F, AF, FA, 4A, 81, C8, 51, 22, 6B, 23, 8B, F8, 46, 56, 81, FE, D2, A8, 00, 00, 78, 0D, 15, A8, 89, 99, 38, 0F, AF, C5, 88, E3, 0F, AF, C1...
 
[+]

Entropy:
7.6207

Code size:
13.5 KB (13,824 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Adobe Reader Speed Launcher

Command:
"C:\Program Files\adobe\reader 9.0\reader\reader_sl.exe"


Remove reader_sl.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.