» reader_sl.exe
Overview
Analysis
File Details
Behaviors (1)

reader_sl.exe

The executable reader_sl.exe has been detected as malware by 11 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Adobe System Incorporated’.

File name:

reader_sl.exe

MD5:

552bc98a9125b0717234275c9fb7aac4

SHA-1:

798c2dff77e03a3c8526caad426833674d1b9476

SHA-256:

59a17e9ee655ab1a93116e2a87ae4edf1a8370a1194423140a2d45724d461d36

Scanner detections:

11 / 68

Status:

Malware

Analysis date:

4/18/2024 10:52:30 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Crypt.Xpack.42773

7.11.144.32

avast!

Win32:Malware-gen

2014.9-140418

Baidu Antivirus

Trojan.Win32.Kryptik

4.0.3.14418

ESET NOD32

Win32/Kryptik.CACR (variant)

8.9692

F-Prot

W32/Dorkbot.T.gen

v6.4.7.1.166

K7 AntiVirus

Trojan

13.176.11806

Kaspersky

Worm.Win32.Ngrbot

14.0.0.3999

Malwarebytes

Trojan.Agent.ED

v2014.04.18.03

McAfee

Artemis!552BC98A9125

5600.7157

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Trend Micro House Call

TROJ_GEN.F47V0417

7.2.108

File size:

184.5 KB (188,928 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\reader_sl.exe

File PE Metadata

Compilation timestamp:

4/17/2014 8:55:25 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:jKwmyQykwQ+SFlm2QtRJq+aX6UuAdwayOOO/KSRCwKqnYpLSC:jFmOs+vtRJckXO/TR5/nYZSC

Entry address:

0xF6F1

Entry point:

E8, 89, 18, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, 00, 7A, 41, 00, E8, 89, 16, 00, 00, 33, FF, 89, 7D, E4, 33, C0, 8B, 75, 0C, 3B, F7, 0F, 95, C0, 3B, C7, 75, 18, E8, 61, 1C, 00, 00, C7, 00, 16, 00, 00, 00, E8, 04, 1C, 00, 00, 83, C8, FF, E9, B4, 00, 00, 00, 56, E8, 96, 01, 00, 00, 59, 89, 7D, FC, F6, 46, 0C, 40, 75, 6F, 56, E8, 36, 1A, 00, 00, 59, 83, F8, FF, 74, 1B, 83, F8, FE, 74, 16, 8B, D0, C1, FA, 05, 8B, C8, 83, E1, 1F, C1, E1, 06, 03, 0C, 95, 80, BF, 41, 00, EB, 05, B9, 98, 92, 41, 00, F6, 41, 24... 
[+]

Entropy:

6.8360

Code size:

82.5 KB (84,480 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Adobe System Incorporated

Command:

C:\users\{user}\appdata\local\temp\{random}.tmp\reader_sl.exe

Remove reader_sl.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.