» reader_sl.exe
Overview
Analysis
File Details
Behaviors (1)

reader_sl.exe

Adobe Acrobat

Adobe Systems Incorporated

The executable reader_sl.exe, “Adobe Acrobat SpeedLauncher” has been detected as malware by 13 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Adobe Reader Speed Launcher’. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.

File name:

reader_sl.exe

Publisher:

Adobe Systems Incorporated

Product:

Adobe Acrobat

Description:

Adobe Acrobat SpeedLauncher

Version:

9.0.0.2008061200

MD5:

a96750a132420b944d8c5c612f23698f

SHA-1:

b820ad860de13a6f5062b56beaf4462145fd2810

SHA-256:

e5a1969d6659f5632093303aeeca299a738915adb4241c8a32e70d605dbd8249

Scanner detections:

13 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/23/2024 4:31:42 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.3

5813571

avast!

Win32:Kukacka

160118-1

AVG

Win32/Sality

2015.0.4489

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

10.0.0.5366

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Prot

W32/Sality.E.gen

4.6.5.141

F-Secure

Win32.Sality.3

5.15.21

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.5053.0

Norman

Win32.Sality.3

03.12.2014 13:20:04

Sophos

Virus 'Mal/Sality-D'

5.22

VIPRE Antivirus

Threat.4721115

46830

File size:

101.9 KB (104,304 bytes)

Product version:

9.0.0.2008061200

Original file name:

AcroSpeedLaunch.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\adobe\reader 9.0\reader\reader_sl.exe

File PE Metadata

Compilation timestamp:

6/12/2008 3:07:53 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

3072:yk0JNXOeQbQbMyA5LRQX3IAJ8EJDEAxAqD:ybXOeS5LCE+QAKqD

Entry address:

0x3DA4

Entry point:

60, 18, D6, 0F, BC, ED, F6, C3, 23, 43, FE, C7, 23, D0, 81, F1, 86, 77, 1F, 63, 8A, CB, 0F, BB, FF, 39, FB, C6, C3, C6, 2B, C1, 0F, C1, FE, 8D, 2D, EF, C9, B1, 93, FF, CA, 84, E2, 42, 88, C0, 57, 68, A1, 83, AF, 00, 0F, AF, EB, 0F, AD, C2, 2A, C4, 11, FE, 49, C0, C6, 33, E8, B6, 00, 00, 00, 85, F0, 01, D9, 0F, AC, CB, 88, C1, FA, 2E, 84, EB, 81, C6, CA, 0F, 60, BB, 11, FD, 46, C0, D5, 6C, C7, C5, A7, 91, 22, 89, 0F, BC, EE, F6, D1, 0F, AC, D1, B9, 0F, AD, C1, 0F, B3, E9, F3, 0F, BC, FD, 0F, BA, EF, A2, 8D... 
[+]

Entropy:

7.6508

Code size:

13.5 KB (13,824 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Adobe Reader Speed Launcher

Command:

"C:\Program Files\adobe\reader 9.0\reader\reader_sl.exe"

Remove reader_sl.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.