» reader_sl.exe
Overview
Analysis
File Details
Behaviors (1)

reader_sl.exe

Adobe Acrobat

Adobe Systems Incorporated

The executable reader_sl.exe, “Adobe Acrobat SpeedLauncher” has been detected as malware by 33 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Adobe Reader Speed Launcher’. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.

File name:

reader_sl.exe

Publisher:

Adobe Systems Incorporated

Product:

Adobe Acrobat

Description:

Adobe Acrobat SpeedLauncher

Version:

9.2.0.124

MD5:

c3948e4fa336b27e748f3144f83f07fa

SHA-1:

d84ec148cc4ea68728689df23d000478d85ffdd7

SHA-256:

ef48d24fa810c7b28818c3bedb9ddc5676204627748d09f7902dd5edbedf3a9c

Scanner detections:

33 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/26/2024 12:02:26 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.4

865

Avira AntiVirus

TR/Patched.Gen

7.11.30.172

avast!

Win32:Sector

140908-2

AVG

Win32/Sality

2014.0.4015

Baidu Antivirus

Virus.Win32.Sality.$Emu

4.0.3.14922

Bitdefender

Win32.Sality.4

1.0.20.1325

Bkav FE

W32.Sality.PE

1.3.0.4959

Comodo Security

Virus.Win32.Sality.Gen

19585

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

14.09.22

ESET NOD32

Win32/Sality.NDR virus

7.0.302.0

F-Prot

W32/Virut.AI!Generic

4.6.5.141

F-Secure

Win32.Sality.4

11.2014-22-09_2

G Data

Win32.Sality

14.9.24

IKARUS anti.virus

Trojan-Dropper.Win32.Decay

t3scan.1.7.8.0

K7 AntiVirus

Virus

13.183.13451

Kaspersky

Virus.Win32.Sality

15.0.0.494

McAfee

W32/Sality.gen.z

5600.6999

Microsoft Security Essentials

Threat.Undefined

1.185.769.0

MicroWorld eScan

Win32.Sality.4

15.0.0.795

NANO AntiVirus

Virus.Win32.Virut-Gen.bwpxnc

0.28.2.62286

Norman

Sality.ZHB

11.20140922

nProtect

Win32.Sality.4

14.09.22.01

Panda Antivirus

W32/Sality.AA

14.09.22.02

Qihoo 360 Security

Malware.QVM19.Gen

1.0.0.1015

Quick Heal

W32.Sality.V

9.14.14.00

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.14920

Sophos

Mal/Behav-321

4.98

Total Defense

Win32/Sality.AA

37.0.11194

Trend Micro House Call

PE_SALITY.RS

7.2.265

Trend Micro

PE_SALITY.RS

10.465.22

Vba32 AntiVirus

Malware-Cryptor.General.3

3.12.26.3

VIPRE Antivirus

Threat.4819585

33120

File size:

118.9 KB (121,712 bytes)

Product version:

9.2.0.124

Original file name:

AcroSpeedLaunch.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\adobe\reader 9.0\reader\reader_sl.exe

File PE Metadata

Compilation timestamp:

10/3/2009 2:38:32 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

3072:pzmauE8UOhWmHHmZ0wJc8wn6pwn0Klv/Ytt8:pzmrMOhm0wNU6pwn0KV/YA

Entry address:

0x3E34

Entry point:

C6, C3, E0, 33, F7, 42, 51, FF, CF, 5D, 88, FB, F7, C2, 09, B9, D7, AA, E8, DD, 00, 00, 00, F6, D3, 2A, D3, 2D, 74, A3, E1, 24, F7, C0, 02, 0A, 73, 0F, F7, C1, 7F, 48, 39, 95, 21, E8, 0F, BE, C4, 8D, 05, 8A, C7, 02, E3, BA, A4, 54, 00, 00, 80, C0, 1F, 81, F2, 80, 16, 00, 00, 09, C0, 81, EA, 5E, 00, 00, 00, 30, DC, 8B, DA, 86, F0, 81, C3, 2A, 8A, 00, 00, 84, F4, 8D, 15, 35, E1, 08, D0, 8D, 05, 80, 05, 70, 5F, 86, E4, 8A, C7, BA, B0, 32, 00, 00, F7, C2, D6, A7, 9B, 99, 81, F2, 1F, 37, 00, 00, 25, 34, 6C, 91... 
[+]

Entropy:

7.6750

Code size:

14 KB (14,336 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Adobe Reader Speed Launcher

Command:

"C:\Program Files\adobe\reader 9.0\reader\reader_sl.exe"

Remove reader_sl.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.