cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

"AcroRd32.dll" is mailcious?

practical_Coconut0214
New Here ,
Aug 11, 2025 Aug 11, 2025

Many anti-virus vendors detected this file as a malicious.

Please refer to below link :

https://www.virustotal.com/gui/file/57ae938b20bf8eb70b2464b6bb8c6b4230ab308e2aff9b270de9930d1454b07a

 

Is this really malicious file? or fales positive?

 

Thanks in advance

TOPICS
PDF , Standards and accessibility
366
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 11 Replies 11
latest latest Jump to latest reply
practical_Coconut0214
New Here ,
Aug 11, 2025 Aug 11, 2025

file location is C:\programdata\adobe\update\

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
creative explorer Community Expert
Community Expert ,
Aug 12, 2025 Aug 12, 2025

@practical_Coconut0214 honestly, I cannot definitively tell you if the file is malicious or a false! I don't want to click on it if it is! To get the most accurate information, please review the results on the VirusTotal page directly. The site provides a detailed breakdown of the file's detection ratio and the specific security vendors that flagged it, which can help you determine the nature of the file.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
practical_Coconut0214
New Here ,
Aug 12, 2025 Aug 12, 2025
In Response To creative explorer

Appreciate your reply!!

This URL is just linked with Virustotal scan result, there isn't any file download 🙂

According to them, 27vendors are flagged this file as malicious. but I'm not sure this is really the malware or just false positive.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
creative explorer Community Expert
Community Expert ,
Aug 12, 2025 Aug 12, 2025
In Response To practical_Coconut0214

@practical_Coconut0214 really? 27 vendors are flagged this file as malicious—what does that say? It's malicious! 

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
practical_Coconut0214
New Here ,
Aug 12, 2025 Aug 12, 2025
In Response To creative explorer

Yes, I agree, we can siimply determine that this is malicious.

But, alot of major AV vendors such as Symantec, Kaspersky, Paloalot...are not flagged this file as "Undetected".

That's why I posted this question, I'd like to know this file is normally mis-detected by AV engine or not.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Tariq Ahmad Adobe Employee
Adobe Employee ,
Aug 12, 2025 Aug 12, 2025
In Response To practical_Coconut0214

Hi @practical_Coconut0214

 

Thanks for reaching out, and sorry for the troubled experience. 

Before we look into this issue, would you please help us with the following information:

 

1. When did you install Reader on your machine?

2. Where did you download the Reader app from - which website or webpage, please give us the link. 

3. What is the current version of Reader installed on your machine?

4. Help us with the OS name and version. 

5. Name of the AV on your machine?

With that information, we can escalate to the engineering team if necessary.



Best regards,
Tariq | Adobe Community Team

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
practical_Coconut0214
New Here ,
Aug 12, 2025 Aug 12, 2025
In Response To Tariq Ahmad

Thank you for your attention.

I'm not sure when we downloaded it and where it came from.

We've found that acrord32.exe created following two files.

  - c:\programdata\log\setup.hlp
  - c:\programdata\log\log.hlp

And they are collecting the keystroke and program execution.

Is this expected behavior or not?

If not, this acrord32.exe file is modified & used by the hacker.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
S. S Adobe Employee
Adobe Employee ,
Aug 12, 2025 Aug 12, 2025
In Response To practical_Coconut0214

Hi @practical_Coconut0214,

 

++ adding to the comments by Tariq,

 

I have a question here, too: 

Is this a recent download on your machine? 

 

The executable file is for Acrobat 9, which has been EOL in 2013, and all links to the installers were archived. I was wondering how you'd get to one such package to install on your device.


Regards,
Souvik.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
practical_Coconut0214
New Here ,
Aug 12, 2025 Aug 12, 2025
In Response To S. S

Hi Souvik,

 

Thank you for your answer.

Actually this is not my laptop, one of my customers reported this to me last week.

I'd just like to know whether AcroRD32.exe file creates the files I mentioned above or not.

 

Thanks

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
S. S Adobe Employee
Adobe Employee ,
Aug 13, 2025 Aug 13, 2025
In Response To practical_Coconut0214

Hi @practical_Coconut0214,

 

Thanks for the response.

 

I am working on this with the concerned team, and I'll get back to you as soon as I have anything concrete to share.

 

Your kind understanding and patience is highly appreciated in this.

 

Regards,

Souvik

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Tariq Ahmad Adobe Employee
Adobe Employee ,
Aug 13, 2025 Aug 13, 2025
LATEST
In Response To practical_Coconut0214

Hi @practical_Coconut0214

 

 

We are still waiting to hear on the following questions:

 

1. When did you install Reader on your machine?

2. Where did you download the Reader app from - which website or webpage, please give us the link. 

3. What is the current version of Reader installed on your machine?

4. Help us with the OS name and version. 

5. Name of the AV on your machine?

With that information, we can escalate to the engineering team if necessary.

 

 

It seems your users have installed an EOL version of the product and may have downloaded it from another website, as @S.S mentioned, judging from the report. If the installer was downloaded from Adobe-owned webpages, please provide us with the link and share the above-requested information. 



Best regards,
Tariq | Adobe Community Team

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
About Adobe Acrobat
Adobe Acrobat Learn & Support
Open in a new window
Adobe Inc
Whats new in Acrobat DC
Open in a new window
Adobe Inc
Plan and Pricing
Open in a new window
Adobe Inc
Adobe Acrobat features and tools
Open in a new window
Adobe Inc
Adobe Acrobat Feature & Workflow
Edit PDFs
Open in a new window
Edit Scanned PDFs
Open in a new window
PDF Forms
Open in a new window
Sign a PDF
Open in a new window
FAQs
How to Edit Scanned or Secured document
Open in a new window
Rotate | move | delete and renumber PDF pages
Open in a new window
Acrobat download and installation help
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices