---
Name: AcroRd32.exe
Description: Execute
Author: ''
Created: '2018-05-25'
Categories: []
Commands:
  - Command: Replace C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe by your binary
    Description: Hijack RdrCEF.exe with a payload executable to launch when opening Adobe
Full_Path:
  - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\
Code_Sample: []
Detection: []
Resources:
  - https://twitter.com/pabraeken/status/997997818362155008
Notes: Thanks to Pierre-Alexandre Braeken - @pabraeken