Gridinsoft Logo

Autocad2010update2x64.exe Trojan Miner Analysis

Updated 1 year ago
Checked by Malware Check
autocad2010update2x64.exe

Technical Analysis

File Name autocad2010update2x64.exe
File Type
PE32+ executable (GUI) x86-64, for MS Windows
Scanner Version 1.0.158.174
Database Version 2024-02-04 11:00:38 UTC

Trojan.Win64.Miner.cld

Malware family: Miner

Miner malware exploits system resources for unauthorized cryptocurrency mining operations. It integrates into system startup processes and may implement stealth techniques to avoid detection while consuming CPU and RAM resources.
N/A
Detection Rate
43,104,480
File Size (bytes)
2024-02-04
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
205f8ad8840d26edc31f08bd56af33ae
SHA1
643b00cf7a56b1187769773a3770422ff7315eea
SHA256
6097ca42b9c0a3779ce7acb0ece2ad6ad6b4d5e07923a331aaef584540008eb9
SHA512
4de01dac6b4bd45d5613241b35b842784930913abe6f179ef861b6ffb5161cd61827843a2dff87be89abe164c9c2b1fb038bbada1c8987228b9405d61a613419
ImpHash
6ed91d6f1cc234e9e45a83e1de99b415

PE Analysis

Basic Information

Image Base 0x140000000
Entry Point 0x140008a70
Compilation Time 2010-04-19 10:56:13
Checksum 0x02920db2 (Actual: 0x02920db2)
OS Version 5.2
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
Digital Signature Chain verification from CN=Autodesk\, Inc, OU=Design Solutions Group, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Autodesk\, Inc, L=San Rafael, ST=California, C=US (serial:46926037903300280469636714148227324347, sha1:f652b1ed7f969543ca88a919dd11c806bf26f573) failed: The path could not be validated because intermediate certificate 1 expired 2019-05-20 23:59:59Z
Imports 4 libraries
msi, KERNEL32, USER32, SHELL32
Exports 0 functions
Resources 31 Resources
Sections 6 Sections

Digital Signatures

VeriSign, Inc. (US)
VeriSign Class 3 Code Signing 2009-2 CA Autodesk, Inc (US)

Version Information

Comments Autodesk, Inc.
CompanyName Autodesk, Inc.
FileDescription Autodesk SP.
FileVersion 18.0.309.0.0
InternalName SP.EXE
LegalCopyright Copyright (c) 1982-2009 by Autodesk, Inc.
OriginalFilename SP.exe
ProductName SP
ProductVersion 18.0.309.0.0
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 87,478 bytes 87,552 bytes 6.35 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 13BF99F92841A587CD80D4F2B8B8629F
.rdata 0x00017000 22,646 bytes 23,040 bytes 4.90 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6FE82219883B76463D35BD4061729B7F
.data 0x0001d000 14,416 bytes 6,144 bytes 2.02 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 81E4256577D2F96247E9BD6C46214C5E
.pdata 0x00021000 5,292 bytes 5,632 bytes 4.84 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ E9777FB3D8E4B3B970EE2176A60E3F90
.rsrc 0x00023000 42,972,616 bytes 42,972,672 bytes 7.95 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ E6071D0D98FB288F78D834A01046F3EE
.reloc 0x0291f000 4,836 bytes 5,120 bytes 0.99 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 90303C9A6C30C4836E5C30E2AF6D0836
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 31 (42,971,581 bytes)
Resource Type Count Total Size Percentage
MSP 1 42,944,512 bytes
99.9%
RT_STRING 28 25,920 bytes
0.1%
RT_VERSION 1 796 bytes
0%
RT_MANIFEST 1 353 bytes
0%

Certificate Chain Analysis

Certificate #1
Subject VeriSign Class 3 Code Signing 2009-2 CA
VeriSign, Inc.
US
Issuer Unknown
Serial Number 134678584529721923331408176609551902556
Certificate #2
Subject Autodesk, Inc
Autodesk, Inc
US
Issuer VeriSign Class 3 Code Signing 2009-2 CA
Serial Number 46926037903300280469636714148227324347
Certificate Verification Status

Chain verification from CN=Autodesk\, Inc, OU=Design Solutions Group, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Autodesk\, Inc, L=San Rafael, ST=California, C=US (serial:46926037903300280469636714148227324347, sha1:f652b1ed7f969543ca88a919dd11c806bf26f573) failed: The path could not be validated because intermediate certificate 1 expired 2019-05-20 23:59:59Z

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Win64.Miner.cld Removal

Gridinsoft has the capability to identify and eliminate Trojan.Win64.Miner.cld without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware
An unexpected error occurred. Please try again later.