Autocad2010update2x64.exe Trojan Miner Analysis
| Online Virus Checker | v.1.0.158.174 |
| DB Version: | 2024-02-04 11:00:38 |
Trojan.Win64.Miner.cld
Miner is a type of malware that harnesses the victim's computer resources, primarily CPU and RAM, to engage in cryptocurrency mining, such as for Monero or Zcash. This malware establishes persistence by integrating an open-source mining tool into the system's startup routine without the user's consent. Advanced miners often employ techniques like timer configurations or CPU usage limits to operate discreetly and avoid detection.
| File | autocad2010update2x64.exe |
| Checked | 2024-02-04 09:35:29 |
| MD5 | 205f8ad8840d26edc31f08bd56af33ae |
| SHA1 | 643b00cf7a56b1187769773a3770422ff7315eea |
| SHA256 | 6097ca42b9c0a3779ce7acb0ece2ad6ad6b4d5e07923a331aaef584540008eb9 |
| SHA512 | 4de01dac6b4bd45d5613241b35b842784930913abe6f179ef861b6ffb5161cd61827843a2dff87be89abe164c9c2b1fb038bbada1c8987228b9405d61a613419 |
| Imphash | 6ed91d6f1cc234e9e45a83e1de99b415 |
| File Size | 43104480 bytes |
Trojan.Win64.Miner.cld Removal
Gridinsoft has the capability to identify and eliminate Trojan.Win64.Miner.cld without requiring further user intervention.
- Start by downloading Gridinsoft Anti-Malware to your computer.
- Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
- Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
- Click on the "Standard Scan" button.
- After the scanning process is finished, click on "Clean Now" to remove any detected threats.
- If prompted, restart your system to complete the removal process.
Signers
| VeriSign, Inc. (US) | |
| VeriSign Class 3 Code Signing 2009-2 CA | Autodesk, Inc (US) |
| Verification | Chain verification from CN=Autodesk\, Inc, OU=Design Solutions Group, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Autodesk\, Inc, L=San Rafael, ST=California, C=US (serial:46926037903300280469636714148227324347, sha1:f652b1ed7f969543ca88a919dd11c806bf26f573) failed: The path could not be validated because intermediate certificate 1 expired 2019-05-20 23:59:59Z |
File Version Information
| Comments | Autodesk, Inc. |
| CompanyName | Autodesk, Inc. |
| FileDescription | Autodesk SP. |
| FileVersion | 18.0.309.0.0 |
| InternalName | SP.EXE |
| LegalCopyright | Copyright (c) 1982-2009 by Autodesk, Inc. |
| OriginalFilename | SP.exe |
| ProductName | SP |
| ProductVersion | 18.0.309.0.0 |
| Translation | 0x0409 0x04b0 |
Portable Executable Info
| Image Base: | 0x140000000 |
| Entry Point: | 0x140008a70 |
| Compilation: | 2010-04-19 10:56:13 |
| Checksum: | 0x02920db2 (Actual: 0x02920db2) |
| OS Version: | 5.2 |
| PEiD: | PE32+ executable (GUI) x86-64, for MS Windows |
| Sign: | Chain verification from CN=Autodesk\, Inc, OU=Design Solutions Group, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Autodesk\, Inc, L=San Rafael, ST=California, C=US (serial:46926037903300280469636714148227324347, sha1:f652b1ed7f969543ca88a919dd11c806bf26f573) failed: The path could not be validated because intermediate certificate 1 expired 2019-05-20 23:59:59Z |
| Sections: | 6 |
| Imports: | msi, KERNEL32, USER32, SHELL32, |
| Exports: | 0 |
| Resources: | 31 |
Sections
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x000155b6 | 0x00015600 | 13bf99f92841a587cd80d4f2b8b8629f | 6.35 |
| .rdata | 0x00017000 | 0x00005876 | 0x00005a00 | 6fe82219883b76463d35bd4061729b7f | 4.90 |
| .data | 0x0001d000 | 0x00003850 | 0x00001800 | 81e4256577d2f96247e9bd6c46214c5e | 2.02 |
| .pdata | 0x00021000 | 0x000014ac | 0x00001600 | e9777fb3d8e4b3b970ee2176a60e3f90 | 4.84 |
| .rsrc | 0x00023000 | 0x028fb5c8 | 0x028fb600 | e6071d0d98fb288f78d834a01046f3ee | 7.95 |
| .reloc | 0x0291f000 | 0x000012e4 | 0x00001400 | 90303c9a6c30c4836e5c30e2af6d0836 | 0.99 |
