Autocad2010update2x64.exe Trojan Miner Analysis

Trojan Miner

Updated on 2024-02-04 (11 months ago)

Online Virus Checker	v.1.0.158.174
DB Version:	2024-02-04 11:00:38

Trojan.Win64.Miner.cld

Miner is a type of malware that harnesses the victim's computer resources, primarily CPU and RAM, to engage in cryptocurrency mining, such as for Monero or Zcash. This malware establishes persistence by integrating an open-source mining tool into the system's startup routine without the user's consent. Advanced miners often employ techniques like timer configurations or CPU usage limits to operate discreetly and avoid detection.

File	autocad2010update2x64.exe
Checked	2024-02-04 09:35:29
MD5	205f8ad8840d26edc31f08bd56af33ae
SHA1	643b00cf7a56b1187769773a3770422ff7315eea
SHA256	6097ca42b9c0a3779ce7acb0ece2ad6ad6b4d5e07923a331aaef584540008eb9
SHA512	4de01dac6b4bd45d5613241b35b842784930913abe6f179ef861b6ffb5161cd61827843a2dff87be89abe164c9c2b1fb038bbada1c8987228b9405d61a613419
Imphash	6ed91d6f1cc234e9e45a83e1de99b415
File Size	43104480 bytes

Trojan.Win64.Miner.cld Removal

Gridinsoft has the capability to identify and eliminate Trojan.Win64.Miner.cld without requiring further user intervention.

Start by downloading Gridinsoft Anti-Malware to your computer.
Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
Click on the "Standard Scan" button.
After the scanning process is finished, click on "Clean Now" to remove any detected threats.
If prompted, restart your system to complete the removal process.

Signers

	VeriSign, Inc. (US)
VeriSign Class 3 Code Signing 2009-2 CA	Autodesk, Inc (US)
Verification	Chain verification from CN=Autodesk\, Inc, OU=Design Solutions Group, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Autodesk\, Inc, L=San Rafael, ST=California, C=US (serial:46926037903300280469636714148227324347, sha1:f652b1ed7f969543ca88a919dd11c806bf26f573) failed: The path could not be validated because intermediate certificate 1 expired 2019-05-20 23:59:59Z

File Version Information

Comments	Autodesk, Inc.
CompanyName	Autodesk, Inc.
FileDescription	Autodesk SP.
FileVersion	18.0.309.0.0
InternalName	SP.EXE
LegalCopyright	Copyright (c) 1982-2009 by Autodesk, Inc.
OriginalFilename	SP.exe
ProductName	SP
ProductVersion	18.0.309.0.0
Translation	0x0409 0x04b0

Portable Executable Info

Image Base:	0x140000000
Entry Point:	0x140008a70
Compilation:	2010-04-19 10:56:13
Checksum:	0x02920db2 (Actual: 0x02920db2)
OS Version:	5.2
PEiD:	PE32+ executable (GUI) x86-64, for MS Windows
Sign:	Chain verification from CN=Autodesk\, Inc, OU=Design Solutions Group, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Autodesk\, Inc, L=San Rafael, ST=California, C=US (serial:46926037903300280469636714148227324347, sha1:f652b1ed7f969543ca88a919dd11c806bf26f573) failed: The path could not be validated because intermediate certificate 1 expired 2019-05-20 23:59:59Z
Sections:	6
Imports:	msi, KERNEL32, USER32, SHELL32,
Exports:	0
Resources:	31

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Entropy
.text	0x00001000	0x000155b6	0x00015600	13bf99f92841a587cd80d4f2b8b8629f	6.35
.rdata	0x00017000	0x00005876	0x00005a00	6fe82219883b76463d35bd4061729b7f	4.90
.data	0x0001d000	0x00003850	0x00001800	81e4256577d2f96247e9bd6c46214c5e	2.02
.pdata	0x00021000	0x000014ac	0x00001600	e9777fb3d8e4b3b970ee2176a60e3f90	4.84
.rsrc	0x00023000	0x028fb5c8	0x028fb600	e6071d0d98fb288f78d834a01046f3ee	7.95
.reloc	0x0291f000	0x000012e4	0x00001400	90303c9a6c30c4836e5c30e2af6d0836	0.99

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

5 4 3 2 1