Gridinsoft Logo
File Icon

Acad.exe Trojan Heuristic Analysis

Updated 1 month ago
Checked by Malware Check
acad.exe

Technical Analysis

File Name acad.exe
File Type
PE32+ executable (GUI) x86-64, for MS Windows
Scanner Version 1.0.230.174
Database Version 2025-12-08 00:00:17 UTC

Trojan.Heur!.00046033

Malware family: Heuristic

Heuristic detection uses behavioral analysis and pattern recognition to identify potential threats without specific signatures. This proactive approach detects suspicious code behavior that may indicate malware presence. Detection may occasionally produce false positives when legitimate software exhibits similar behavioral patterns.
N/A
Detection Rate
5,881,688
File Size (bytes)
2025-12-08
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
abca736d357e5bd124b28447d011777f
SHA1
c0aefc23b71c096656e61c79097494124b7078db
SHA256
db98869b1052a7b4970953ce30cf59a77d7d981b0c34833095d35075ee395ac3
SHA512
20a7d93f17fcc366d1e511276ecba091d73c5af0fbf247d08c00a441703031a63dfe3852173998e77b444c45f8a8878ade6532b366be4ae7cbd96a6e5563e934
ImpHash
3f3449750b4b802c42901bf07021c0b2

PE Analysis

Basic Information

Icon
Hash: 87808d802a53bfea096070300e542189
Fuzzy: 4b5d0bc7cb753409c30d6776bf17e27f
dHash: cab2b2e2ca9760e0
Image Base 0x140000000
Entry Point 0x140091fe4
Compilation Time 2025-10-23 03:13:15
Checksum 0x0059d965 (Actual: 0x0059ffd8)
OS Version 6.0
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
PDB Path U:\develop\global\Release64\bin\acad\acadlock.pdb
Digital Signature The expected hash does not match the digest in SpcInfo
Imports 23 libraries
Exports 707 functions
Resources 37 Resources
Sections 8 Sections

Version Information

LegalCopyright Copyright 2025 Autodesk, Inc. All rights reserved.
BuildVersion W.164.0.0
CompanyName Autodesk, Inc.
FileDescription AutoCAD Application
FileVersion R25.1.164.0.0
InternalName AutoCAD
OriginalFilename ACAD.EXE
ProductName AutoCAD
ProductVersion R25.1.164.0.0
Translation 0x0000 0x04e4

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 3,497,273 bytes 3,497,472 bytes 6.38 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ D2670CA2A8EC83783910983F776592CC
ACAD_STA 0x00357000 190 bytes 512 bytes 2.42 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 00EE722C82406B1B2D3CC102C3075ED4
.rdata 0x00358000 1,627,884 bytes 1,628,160 bytes 5.23 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 04712914E3723641BD800A957BDD611D
.data 0x004e6000 188,428 bytes 106,496 bytes 4.41 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE F4C24FCD765B4A46DF7BB8E012AE707E
.pdata 0x00515000 183,672 bytes 183,808 bytes 6.38 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 15D5BE285777437850F3CA8F0DC37DC7
.acMemLo 0x00542000 16 bytes 512 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ BF619EAC0CDF3F68D496EA9344137E8B
.rsrc 0x00543000 344,448 bytes 344,576 bytes 4.84 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 9AC2FFA2D936D29EB718D26E1DBA83A9
.reloc 0x00598000 108,320 bytes 108,544 bytes 5.45 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 2A05DFA3942DBFF4328D4FC6250BDD27

Resource Analysis

Total Resources: 37 (342,485 bytes)
Resource Type Count Total Size Percentage
RT_ICON 26 339,487 bytes
99.1%
RT_STRING 2 338 bytes
0.1%
RT_GROUP_ICON 7 406 bytes
0.1%
RT_VERSION 1 836 bytes
0.2%
RT_MANIFEST 1 1,418 bytes
0.4%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The expected hash does not match the digest in SpcInfo

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Heur!.00046033 Removal

Gridinsoft has the capability to identify and eliminate Trojan.Heur!.00046033 without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for
/

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware