home

autocad-en.exe

autocad-en

Download Assistant

The executable autocad-en.exe has been detected as malware by 11 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from download.download-405.com.
Publisher:
Download Assistant

Product:
autocad-en

Version:
3.0.0.130

MD5:
11b1604a78a886f533c1631b20293cae

SHA-1:
890517495ce8d8a7d6805cdc54a302e9011bb3f3

SHA-256:
df5c02e2cc2c30f3cc3bf8c2b6f4e1aabbb74ba6a404089874295d8bedbc540f

Scanner detections:
11 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/5/2024 12:35:02 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160327-1

AVG
Win32/Sality
2015.0.4355

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.15.96

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.217.2433.0

Norman
Win32.Sality.3
02.04.2016 17:35:19

File size:
1.2 MB (1,206,224 bytes)

Product version:
3.0.0.130

Copyright:
(c) Download Assistant

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\autocad-en.exe

File PE Metadata
Compilation timestamp:
1/30/2013 6:21:56 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:/xGbDOAtQwrG3YjRMdP73SyTqDU4VwSRxc75YOXidxsX65jEL:IuY3G3hdz3SyTe/yidxsX6VG

Entry address:
0x113BC

Entry point:
F3, C6, C5, D4, 81, CA, 79, 31, FD, 1A, 68, E9, 88, F0, 00, 52, 8A, CC, 87, DB, 22, E7, 0F, AF, D9, F3, 45, 6B, C0, 00, 4A, 8A, F5, 38, EE, 81, FA, 49, C6, 00, 00, 77, 0A, 22, F5, F7, C2, A6, CD, 6D, B2, 89, D1, 89, FD, 69, F9, 48, E2, 9D, E9, 05, 7A, 2B, 03, 00, 75, 06, F7, C3, E5, 2C, DE, 6B, 2D, 79, 2B, 03, 00, F3, 30, DD, 29, DB, FE, CF, 0F, AF, F7, 80, D1, AB, 8D, 35, D5, AC, FC, C8, 3D, 3C, 05, 00, 00, 0F, 82, B1, FF, FF, FF, C6, C3, A0, 8A, EE, E8, 45, 00, 00, 00, FF, C9, 0F, B7, DD, BF, 7E, 35, B6...
 
[+]

Entropy:
7.0510

Code size:
65.5 KB (67,072 bytes)

The file autocad-en.exe has been seen being distributed by the following URL.

http://download.download-405.com/v2/click/o0rkkjbx/?affiliate_image=http://download-405.com/presentation/assets/Static205/.../icon.png&d=http://toolboox.com/bin/autocad-en.rar&filename=autocad-en&key=2bbc5d77d6fb5236b36dd0215d217eda7ff3109e108504aba2ba8bc1136f4a45&n=autocad-en&product_image=http://download-405.com/presentation/assets/Static205/.../installer.png&sid=8681&uid=8681&uao=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgNi4xKSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNDYuMC4yNDkwLjgwIFNhZmFyaS81MzcuMzY_&scid=4ed597fa-85ff-11e5-b3f1-04017184a501

Remove autocad-en.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.