home

xf-adsk2016_x64.exe

The application xf-adsk2016_x64.exe has been detected as a potentially unwanted program by 6 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from docviewer.yandex.com and multiple other hosts.
MD5:
57c4ea10ebec721058068e05461feb88

SHA-1:
3b86b8e3e2b3b2c5b1b958136df5569c41652cae

SHA-256:
e362d19ceff298f378a884bf44b0b3978813d24309c0f0a200d1f82c72611ebd

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 10:04:08 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Keygen.OX potentially unsafe application
6.3.12010.0

IKARUS anti.virus
possible-Threat.Patch.XForce
t3scan.1.8.9.0

Malwarebytes
RiskWare.Tool.HCK
v2015.05.07.09

Microsoft Security Essentials
Threat.Undefined
1.225.1028.0

Qihoo 360 Security
HEUR/QVM18.1.Malware.Gen
1.0.0.1015

Trend Micro House Call
Suspicious_GEN.F47V0314
7.2.95

File size:
301 KB (308,224 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
3/11/2015 8:11:45 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:SuDLg9neBdrOOuoOjtqAMuVVv0067bngK0MQNZrl4oSj:D3g9eBJOLn85kl0063gvhr6oSj

Entry address:
0xDCCD0

Entry point:
60, BE, 00, 50, 49, 00, 8D, BE, 00, C0, F6, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 0C, A9, 0D, 00, 57, 83, C3, 04, 53, 68, C2, 7C, 04, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.9736  (probably packed)

Code size:
292 KB (299,008 bytes)

The file xf-adsk2016_x64.exe has been seen being distributed by the following 29 URLs.

https://docviewer.yandex.com/source?id=cx88-951ui9w7e1n8k7xo6yo5jlgxv9q1fch6kvdfat7s9umijgvqw38d43ktwka6wuetc2uotjnfh4bj3dc8cvrjbdvkst7i43h4h01&archive-path=//AutoDesk_2016_XFKeygen/.../hTVyaVyRQ==&name=2016_3dsmax.rar

http://www55.zippyshare.com/d/GcAu09pJ/.../xf-adsk2016_x64.exe

https://mega.nz/temporary/.../QZoQERZB

chrome-extension://bigefpfhnfcobdlfbedofhhaibnlghod/persistent/.../jtg3xA5S

https://downloader.disk.yandex.com/disk/f7ffe98557fbe54f9c2a0076cacad268a9e8bd47bc11048897d62516b2c6f74a/5652b138/-MxkpArEUtConAYC6xe2sqxyzkzF9Mmlum3N_HQL2-AqmcRSIV6S1t_9gckLWk7Gx_JAjR_O0KG29BT7flMAig==?uid=0&filename=xf-adsk2016_x64.exe&disposition=attachment&hash=FTdspINEgVXgLmJNig4R1is71GGH1hI4u7jrTCAiZbfLP1rNhCUp4JwJdydsCh6tq/.../x-msdownload&fsize=308224&hid=7c882c97e47aa835e3dbeae1ccc769ee&media_type=executable&tknv=v2

https://docviewer.yandex.com/source?id=cx88-951ui9w7e1n8k7xo6yo5jlgxv9q1fch6kvdfat7s9umijgvqw38d43ktwka6wuetc2uotjnfh4bj3dc8cvrjbdvkst7i43h4h01&archive-path=//.../xf-adsk2016_x64.exe&ts=15770ba0cfb&token=DWUHNCQpBJjR7np2mxtmVw==&name=2016_3dsmax.rar

https://mega.nz/temporary/.../LhVhCRQC

https://docviewer.yandex.com/source?id=cx88-951ui9w7e1n8k7xo6yo5jlgxv9q1fch6kvdfat7s9umijgvqw38d43ktwka6wuetc2uotjnfh4bj3dc8cvrjbdvkst7i43h4h01&archive-path=//.../xf-adsk2016_x64.exe&ts=156e25f4996&token=NQDQO2Ch6WOb6VBU gQYzA==&name=2016_3dsmax.rar

chrome-extension://bigefpfhnfcobdlfbedofhhaibnlghod/persistent/.../6oAjTJrJ

http://dc620.4shared.com/download/.../xf-adsk2016_x64.exe

https://doc-00-0g-docs.googleusercontent.com/docs/securesc/ri16ks1rm2p0iv8k7o2583jgjoqgkjft/316hj2bujkrarlbddkvg9odroe1bgrcv/1478426400000/.../17750522183905742198/0B_xbRWhKs3Ljb0trR214MjJsV0E?e=download

http://frostfire.tistory.com/.../cfile2.uf@27517B4C56C3F33B0F3258.exe

http://dc777.4shared.com/download/.../xf-adsk2016_x64.exe

https://mega.nz/temporary/.../yYVgxJaR

https://mega.nz/temporary/.../uYcjTRAB

http://blogattach.naver.net/e376ff455a6869def61970447d9fe59a3f6b9543/20150331_56_blogfile/.../xf-adsk2016_x64.exe

https://mega.nz/persistent/.../6oAjTJrJ

temp:XForce 2016 - 64 bits.exe

http://download1646.mediafire.com/rshhv4377nxg/.../xf-adsk2016_x64.exe

http://www55.zippyshare.com/d/GcAu09pJ/.../xf-adsk2016_x64.exe

http://s10150.chomikuj.pl/File.aspx?e=015W6621GjJ_g-ueQgYBK5YT5LyTHa01vSu0Bq0kyq54QhGyn9EEDWykld949ZxKlBuvnad9oHi8FedA8x0w_oiZfWOpt30OLISD6TK3z0A5TAR5T5BTFKv3dQroKOBgtfsBL5wPuT8MPURZaf7ndw&pv=2

https://mega.nz/temporary/.../jtg3xA5S

http://www55.zippyshare.com/d/GcAu09pJ/.../xf-adsk2016_x64.exe

https://drive.google.com/uc?id=0B55jU-yaZ417OTdlcnVHY3RWWGs&export=download

http://blogattach.naver.net/87129b2d320c0dba907c14211bf884fd5407f98f/20160312_285_blogfile/.../3D MAX U??.exe

http://d.pcs.baidu.com/.../57c4ea10ebec721058068e05461feb88?fid=3090634952-250528-330203234995754&time=1444121556&rt=sh&sign=FDTAERVY-DCb740ccc5511e5e8fedcff06b081203-aIoQ5 9MvVN84mNq7YuVjIKIAt0=&expires=8h&chkv=1&chkbd=0&chkpc=et&dp-logid=6463914051281306267&dp-callid=0&r=188174027

https://mega.nz/temporary/.../It1zkIwK

https://mega.nz/temporary/.../6oAjTJrJ

about:internet

Remove xf-adsk2016_x64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.