× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 69dd4ee09c7aaef9ca09df6b6d18652cd83f75bf639d091b87ad3b71ec383068
File name: AutoCad_Keygen.exe
Detection ratio: 43 / 55
Analysis date: 2016-06-24 00:25:59 UTC ( 1 year, 4 months ago )
Antivirus Result Update
Ad-Aware MemScan:Trojan.Generic.8188344 20160624
AegisLab Memscan.Troj.Generic!c 20160623
AhnLab-V3 Trojan/Win32.Suspicious.N634292874 20160623
ALYac MemScan:Trojan.Generic.8188344 20160624
Antiy-AVL Trojan[Downloader:HEUR]/Win32.Unknown 20160624
Arcabit Trojan.Generic.D7CF1B8 20160624
Avast Win32:GenMaliciousA-NJF [PUP] 20160624
AVG Generic5.KYT 20160623
Avira (no cloud) TR/Injector.SR 20160624
AVware Trojan.Win32.Generic.pak!cobra 20160624
Baidu-International Adware.Win32.Kraddare.FK 20160614
BitDefender MemScan:Trojan.Generic.8188344 20160624
Bkav W32.ChapinetF.Trojan 20160623
Comodo UnclassifiedMalware 20160624
DrWeb Trojan.DownLoader6.61971 20160623
Emsisoft MemScan:Trojan.Generic.8188344 (B) 20160623
ESET-NOD32 a variant of Win32/Adware.Kraddare.FK 20160624
F-Secure MemScan:Trojan.Generic.8188344 20160623
Fortinet W32/SPNR.08HT12!tr 20160623
GData MemScan:Trojan.Generic.8188344 20160623
Ikarus Win32.Malware 20160623
Jiangmin TrojanDownloader.Generic.acxi 20160623
K7AntiVirus Riskware ( 0015e4f11 ) 20160623
K7GW Riskware ( 0015e4f11 ) 20160623
Kingsoft Win32.Troj.Undef.(kcloud) 20160624
Malwarebytes Adware.KorAd 20160623
McAfee Generic Downloader.g 20160623
McAfee-GW-Edition Generic Downloader.g 20160623
eScan MemScan:Trojan.Generic.8188344 20160623
NANO-Antivirus Trojan.Win32.Injector.xxiyf 20160624
nProtect Trojan/W32.Agent.211376 20160623
Panda Generic Malware 20160623
Qihoo-360 Win32/Trojan.Downloader.9f4 20160624
Sophos AV Generic PUA FM (PUA) 20160623
Symantec SecurityRisk.Downldr 20160624
Tencent Win32.Trojan.Falsesign.Eaxg 20160624
TrendMicro ADW_KRADDARE 20160624
TrendMicro-HouseCall ADW_KRADDARE 20160624
VBA32 suspected of Trojan.Downloader.gen.h 20160623
VIPRE Trojan.Win32.Generic.pak!cobra 20160624
ViRobot Trojan.Win32.S.Downloader.211376[h] 20160623
Yandex Adware.Kraddare!JgjX33mXj/Q 20160621
Zillya Adware.Kraddare.Win32.1077 20160623
Alibaba 20160623
Baidu 20160623
CAT-QuickHeal 20160623
ClamAV 20160623
CMC 20160620
Cyren 20160624
F-Prot 20160623
Kaspersky 20160623
Microsoft 20160623
SUPERAntiSpyware 20160624
TheHacker 20160621
Zoner 20160623
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signers
[+] corenet
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Code Signing CA - G2
Valid from 1:00 AM 10/5/2011
Valid to 12:59 AM 10/5/2013
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha1RSA
Thumbprint DDA1AD3495910F67CECE42406A83B88A2C64305D
Serial number 61 A6 56 76 7E 65 5D 18 59 C3 E6 CC 86 32 D6 5A
[+] Thawte Code Signing CA - G2
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7
Serial number 47 97 4D 78 73 A5 BC AB 0D 2F B3 70 19 2F CE 5E
[+] thawte
Status Valid
Issuer thawte Primary Root CA
Valid from 1:00 AM 11/17/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-08-14 00:53:46
Entry Point 0x0001011A
Number of sections 5
PE sections
Overlays
MD5 dd43956e0c471b4e6c5ded4e46f920d6
File type data
Offset 207360
Size 4016
Entropy 7.41
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
GetFileTitleA
SetMapMode
SaveDC
TextOutA
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetTextColor
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
ScaleViewportExtEx
SelectObject
SetWindowExtEx
SetViewportExtEx
Escape
SetBkColor
DeleteObject
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
lstrcmpW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetTempPathA
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
GetVolumeInformationA
LoadLibraryExA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
GlobalLock
CompareStringW
GetFileSizeEx
GlobalReAlloc
lstrcmpA
FindFirstFileA
CompareStringA
DuplicateHandle
GetProcAddress
GetTimeZoneInformation
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetEnvironmentStringsW
GlobalUnlock
LockFile
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
VariantChangeType
VariantClear
VariantInit
ShellExecuteExA
PathFindFileNameA
PathFindExtensionA
PathIsUNCA
PathStripToRootA
GetForegroundWindow
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
GrayStringA
GetMessageTime
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetClassInfoA
GetMenu
SendMessageA
GetClientRect
CallNextHookEx
GetTopWindow
GetActiveWindow
GetWindowTextA
PtInRect
GetMessageA
GetParent
SetPropA
GetClassInfoExA
ShowWindow
GetPropA
ValidateRect
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
GetWindowPlacement
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetSubMenu
CreateWindowExA
CopyRect
GetSysColorBrush
DestroyWindow
MapWindowPoints
RegisterWindowMessageA
DefWindowProcA
GetSystemMetrics
IsIconic
GetWindowRect
PostMessageA
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetWindowLongA
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
GetClassLongA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetMenuItemID
SetForegroundWindow
DrawTextA
GetCapture
DrawTextExA
GetWindowThreadProcessId
SetMenu
MessageBoxA
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpA
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
UnhookWindowsHookEx
SetCursor
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
RT_ICON 2
RT_STRING 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
KOREAN 4
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:08:14 01:53:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
136704

LinkerVersion
9.0

EntryPoint
0x1011a

InitializedDataSize
69632

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 81dcce38934fce193bbbbb536a948473
SHA1 5c3ae89cef6142e41987af11aae23dd3accd456d
SHA256 69dd4ee09c7aaef9ca09df6b6d18652cd83f75bf639d091b87ad3b71ec383068
ssdeep
3072:kcmWXDpEqgg8A/l9swqVlxe33tFtSw1T/jV5znv1hejGLYQy/oa3J:kczGpB8l9sw+lxS3AwFLzvLe6LG/bJ

authentihash 637f0e7e9b70ff708b3709c4793daa520fab3b8b77e636fdc1c294b8c10725b8
imphash 0ea797fcaa3ea9bb505b223116190743
File size 206.4 KB ( 211376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (48.1%)
Win32 Executable MS Visual C++ (generic) (34.9%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Generic Win/DOS Executable (2.2%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2012-08-14 05:45:31 UTC ( 5 years, 3 months ago )
Last submission 2016-06-24 00:25:59 UTC ( 1 year, 4 months ago )
File names 4.exe
NRD-2.4_W2.exe
81DCCE38934FCE193BBBBB536A948473 - download3.php{.exe}
Adobe_flashplayer10.htm
Desktop_Game.exe
download3.php@n=ChaosOne.exe
5a2ed3b178e24b8e87ca5100eaca6533
vt-upload-LWwiq
iFun_Box.exe
AutoCad_Keygen.exe
81dcce38934fce193bbbbb536a948473.exe
net_framework_setup.exe
minecraft_v1_0.exe
apk_pont.exe
desktop_game.exe
kakaotalk_pc.exe
autocad_keygen.exe
hwp_2010.exe
81dcce38934fce193bbbbb536a948473
ChaosOne.exe
_Window_7_Crack.exe
MineCraft_v1_0.exe
Elder_5_Skyrim.exe
DaumPot_Encoder.exe
Kakaotalk_pc.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!