» adskscsrv.exe
Overview
Analysis
File Details
Behaviors (1)

adskscsrv.exe

Autodesk Licensing Service

Autodesk

The executable adskscsrv.exe, “System Level Service Utility” has been detected as malware by 37 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “Autodesk Licensing Service”. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.

File name:

adskscsrv.exe

Publisher:

Autodesk

Product:

Autodesk Licensing Service

Description:

System Level Service Utility

Version:

2.70.000

MD5:

29cf27bee837e06b26d741a9051215b0

SHA-1:

f861d5835f16bf536f41f17744b54ab4d8e1c7dc

SHA-256:

473cd41d5359ce5eb579c71cac8a00ae757ca6d68f4d7812b41eaa484bd34342

Scanner detections:

37 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/25/2024 7:20:18 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.3

5739717

Agnitum Outpost

Win32.Sality.BL

7.1.1

AhnLab V3 Security

Win32/Kashu.E

2015.10.06

Avira AntiVirus

W32/Sality.AT

8.3.2.2

Arcabit

Win32.Sality.3

1.0.0.568

avast!

Win32:SaliCode

151004-0

AVG

Win32/Sality

2015.0.4355

Baidu Antivirus

Virus.Win32.Sality.$Emu

4.0.3.15106

Bitdefender

Win32.Sality.3

1.0.20.1395

Bkav FE

W32.Sality.PE

1.3.0.7237

Comodo Security

Virus.Win32.Sality.gen

23363

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

10.0.0.5366

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Prot

W32/Sality.gen2

4.6.5.141

F-Secure

Win32.Sality.3

5.14.151

G Data

Win32.Sality

15.10.25

IKARUS anti.virus

Virus.Win32.Sality

t3scan.1.9.5.0

K7 AntiVirus

Virus

13.210.17434

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.207.1371.0

MicroWorld eScan

Win32.Sality.3

16.0.0.837

NANO AntiVirus

Virus.Win32.Sality.beygb

0.30.26.3725

Norman

Win32.Sality.3

03.12.2014 13:20:04

nProtect

Virus/W32.Sality.D

15.10.05.01

Panda Antivirus

W32/Sality.AA

15.10.06.07

Quick Heal

W32.Sality.U

10.15.14.00

Rising Antivirus

PE:Virus.Sality!1.A09C[F1]

23.00.65.151004

Sophos

Virus 'Mal/Sality-D'

5.19

Total Defense

Win32/Sality.AA

37.1.62.1

Trend Micro House Call

PE_SALITY.RL

7.2.279

Trend Micro

PE_SALITY.RL

10.465.06

Vba32 AntiVirus

Virus.Win32.Sality.bakc

3.12.26.4

VIPRE Antivirus

Threat.4721115

42326

ViRobot

Win32.Sality.Gen.A[h]

2014.3.20.0

Zillya! Antivirus

Virus.Sality.Win32.25

2.0.0.2429

File size:

144.1 KB (147,576 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\common files\autodesk shared\service\adskscsrv.exe

File PE Metadata

Compilation timestamp:

4/6/2005 4:15:09 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

6.0

CTPH (ssdeep):

3072:WDd4fIpqLbu8SrBuTI9Uo3R1wSr5mER8yC9PWHyOmIBj0D4pr4zBGjJbyYSaE:wd4NZSrl93RBrIIC9+Tmi0DFAJbyRa

Entry address:

0x5FAF

Entry point:

69, F3, 04, 34, 8D, 25, F2, F3, 57, 87, CF, F7, C2, B7, 44, 78, 1A, 0F, AF, CB, 69, CB, 94, 5A, 87, CA, 0F, AF, C2, F7, C2, CD, 34, 5D, 19, 86, E1, 55, 0F, BE, CF, E8, 80, 00, 00, 00, 0F, AF, F7, 02, E1, 69, D5, FB, 86, 1B, F3, 3B, F9, 2B, ED, 69, D9, 95, E2, 55, 52, 0D, EE, 14, BA, 43, 8D, 05, DD, 9F, 76, 1C, 0F, AF, CE, BF, 95, C4, AE, C0, 6A, 00, 58, F2, 69, F3, D1, 23, 4B, CB, 02, CB, 2D, C0, 0D, 00, 00, F2, 88, DD, 35, E8, 08, 00, 00, 8D, 1D, BB, 54, 72, 6C, 0F, AF, CF, C7, C7, 0D, A6, A0, B7, 50, 87... 
[+]

Entropy:

7.2854

Code size:

50.5 KB (51,712 bytes)

Service

Display name:

Autodesk Licensing Service

Description:

Anchor service for Autodesk products licensed with SafeCast

Type:

Win32OwnProcess

Remove adskscsrv.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.