{
	"id": "f9158c72-03d6-4e82-a9fa-cf9680adbdcd",
	"created_at": "2026-04-06T00:20:06.345499Z",
	"updated_at": "2026-04-10T03:20:20.467924Z",
	"deleted_at": null,
	"sha1_hash": "ce75cfcecf4e2e9188cce71911b14f0d68682773",
	"title": "Medre.A - AutoCAD worm samples",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 68332,
	"plain_text": "Medre.A - AutoCAD worm samples\r\nArchived: 2026-04-05 20:14:14 UTC\r\n         Medre.A  is a an AutoCAD worm, written in AutoLISP and is a very unusual piece of malware. It was\r\n          ESET reported Peru and neighboring countries as the target but I noticed that one of the samples'\r\n(MD5 25c7e10bb537b4265f6144f2cd7f6d95) original name is 未命名1 ( Unnamed 1), so I wonder if some\r\ntargets/sources were Chinese speaking.\r\nP.S. The samples were donated by an anonymous but the original source is someone from Malwarebytes forum\r\nand  I want to thank him/her (sorry don't know the name) for sharing. I hope they do not mind me posting them\r\nhere.\r\nFile information\r\nFile: 2dda8e76f8488e8cd44dd25167e91642a0b27e245848be96ef0bea2797feb40eMD5:\r\n ea04c29bc814af6d96157c1113b3806dSize: 22105\r\nFile: 7c489147ce4238ba0f9f992a7dbe7afc9e1b2ef9afd4d25e3b182d69e90e18c9MD5:\r\n 916744d1e7064a5522092f310a7c4ab0Size: 22052\r\nFile: 79baf616d2701cc26ef328cd9c13682db317932aa47efb8eb079d8af4a49e0a3\r\nMD5:  7b563740f41e495a68b70cbb22980b20\r\nSize: 12334\r\nFile: b886a58c6be03d75bf0a84ea3dc18c46aa98f6a9a5905f37661a23fd48d10232MD5:\r\n 25c7e10bb537b4265f6144f2cd7f6d95Size: 22602\r\nFile: e8e1148f7497aa546e46a45f35704ed6d9f9cb8d83d04a825aaa5ae6335d979MD5:\r\n 73dd85951ea154fbb40c26cd259ee0b7Size: 12334\r\nhttp://contagiodump.blogspot.com/2012/06/medrea-autocad-worm-samples.html\r\nPage 1 of 10\n\nDownload\r\nAutomatic scans\r\nSHA256: 7c489147ce4238ba0f9f992a7dbe7afc9e1b2ef9afd4d25e3b182d69e90e18c9\r\nSHA1: 023e6c7730445db2b4c777b5d9b612e902dc7f72\r\nMD5: 916744d1e7064a5522092f310a7c4ab0\r\nFile size: 21.5 KB ( 22052 bytes )\r\nFile name: 7c489147ce4238ba0f9f992a7dbe7afc9e1b2ef9afd4d25e3b182d69e90e18c9\r\nFile type: unknown\r\nDetection ratio: 8 / 42\r\nAnalysis date: 2012-06-23 08:40:10 UTC ( 1 day, 17 hours ago ) \r\nAntivirus Result Update\r\nAvast ALS:Merde-A [Wrm] 20120623\r\nBitDefender Trojan.ACAD.H 20120623\r\nComodo UnclassifiedMalware 20120623\r\nDrWeb - 20120623\r\nEmsisoft - 20120623\r\nF-Secure Trojan.ACAD.H 20120623\r\nGData Trojan.ACAD.H 20120623\r\nMcAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.H 20120623\r\nNOD32 ACAD/Medre.A 20120622\r\nNorman Bursted.F 20120622\r\nnProtect - 20120623\r\nSUPERAntiSpyware - 20120623\r\nTrendMicro-HouseCall - 20120622\r\nhttp://contagiodump.blogspot.com/2012/06/medrea-autocad-worm-samples.html\r\nPage 2 of 10\n\nAdditional information\r\nssdeep\r\n384:HwvP/eyqn0QVgxccQ5YBvuOUIEERnVvdeQRv2J:6uOUgF4\r\nTrID\r\nUnknown!\r\nFirst seen by VirusTotal\r\n2012-06-21 19:08:34 UTC ( 3 days, 6 hours ago )\r\nLast seen by VirusTotal\r\n2012-06-23 08:40:10 UTC ( 1 day, 17 hours ago )\r\nFile names (max. 25)\r\n1340366575.fc9e1b2ef9afd4d25e3b182d69e90e18c9\r\nmuestraACAD.txt\r\n7c489147ce4238ba0f9f992a7dbe7afc9e1b2ef9afd4d25e3b182d69e90e18c9\r\nfile-4134327_\r\nSHA256: 2dda8e76f8488e8cd44dd25167e91642a0b27e245848be96ef0bea2797feb40e\r\nSHA1: ffadbc944a2976982e1daf0b715478e6062c9488\r\nMD5: ea04c29bc814af6d96157c1113b3806d\r\nFile size: 21.6 KB ( 22105 bytes )\r\nFile name: account.exe\r\nFile type: unknown\r\nDetection ratio: 10 / 42\r\nAnalysis date: 2012-06-23 20:28:06 UTC ( 1 day, 5 hours ago ) \r\n01\r\nAvast ALS:Merde-A [Wrm] 20120623\r\nBitDefender Trojan.ACAD.H 20120623\r\nComodo UnclassifiedMalware 20120623\r\nhttp://contagiodump.blogspot.com/2012/06/medrea-autocad-worm-samples.html\r\nPage 3 of 10\n\nEmsisoft Trojan.Acad!IK 20120623\r\nF-Secure Trojan.ACAD.H 20120623\r\nGData Trojan.ACAD.H 20120623\r\nIkarus Trojan.Acad 20120623\r\nMcAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.H 20120623\r\nMicrosoft - 20120623\r\nNOD32 ACAD/Medre.A 20120622\r\nNorman Bursted.F 20120622\r\nnProtect - 20120623\r\nSUPERAntiSpyware - 20120623\r\nTrendMicro-HouseCall - 20120623\r\n384:HwvP/eyqn0QVgxccL5YBvuOIOFIIdZKyGNERnVvdeQ6v2J:buObFI6ZKRwY4\r\nTrID\r\nUnknown!\r\nFirst seen by VirusTotal\r\n2012-06-21 17:21:19 UTC ( 3 days, 8 hours ago )\r\nLast seen by VirusTotal\r\n2012-06-23 20:28:06 UTC ( 1 day, 5 hours ago )\r\nFile names (max. 25)\r\ndsfg.txt\r\naccount.exe\r\n2dda8e76f8488e8cd44dd25167e91642a0b27e245848be96ef0bea2797feb40e.exe\r\nfile-4134326_\r\n2dda8e76f8488e8cd44dd25167e91642a0b27e245848be96ef0bea2797feb40e\r\n1340366574.42a0b27e245848be96ef0bea2797feb40e\r\nSHA256: 79baf616d2701cc26ef328cd9c13682db317932aa47efb8eb079d8af4a49e0a3\r\nhttp://contagiodump.blogspot.com/2012/06/medrea-autocad-worm-samples.html\r\nPage 4 of 10\n\nSHA1: 43ea33bedadc9bfc92c570b316b78b6fd9787f09\r\nMD5: 7b563740f41e495a68b70cbb22980b20\r\nFile size: 12.0 KB ( 12334 bytes )\r\nFile name: acad.fas\r\nFile type: unknown\r\nDetection ratio: 26 / 42\r\nAnalysis date: 2012-06-23 19:47:19 UTC ( 1 day, 5 hours ago ) \r\nAhnLab-V3 - 20120623\r\nAntiVir ACAD/Bursted.A.3 20120623\r\nAvast Other:Malware-gen [Trj] 20120623\r\nAVG ACAD/Bursted.G 20120623\r\nBitDefender Trojan.Acad.Bursted.W 20120623\r\nClamAV Worm.ACAD-1 20120623\r\nComodo UnclassifiedMalware 20120623\r\nEmsisoft Email-Worm.Acad!IK 20120623\r\nF-Secure Trojan.Acad.Bursted.W 20120623\r\nFortinet ACM/Medre.A@mm 20120623\r\nGData Trojan.Acad.Bursted.W 20120623\r\nIkarus Email-Worm.Acad 20120623\r\nKaspersky Email-Worm.Acad.Medre.a 20120623\r\nMcAfee ALS/Bursted 20120623\r\nMcAfee-GW-Edition ALS/Bursted 20120623\r\nMicrosoft Worm:ALisp/Blemfox.A 20120623\r\nNOD32 ACAD/Medre.A 20120622\r\nNorman Bursted.E 20120622\r\nnProtect Trojan.Acad.Bursted.W 20120623\r\nhttp://contagiodump.blogspot.com/2012/06/medrea-autocad-worm-samples.html\r\nPage 5 of 10\n\nPanda ACAD/Medre.A.worm 20120623\r\nPCTools ALS.Bursted.B 20120623\r\nSophos AL/Bursted-AP 20120623\r\nSUPERAntiSpyware - 20120623\r\nSymantec ALS.Bursted.B 20120623\r\nTrendMicro ACM_BURSTD.LEX 20120623\r\nTrendMicro-HouseCall ACM_BURSTD.LEX 20120623\r\nVBA32 - 20120622\r\nVIPRE - 20120623\r\nViRobot I-Worm.Acad.A.Medre.12334 20120623\r\nVirusBuster Worm.Acad.Medre.A 20120623\r\n192:9FHRKCzYIvLCUglLBvFodl+gysUbfV01T5cjjhGkfHji:9/hdKJJFobyxAYjLji\r\nTrID\r\nAutoCAD Fast-load AutoLISP (FAS4) (100.0%)\r\nFirst seen by VirusTotal\r\n2011-10-24 21:23:59 UTC ( 8 months ago )\r\nLast seen by VirusTotal\r\n2012-06-23 19:47:19 UTC ( 1 day, 5 hours ago )\r\nFile names (max. 25)\r\n79baf616d2701cc26ef328cd9c13682db317932aa47efb8eb079d8af4a49e0a3\r\nacad.fas\r\nfile-3312805_fas\r\n20120104203533acad.fas\r\nacad-fas.txt\r\ncad.fas\r\nSHA256: b886a58c6be03d75bf0a84ea3dc18c46aa98f6a9a5905f37661a23fd48d10232\r\nhttp://contagiodump.blogspot.com/2012/06/medrea-autocad-worm-samples.html\r\nPage 6 of 10\n\nSHA1: f46c445f912c6d1224e22f9e6a76020d594888b9\r\nMD5: 25c7e10bb537b4265f6144f2cd7f6d95\r\nFile size: 22.1 KB ( 22602 bytes )\r\nFile name: b886a58c6be03d75bf0a84ea3dc18c46aa98f6a9a5905f37661a23fd48d10232\r\nFile type: unknown\r\nDetection ratio: 8 / 42\r\nAnalysis date: 2012-06-23 08:41:41 UTC ( 1 day, 17 hours ago ) \r\nAvast ALS:Merde-A [Wrm] 20120623\r\nBitDefender Trojan.ACAD.H 20120623\r\nComodo UnclassifiedMalware 20120623\r\nEmsisoft - 20120623\r\nF-Secure Trojan.ACAD.H 20120623\r\nGData Trojan.ACAD.H 20120623\r\nMcAfee - 20120623\r\nMcAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.H 20120623\r\nMicrosoft - 20120623\r\nNOD32 ACAD/Medre.A 20120622\r\nNorman Bursted.F 20120622\r\nnProtect - 20120623\r\nSUPERAntiSpyware - 20120623\r\nTrendMicro-HouseCall - 20120622\r\n384:HwvP/eyqn0QVgxccE5YBvuOeIbERnVvdeQ5v2J:iuOeFd4\r\nTrID\r\nUnknown!\r\nFirst seen by VirusTotal\r\n2012-06-21 17:23:36 UTC ( 3 days, 8 hours ago )\r\nhttp://contagiodump.blogspot.com/2012/06/medrea-autocad-worm-samples.html\r\nPage 7 of 10\n\nLast seen by VirusTotal\r\n2012-06-23 08:41:41 UTC ( 1 day, 17 hours ago )\r\nFile names (max. 25)\r\nb886a58c6be03d75bf0a84ea3dc18c46aa98f6a9a5905f37661a23fd48d10232\r\nfile-4134329_\r\n1340366577.46aa98f6a9a5905f37661a23fd48d10232\r\n未命名1\r\nSHA256: e8e1148f7497aa546e46a45f35704ed6d9f9cb8d83d04a825aaa5ae6335d979b\r\nSHA1: 44561e474bda129379d87750f49fd57a5d378f91\r\nMD5: 73dd85951ea154fbb40c26cd259ee0b7\r\nFile size: 12.0 KB ( 12334 bytes )\r\nFile name: e8e1148f7497aa546e46a45f35704ed6d9f9cb8d83d04a825aaa5ae6335d979b\r\nFile type: unknown\r\nDetection ratio: 17 / 42\r\nAnalysis date: 2012-06-23 08:42:46 UTC ( 1 day, 17 hours ago ) \r\n01\r\nAntiy-AVL Trojan/win32.agent 20120623\r\nAvast Other:Malware-gen [Trj] 20120623\r\nBitDefender Trojan.Acad.Bursted.W 20120623\r\nComodo UnclassifiedMalware 20120623\r\nEmsisoft Worm.ALisp!IK 20120623\r\nF-Secure Trojan.Acad.Bursted.W 20120623\r\nFortinet ACM/Medre.A@mm 20120623\r\nGData Trojan.Acad.Bursted.W 20120623\r\nIkarus Worm.ALisp 20120623\r\nKaspersky Email-Worm.Acad.Medre.a 20120623\r\nhttp://contagiodump.blogspot.com/2012/06/medrea-autocad-worm-samples.html\r\nPage 8 of 10\n\nMcAfee - 20120623\r\nMcAfee-GW-Edition - 20120623\r\nMicrosoft Worm:ALisp/Blemfox.gen!A 20120623\r\nNOD32 ACAD/Medre.A 20120622\r\nNorman Bursted.G 20120622\r\nnProtect - 20120623\r\nPanda ACAD/Medre.A.worm 20120622\r\nPCTools ALS.Bursted.B 20120623\r\nSUPERAntiSpyware - 20120623\r\nSymantec ALS.Bursted.B 20120623\r\nTrendMicro-HouseCall - 20120622\r\nViRobot I-Worm.Acad.A.Medre.12334.A 20120623\r\nAdditional information\r\nssdeep\r\n192:9FHRKCzYIvLCUglLBvFodl+gysUbfV01T5cjjhGkcHji:9/hdKJJFobyxAYj4ji\r\nTrID\r\nAutoCAD Fast-load AutoLISP (FAS4) (100.0%)\r\nFirst seen by VirusTotal\r\n2012-06-12 04:10:49 UTC ( 1 week, 5 days ago )\r\nLast seen by VirusTotal\r\n2012-06-23 08:42:46 UTC ( 1 day, 17 hours ago )\r\nFile names (max. 25)\r\nfile-4134332_\r\npisurith\r\ne8e1148f7497aa546e46a45f35704ed6d9f9cb8d83d04a825aaa5ae6335d979b\r\n1340366586.d6d9f9cb8d83d04a825aaa5ae6335d979b\r\nhttp://contagiodump.blogspot.com/2012/06/medrea-autocad-worm-samples.html\r\nPage 9 of 10\n\nSource: http://contagiodump.blogspot.com/2012/06/medrea-autocad-worm-samples.html\r\nhttp://contagiodump.blogspot.com/2012/06/medrea-autocad-worm-samples.html\r\nPage 10 of 10",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"http://contagiodump.blogspot.com/2012/06/medrea-autocad-worm-samples.html"
	],
	"report_names": [
		"medrea-autocad-worm-samples.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434806,
	"ts_updated_at": 1775791220,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/ce75cfcecf4e2e9188cce71911b14f0d68682773.pdf",
		"text": "https://archive.orkl.eu/ce75cfcecf4e2e9188cce71911b14f0d68682773.txt",
		"img": "https://archive.orkl.eu/ce75cfcecf4e2e9188cce71911b14f0d68682773.jpg"
	}
}