home

keygen-fff.exe

The application keygen-fff.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from cs01.peoplefiles.me.
MD5:
13b6311eb7401a310c81b460bf8d9048

SHA-1:
a68399a4f4d3cae2ce35664e3b69eadaf3d2e6c6

SHA-256:
6c50d1522b8fc7529bb17d1286625708c3d9db5073e9f5d83012a3923c02540a

Scanner detections:
22 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 6:46:09 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Backdoor.Agent
7.1.1

AhnLab V3 Security
Win-Trojan/Xema.variant
2014.10.22

Avira AntiVirus
TR/Crypt.XPACK.Gen
7.11.180.138

AVG
BackDoor.Generic14
2015.0.3288

Bkav FE
W32.Clodab6.Trojan
1.3.0.4959

Comodo Security
UnclassifiedMalware
19871

ESET NOD32
Win32/Keygen.AI (variant)
8.10601

Fortinet FortiGate
W32/Malware_fam.NB
11/17/2014

F-Prot
W32/Backdoor2.DXNI
v6.4.7.1.166

G Data
Win32.Trojan.Agent.7AQSQ7
14.11.24

IKARUS anti.virus
not-a-virus.Patch.winrar
t3scan.1.7.8.0

K7 AntiVirus
Trojan
13.184.13741

Malwarebytes
Trojan.Agent
v2014.11.17.04

McAfee
Artemis!13B6311EB740
5600.6944

Norman
Hacktool.A!genr
11.20141117

nProtect
Trojan/W32.Agent.224819
14.10.21.01

Rising Antivirus
PE:Trojan.Win32.Generic.140ABA28!336247336
23.00.65.141115

Sophos
Troj/Agent-ACMK
4.98

Total Defense
Win32/Cracker.AR
37.0.11242

VIPRE Antivirus
Trojan.Win32.Generic
34142

ViRobot
Trojan.Win32.Agent.224819
2011.4.7.4223

XVirus List
Win32.Detected
2.11.17

File size:
219.5 KB (224,819 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\winrar 5.00 beta 8 [x86-x64].multi4.[esp,eng,rus,swed]+keygen\english\keygen\keygen-fff.exe

File PE Metadata
Compilation timestamp:
2/24/2009 6:03:09 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:yOznr5QBO4J7Zw2i+qoPiR8Tfm3kkgKRbnWBe+Ssjc:Rznr6OK6NoqR8Tfm3kk1R6dSsjc

Entry address:
0x5C000

Entry point:
E8, 24, 00, 00, 00, 8B, 4C, 24, 0C, C7, 01, 17, 90, 01, 90, C7, 81, 90, 90, 90, 90, 90, 90, 90, 31, C0, 89, 41, 14, 89, 41, 18, 80, A1, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, BA, A9, 94, 40, 00, FF, E2...
 
[+]

Entropy:
7.9939

Packer / compiler:
EXECryptor v1.3.0.45

Code size:
99.5 KB (101,888 bytes)

The file keygen-fff.exe has been seen being distributed by the following URL.

http://cs01.peoplefiles.me/f/085223111048144103137101024091173088165062068243120128/1430848701/35302522/0/.../KeyGen_WRAR_ALL-spaces_ru-spaces.ru.exe

Remove keygen-fff.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.