» keygen.exe
Overview
Analysis
File Details
Programs (1)
Downloads (1)

keygen.exe

The executable keygen.exe has been detected as malware by 24 anti-virus scanners. This is a setup program which is used to install the application. This file is typically installed with the program SAP2000 16 by Computers and Structures, Inc.. The file has been seen being downloaded from dc391.4shared.com.

File name:

keygen.exe

MD5:

f318998e2cc38f2489a116b93650294f

SHA-1:

74a996c068b326f1dd959eb5c9e3409a21ef568f

SHA-256:

7ef38e5e2945b887511e732df07b615af2b0b277ff144cb5f531f3f220776c4e

Scanner detections:

24 / 68

Status:

Malware

Analysis date:

11/17/2024 5:38:25 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Trojan.Heur.RP.hDW@aipSpYi

902

Agnitum Outpost

Trojan.Black

7.1.1

Avira AntiVirus

TR/Black.Gen2

7.11.162.136

avast!

Win32:Malware-gen

2014.9-140816

AVG

Win32/Blacked

2015.0.3380

Baidu Antivirus

Trojan.Win32.VMProtect

4.0.3.14816

Bitdefender

Gen:Trojan.Heur.RP.hDW@aipSpYi

1.0.20.1140

Bkav FE

W32.Clod7d3.Trojan

1.3.0.4959

Comodo Security

UnclassifiedMalware

18880

Emsisoft Anti-Malware

Gen:Trojan.Heur.RP.hDW@aipSpYi

8.14.08.16.02

ESET NOD32

Win32/Keygen.JK

8.10115

Fortinet FortiGate

W32/VMProtBad.A

8/16/2014

F-Secure

Gen:Trojan.Heur.RP.hDW@aipSpYi

11.2014-16-08_7

G Data

Gen:Trojan.Heur.RP.hDW@aipSpYi

14.8.24

IKARUS anti.virus

Trojan.Win32.Spy

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.180.12763

McAfee

Artemis!F318998E2CC3

5600.7036

MicroWorld eScan

Gen:Trojan.Heur.RP.hDW@aipSpYi

15.0.0.684

NANO AntiVirus

Trojan.Win32.RP.czxiqi

0.28.2.60881

Norman

Troj_Generic.QVULS

11.20140816

Sophos

Mal/VMProtBad-A

4.98

Trend Micro House Call

CRCK_KEYGEN

7.2.228

Trend Micro

CRCK_KEYGEN

10.465.16

VIPRE Antivirus

Trojan.Win32.Generic

31364

File size:

1.1 MB (1,174,016 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\computers and structures\etabs 2013\keygen.exe

File PE Metadata

Compilation timestamp:

11/2/2013 4:07:11 AM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

12.0

CTPH (ssdeep):

24576:OdDqoCwo2GaYvHFrAxgNNmAMEzdulxvEhezjlddA5//:OgwoXaYhx3PdcvJ3lddA5//

Entry address:

0x210B2F

Entry point:

68, 2F, 82, 56, 32, C7, 04, 24, A0, FF, 8A, EA, 9C, C7, 04, 24, FD, 98, E3, 2F, 60, 9C, C6, 04, 24, 25, 8D, 64, 24, 24, E9, 7F, 84, 05, 00, F9, 89, 2C, 24, 85, D2, 66, 89, 7C, 24, 04, 54, 60, 8D, 64, 24, 2C, 0F, 84, 61, CE, FF, FF, C0, ED, 05, 01, C2, 66, 0F, BD, C9, D0, D1, 8B, 4E, 7C, F8, F9, 0F, BA, E5, 0B, 01, D1, 60, 88, 24, 24, 38, E0, 9C, 89, 4D, F0, A8, D0, 8B, 4D, 0C, 89, 0C, 24, 60, 81, F9, FF, FF, 00, 00, 88, 64, 24, 04, 8D, 64, 24, 44, 0F, 86, 23, EF, FF, FF, E9, 51, 7F, FF, FF, F2, 2C, 28, 06... 
[+]

Entropy:

7.9106 (probably packed)

Code size:

241 KB (246,784 bytes)

The file keygen.exe has been discovered within the following program.

SAP2000 16 by Computers and Structures, Inc.

www.csiamerica.com

About 1% of users remove it

The file keygen.exe has been seen being distributed by the following URL.

http://dc391.4shared.com/download/.../csi_kg.exe

Remove keygen.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.