home

keygen.exe

The executable keygen.exe has been detected as malware by 8 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from docs.google.com and multiple other hosts.
MD5:
882edee4cc71806190ca43993e8b2eb5

SHA-1:
a87658d31340ea5cdfb4bb690aa93791b1a17d54

SHA-256:
ebf01507abfd5eba4aeb8d235aa36a0d1b7ab177f87576f37a4e0d47dec5cd58

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
12/26/2024 11:55:14 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
W32.W.Otwycal
2.1.4+

avast!
Win32:Malware-gen
2014.9-160321

ESET NOD32
Win32/Keygen.PE potentially unsafe application
6.3.12010.0

F-Secure
Trojan.Generic.16170321
5.15.96

McAfee
Artemis!882EDEE4CC71
5600.6453

Microsoft Security Essentials
Unknown
1.237.42.0

Sophos
Keygen (PUA)
4.98

SUPERAntiSpyware
HackTool/Gen-KeyGen
9251

File size:
376 KB (385,024 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\keygen.exe

File PE Metadata
Compilation timestamp:
3/15/2016 4:30:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:yvWyBzx+L6oudngpAQsUrOFICLZpv748izovmOt9RJkT4ryL4ltvDy:yu4zgudngpAQjg/LHv99Ju4ryL4LD

Entry address:
0xBE5F0

Entry point:
60, BE, 00, 10, 47, 00, 8D, BE, 00, 00, F9, FF, C7, 87, 8C, C7, 07, 00, FC, 06, 8D, 56, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
312 KB (319,488 bytes)

The file keygen.exe has been seen being distributed by the following 20 URLs.

https://docs.google.com/uc?authuser=0&id=0B0oUwxia7_LkWHhFbURvbm9Tams&export=download

https://docs.google.com/uc?id=0B0oUwxia7_LkWHhFbURvbm9Tams&export=download

https://doc-10-1k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/tp1pd61hlavb3kugrrnaf64s5js8t6lm/1483711200000/00684063178437344028/.../0B0oUwxia7_LkWHhFbURvbm9Tams?e=download

http://dc697.4shared.com/download/.../Keygen.exe

https://docs.google.com/uc?authuser=0&id=0B7MFzSGUTti4VmQ2RDBFci1FLTQ&export=download

https://mega.nz/temporary/.../lVMAiKRA

https://mega.nz/temporary/.../r9kg3CqC

https://mega.nz/persistent/.../PlsmDZ6A

https://doc-04-4s-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/qg9ku99kfs2hmlb0nh0ltntetr79u0vv/1474034400000/00842256268237621846/.../0B8kg7nBiNC7GZ1kyMjFhSk14LXM?e=download

https://doc-0o-9s-docs.googleusercontent.com/docs/securesc/bkslcdnaphg0pu9hlqglfpn0uqsobeqk/d820qnqdr1ke51ij4518qsf4a2a9d57n/1480924800000/13222138703655443282/.../0B6k-nRQpY2kybGtES2p1X1FVbk0?e=download

http://dc594.4shared.com/download/.../Keygen.exe

https://doc-0c-80-docs.googleusercontent.com/docs/securesc/urchn794qlpcbovl1necgfrh6apsb9f1/meodlp26promn9g1tp9onnc27s5iv518/1467158400000/.../13499944353317083417/0BylBYlugcxSBVEpJVlJnakY1S1k?e=download

http://dc368.4shared.com/download/.../Keygen.exe

https://web.telegram.org/.../Keygen_777823589532441227.exe

http://dc618.4shared.com/download/.../Keygen.exe

https://mega.nz/temporary/.../F0sBSLhb

https://download.wetransfer.com/wetransfer-us1/.../Keygen.exe

chrome-extension://bigefpfhnfcobdlfbedofhhaibnlghod/persistent/.../RIB3wKCA

https://mega.nz/persistent/.../RIB3wKCA

https://mega.nz/temporary/.../RIB3wKCA

Remove keygen.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.