keygen.exe

The executable keygen.exe has been detected as malware by 13 anti-virus scanners. The file has been seen being downloaded from comjjin.tistory.com.
MD5:
a1d7eadbfce3f08b7a1b29a7c6bddc9f

SHA-1:
d5e1dc5659ce4c34d0dd5a66a348a5fd0750fa0b

SHA-256:
32bb04757bc748ea408880e8239403bb911a88961ac51b7ca09f1500c1672313

Scanner detections:
13 / 68

Status:
Malware

Analysis date:
12/26/2024 2:58:48 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
SPR/Keygen.41518
8.3.1.6

Comodo Security
UnclassifiedMalware
22164

Fortinet FortiGate
Keygen
8/1/2016

G Data
Win32.Trojan.Agent.ZFNUFH
16.8.25

IKARUS anti.virus
Trojan.Win32.Agent
t3scan.1.8.9.0

McAfee
Keygen-NetBus
5600.6321

Norman
Suspicious_Gen2.AAZXI
11.20160801

Panda Antivirus
Generic Malware
16.08.01.11

Quick Heal
(Suspicious) - DNAScan
8.16.14.00

Sophos
Keygen
4.98

Trend Micro House Call
PAK_Generic.001
7.2.214

Trend Micro
PAK_Generic.001
10.465.01

VIPRE Antivirus
Trojan.Win32.Generic
40340

File size:
40.5 KB (41,518 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\keygen.exe

File PE Metadata
Compilation timestamp:
10/12/2036 12:06:01 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
768:nlGga0ErwxvuHRhalhM9kbtAMllbMXWlpbEa9+5NKmRnt:lGv0mwxvuxhYM96+MleXMVjU50C

Entry address:
0x6BBF

Entry point:
90, 90, 90, 75, 00, E9, 37, 54, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 50, 00, 72, 6F, 70, 68, 65, 63, 79, 20, 0E, 5B, 74, 4E, 4F, A7, 27, 39, 17, 5D, 0F, 1F, FD, 8F, 42, 75, 73, 8D, 50, 34, C2, B7, 01, 56, 50, 54, EE, 20, 1D, 4E, 61, 6D, 5C, 6C, 94, 73, E4, 1A, 4F, 6E, 0C, 93, F5, 85, 1C, 12, 06, 43, 6F, 64, 0A, 38, 68...
 
[+]

Entropy:
7.5276

Packer / compiler:
ASPack v1.07b

Code size:
42 KB (43,008 bytes)

The file keygen.exe has been seen being distributed by the following URL.

Remove keygen.exe - Powered by Reason Core Security