» keygen.exe
Overview
Analysis
File Details
Downloads (11)

keygen.exe

The application keygen.exe has been detected as a potentially unwanted program by 21 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dl-web.dropbox.com and multiple other hosts.

File name:

keygen.exe

MD5:

f330aa9230a65eb0482ff74c084d73e2

SHA-1:

df89f5f51d4941fb2d23e07583ca71aa0ca78248

SHA-256:

1c25b23b78586d4a66aef9950ea00235663e333f6f619c35896ad580e794ec34

Scanner detections:

21 / 68

Status:

Potentially unwanted

Analysis date:

11/9/2024 12:55:49 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Keygen

7.1.1

Avira AntiVirus

SPR/Tool.Keygen.1844

7.11.138.84

AVG

Generic29

2015.0.3528

Bkav FE

W32.Clod9f3.Trojan

1.3.0.4959

Comodo Security

UnclassifiedMalware

17969

ESET NOD32

Win32/Keygen.AU (variant)

8.9574

Fortinet FortiGate

W32/Keygen.DS!tr

3/21/2014

IKARUS anti.virus

not-a-virus.Keygen.Corel

t3scan.2.2.29

K7 AntiVirus

Trojan

13.176.11524

Malwarebytes

RiskWare.Tool.HCK

v2014.03.21.08

McAfee

Generic.grp!ia

5600.7184

Microsoft Security Essentials

HackTool:Win32/Keygen

1.10401

NANO AntiVirus

Trojan.Win32.XPACK.cufemy

0.28.0.58491

Norman

Suspicious_Gen4.XFFT

11.20140321

Panda Antivirus

Generic Trojan

14.03.21.08

Quick Heal

HackTool.Keygen (Not a Virus)

3.14.12.00

Rising Antivirus

PE:Trojan.Win32.Generic.12BCC9AA!314362282

23.00.65.14319

Sophos

Troj/Keygen-DS

4.98

Trend Micro House Call

HKTL_KEYGEN

7.2.80

Trend Micro

HKTL_KEYGEN

10.465.21

VIPRE Antivirus

Trojan.Win32.Generic.pak!cobra

27610

File size:

212 KB (217,088 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:E5iCnQtqr0R6P0v/kN73SprdrGuNfsx8ly0P619z/IECFm:E5iCQM04P6kz8rF/e9btCY

Entry address:

0x257D8

Entry point:

B8, 5C, 97, 47, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 32, EC, 7E, F5, EF, 6D, C4, 49, 1C, 2D, 8F, 68, 3C, 39, 72, 2A, 5F, AE, D0, 6C, 3F, 98, C8, 64, 14, 1C, F5, 9C, 34, CA, D3, 80, C4, 17, DD, 54, 04, 90, 6E, C9, 27, 3A, 81, 36, EA, 38, BC, 1E, 62, CC, 16, 55, 46, ED, 25, 40, 9B, 42, EC, 4D, D0, 2D, A0, E8, 61, 33, 12, 3B, 5C, 8D, 5C, E8, 77, 5C, BB, 35, C1, 9B, 55, 80, B9, D6, A0, 42, B6, 0E, 85, B2, 1E, EF, A6, 64, 72... 
[+]

Packer / compiler:

PECompact v2

Code size:

146.5 KB (150,016 bytes)

The file keygen.exe has been seen being distributed by the following 11 URLs.

https://dl-web.dropbox.com/.../CorelDraw _X6_keygen.exe

https://mega.nz/persistent/.../jxgGyA5T

http://dla.uloz.to/Ps;Hs;fid=19482720;cid=1129833588;rid=441154453;up=0;uip=49.48.251.38;tm=1452517054;ut=f;aff=ulozto.cz;did=ulozto-cz;He;ch=1b8d965f9c2d7515feb8a5f764deed82;Pe/.../keygen-exe?bD&c=1129833588&De

https://doc-0c-84-docs.googleusercontent.com/docs/securesc/3ebo2s2ibp823o2dt0tg8gm56ivt0oo9/alnujrjgr1lvehll4skjsi751csbp6bs/1465740000000/.../07460849047552088238/0B5lVui2PPfLANW5VZHlXTGMyNjQ?e=download

http://s3419.minhateca.com.br/File.aspx?e=ydflGf4n6TDZTNRwCQI-uX6UftG-BljK61AvAq3wlT0GPqdvRgKr0PW2Wqop2WWffOvtE5TbmQtVrhGa07MfoPUiid8LTUK3kuxjHj_bdAVc_OPW1aRndXb-4WYCf3Hat6-24-61EHZauSN0WiAtaw&pv=2

https://mega.nz/temporary/.../edVXTASZ

https://doc-0s-7o-docs.googleusercontent.com/docs/securesc/h7neoq5dfqkh7qdvf5ml809dce28f6el/j7lq3dm0ov6l0ootj8clg9ncaebpjjec/1464012000000/.../11087253741433306112/0B8NT9Z0eiUMPemxxa2pnWHdCYTQ?e=download

temp:keygen.exe

about:internet

http://freecache15-free.uloz.to/Ps;Hs;fid=19482720;cid=692978139;rid=799047796;up=0;uip=109.15.105.77;tm=1389488756;ut=f;aff=ulozto.cz;did=ulozto-cz;He;ch=b92b7e3b86a64e320e0113e1c13b373e;Pe/.../keygen.exe

http://dla.uloz.to/Ps;Hs;fid=19482720;cid=692978139;rid=799047796;up=0;uip=109.15.105.77;tm=1389488756;ut=f;aff=ulozto.cz;did=ulozto-cz;He;ch=b92b7e3b86a64e320e0113e1c13b373e;Pe/.../keygen.exe

Remove keygen.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.