keygen.exe

The application keygen.exe has been detected as a potentially unwanted program by 30 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from docviewer.yandex.com and multiple other hosts.
MD5:
15780f08163c1ca15ff7ab3b7768ad84

SHA-1:
feae3a5baffa5bc8386cf346269eb86c0b700aa6

SHA-256:
33fd35f4c21e6253ed547ce1bc37e28d3173a542eb7be2ab5cff660b77e0389b

Scanner detections:
30 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 5:39:13 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.6906603
1138

Agnitum Outpost
Trojan.Packed
7.1.1

AhnLab V3 Security
Unwanted/Win32.Keygen
2013.12.23

Avira AntiVirus
TR/Offend.6906603.1
7.11.121.86

AVG
Win32/Blacked
2014.0.3616

Bitdefender
Trojan.Generic.6906603
1.0.20.1785

Bkav FE
W32.Clod7dd.Trojan
1.3.0.4613

Clam AntiVirus
W32.Hacktool.Crack.Sony
0.98/18355

Comodo Security
UnclassifiedMalware
17483

Emsisoft Anti-Malware
Trojan.Generic.6906603
8.13.12.23.03

ESET NOD32
Win32/Keygen.HU (variant)
7.9190

Fortinet FortiGate
PossibleThreat
12/23/2013

F-Prot
W32/SuspPack.DX.gen
v6.4.7.1.166

F-Secure
Trojan.Generic.6906603
11.2013-23-12_2

G Data
Trojan.Generic.6906603
13.12.22

IKARUS anti.virus
not-a-virus.Keygen.SonyVegasPro10
t3scan.2.2.29

K7 AntiVirus
Trojan
13.174.10588

Malwarebytes
RiskWare.Tool.CK
v2013.12.23.03

McAfee
Artemis!15780F08163C
5600.7272

Microsoft Security Essentials
1.165.247.01

MicroWorld eScan
Trojan.Generic.6906603
14.0.0.1071

Norman
Suspicious_Gen2.EHICP
11.20131223

nProtect
Backdoor/W32.Agent.2691584
13.12.22.01

Panda Antivirus
Generic Malware
13.12.23.03

Rising Antivirus
PE:Trojan.Win32.Generic.124E7527!307131687
23.00.65.131221

Sophos
Mal/VMProtBad-A
4.96

Total Defense
Win32/keygen.AC
37.0.10655

Trend Micro
CRCK_KEYGEN
10.465.23

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
24644

ViRobot
JS.A.Iframe.2691584
2011.4.7.4223

File size:
2.6 MB (2,691,584 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\parche for sony vegas - mraxr\parche for sony vegas pro 10 - mraxr\keygen.exe

File PE Metadata
Compilation timestamp:
10/16/2010 6:40:26 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:rR/lWhuBhlQdcPqTw8OUk2Uq6NpUqCkaGxhOertABQvfwDCG2J:JlWs7lsFTwnUk2WCqyertABQHyo

Entry address:
0x53BFC1

Entry point:
E8, 2B, 1E, E3, FF, 84, 85, B6, FD, 4C, 2C, 75, 56, 8C, 19, E5, 12, 43, F7, B4, DA, FE, 29, E1, 08, B2, 66, AF, 4F, B6, 4A, 30, AE, B6, E9, 55, 22, DC, 45, 2B, 7C, 6C, 0C, E6, A1, 0A, F0, 96, D2, 82, EA, F6, 4F, A9, C9, AF, 81, E6, 7C, 37, A5, 9B, A2, 04, A5, E4, 36, F6, E1, 51, 36, 59, 7B, 27, 8C, 36, A8, F4, B6, E1, E8, 8B, 88, E2, 9B, 75, D2, 79, BF, 83, 17, 77, FA, 6E, A0, A7, 78, C9, 4B, 86, 10, BC, E3, 9E, C3, 77, 1C, 71, ED, 2C, D1, 3B, FA, 71, DB, 01, 57, 12, C1, E4, 13, C6, EB, 0E, B1, EC, 1E, C9...
 
[+]

Code size:
5.4 MB (5,639,680 bytes)

The file keygen.exe has been seen being distributed by the following 10 URLs.

https://docviewer.yandex.com/source?id=395wiu-2yjfkgjxxneomjjld7kfdagmcmr840o4zyudr3bj0rcnef1qnduj8x2viefyg4tn6wqh7taq5136pk304jvdnjqn15kuq5nogcz&archive-path=//Sony vegas Pro 10 tutosweb88/.../SJa6msuRG07uPg==&name=tutos10 tutosweb88.rar

http://dc307.4shared.com/download/.../Sony_Vegas_10_Keygen.exe

https://docviewer.yandex.com/source?id=395wiu-2yjfkgjxxneomjjld7kfdagmcmr840o4zyudr3bj0rcnef1qnduj8x2viefyg4tn6wqh7taq5136pk304jvdnjqn15kuq5nogcz&archive-path=//.../Keygen.exe&ts=157636b5847&token=QemBzRW7b6qoDPvVj1GuhQ==&name=tutos10 tutosweb88.rar

https://docviewer.yandex.com/source?id=395wiu-2yjfkgjxxneomjjld7kfdagmcmr840o4zyudr3bj0rcnef1qnduj8x2viefyg4tn6wqh7taq5136pk304jvdnjqn15kuq5nogcz&archive-path=//.../Keygen.exe&ts=158326c32df&token=cUA7QIqAQ4BS7LWDXoJ2bg==&name=tutos10 tutosweb88.rar

http://205.196.123.20/s5pmd4gaireg/.../Sony Key.exe

Remove keygen.exe - Powered by Reason Core Security