RecoverKeys.exe

Recover Keys

ONE UP LTD.

The executable RecoverKeys.exe, “Tool for getting installed software keys” has been detected as malware by 1 anti-virus scanner. This is a setup and installation application and has been known to bundle potentially unwanted software.
Publisher:
ONE UP LTD.  (signed and verified)

Product:
Recover Keys

Description:
Tool for getting installed software keys

Version:
7.0.3.86

MD5:
0fb4344e468d3e91c06faa798e640e52

SHA-1:
0205541a86b9d257e4c9364b451ceab4fb124850

SHA-256:
140c06398c8562ca1d5c05e8790cbfb281533b99c0cc3ca4fa243a52bba642cf

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/24/2024 7:41:17 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win64.Generic
16.11.21.2

File size:
17.9 MB (18,797,920 bytes)

Product version:
7.0.3.86

Copyright:
© ONE UP LTD. All rights reserved.

Original file name:
RecoverKeys.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\recover keys\recoverkeys.exe

Digital Signature
Signed by:

Authority:
Starfield Technologies, Inc.

Valid from:
4/25/2013 3:33:03 PM

Valid to:
4/25/2016 3:33:03 PM

Subject:
CN=ONE UP LTD., O=ONE UP LTD., L=LEMESOS, S=LEMESOS, C=CY

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
041ABD63CA5DA9

File PE Metadata
Compilation timestamp:
9/30/2013 2:32:15 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
196608:tnKxR+tXjdOgK+fx49250PDmGkdBZn6hS:sCw+fajKpZn64

Entry address:
0xD37230

Entry point:
55, 48, 83, EC, 30, 48, 8B, EC, 48, C7, 45, 28, 00, 00, 00, 00, 48, C7, 45, 20, 00, 00, 00, 00, 90, 48, 8D, 0D, E8, 5C, FE, FF, E8, EB, CE, 2D, FF, 90, 48, 8D, 4D, 20, C7, C2, 01, 00, 00, 00, E8, 7B, F2, 2C, FF, 48, 8D, 4D, 28, 48, 8B, 55, 20, E8, BE, 65, 2F, FF, 48, 8B, 4D, 28, 48, 8D, 15, DF, 00, 00, 00, E8, 2E, 82, 2D, FF, 48, 8B, 0D, 9F, 49, 15, 00, 85, C0, 0F, 94, C0, 88, 01, 48, 8B, 05, 71, 59, 15, 00, 48, 8B, 08, E8, C1, BC, 49, FF, 48, 8B, 05, 62, 59, 15, 00, 48, 8B, 08, 48, 8D, 15, C8, 00, 00, 00...
 
[+]

Code size:
13.2 MB (13,853,696 bytes)

Remove RecoverKeys.exe - Powered by Reason Core Security