windowtabs_2013_5_23_keygen.exe

The application windowtabs_2013_5_23_keygen.exe has been detected as a potentially unwanted program by 27 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.keygen-0day.ws.
Version:
1.4.7.9

MD5:
1bc1ae218bed618ad99a4b9bb5e401b8

SHA-1:
a5e8474f188501da57b5e60a14f798f85ea72af3

SHA-256:
5370a9d3b163effc20437e95c7189c08cc695e0e5998c4e4fc55f0fd03c310c3

Scanner detections:
27 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 10:53:50 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.12368261
694

Avira AntiVirus
TR/Agent.766446
7.11.198.192

avast!
Win32:Malware-gen
2014.9-150312

AVG
Win32/Cryptor
2016.0.3172

Baidu Antivirus
Trojan.Win32.Yakes
4.0.3.15312

Bitdefender
Trojan.Generic.12368261
1.0.20.355

Emsisoft Anti-Malware
Trojan.Generic.12368261
8.15.03.12.02

ESET NOD32
Win32/Kryptik.CTJY (variant)
9.10947

Fortinet FortiGate
W32/Yakes.CTFR!tr
3/12/2015

F-Secure
Adware.Eorezo.BZ
5.13.68

G Data
Trojan.Generic.12368261
15.3.24

IKARUS anti.virus
Trojan.Win32.Yakes
t3scan.1.8.5.0

K7 AntiVirus
Trojan
13.188.14496

Kaspersky
Trojan.Win32.Yakes
15.0.0.543

Malwarebytes
Trojan.Agent.MS
v2015.03.12.02

McAfee
Artemis!1BC1AE218BED
5600.6828

MicroWorld eScan
Trojan.Generic.12368261
16.0.0.213

NANO AntiVirus
Trojan.Win32.Yakes.dkofmz
0.30.0.64448

Norman
Kryptik.CEST
11.20150312

nProtect
Trojan.Generic.12368261
14.12.30.01

Panda Antivirus
Generic Suspicious
15.03.12.02

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.141215

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Yakes
10173

Trend Micro House Call
Suspicious_GEN.F47V1217
7.2.71

VIPRE Antivirus
Trojan.Win32.Generic
36236

File size:
748.5 KB (766,446 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\windowtabs_2013_5_23_keygen.exe

File PE Metadata
Compilation timestamp:
12/25/2013 9:01:35 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:nE1P+Me9Ep1NGnjM96AeDGiHhgoiXOpo3RjL3wHu7aABZuUvMunyOUgvCa:nEV+R9EzNGng1eDrgoi+p8IuusZMfBgn

Entry address:
0x3219

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 08, A3, 98, 37, 42, 00, E8, AD, 2D, 00, 00, A3, E4, 36, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, A0, EC, 41, 00, FF, 15, 64, 71, 40, 00, 68, E4, 91, 40, 00, 68, E0, 2E, 42, 00, E8, 57, 2A, 00, 00, FF, 15, B0, 70, 40, 00, BD, 00, 90, 42, 00, 50, 55, E8, 45, 2A...
 
[+]

Entropy:
7.9866

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file windowtabs_2013_5_23_keygen.exe has been seen being distributed by the following URL.

Remove windowtabs_2013_5_23_keygen.exe - Powered by Reason Core Security