home

WinKeyFinder173.exe

WinKeyFinder

The executable WinKeyFinder173.exe, “Displays Windows 7, Vista, XP/2003/200/.NET/98/ME/95 Product Keys, allows The user to Change The Product Key of WinXP/2003 and MS Office” has been detected as malware by 4 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from s7718.chomikuj.pl and multiple other hosts.
Publisher:
WinKeyFinder

Product:
WinKeyFinder

Description:
Displays Windows 7, Vista, XP/2003/200/.NET/98/ME/95 Product Keys, allows The user to Change The Product Key of WinXP/2003 and MS Office

Version:
1.07.0003

MD5:
55ef0cbb5f61846404494d1560892287

SHA-1:
e7cf62f01140de2c680d313f5a61d92857c2c155

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
11/28/2024 7:46:13 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
SPR/KeyFind.A
7.11.135.164

Dr.Web
Trojan.VbCrypt.86
9.0.1.080

IKARUS anti.virus
possible-Threat.KeyFind
t3scan.2.2.29

McAfee
Artemis!55EF0CBB5F61
5600.7185

File size:
252 KB (258,048 bytes)

Product version:
1.07.0003

Copyright:
Visit http://www.winkeyfinder.com for more info about Copy Rights!

Trademarks:
WinKeyFinder.com

Original file name:
WinKeyFinder173.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\documents and settings\mig\pulpit\downloads\winkeyfinder173.exe

File PE Metadata
Compilation timestamp:
3/9/2010 10:15:33 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:iafDfPW94DflC1vJHXzh8egd0/2A4wm8b:iMbxYB3zhAGv4wT

Entry address:
0x3044

Entry point:
68, 60, AA, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 2E, 85, 96, A2, CA, A5, C3, 40, B3, 90, CE, 6D, 15, A8, 16, 27, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, FD, 00, 00, 00, 00, 00, 57, 69, 6E, 4B, 65, 79, 46, 69, 6E, 64, 65, 72, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 65, DB, 4D, E2, 13, CB, C4, C2, 47, B6, 51, 30, 7B, 18, 5B, E0, 1A, D4, E1, 45, 74, 55, 63, F9, 4D, A3, 7E, 55, F1, AD, 41, B3, 69, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
220 KB (225,280 bytes)

The file WinKeyFinder173.exe has been seen being distributed by the following 5 URLs.

http://s7718.chomikuj.pl/File.aspx?e=NlTiaIxXXYwF0IJTOA8rq7Ai3uwTYLLf2dFW5nq2yePgTPuoPnY-OZHMo9KLxlyf436_C0G5-ssSSb8fj6l1H6JXslv0RjNh-f1zbq2ya5T9VnVTxlGutsOxN3B3w7RY2y32iotW55Ij8OPXH3JSsQ&pv=2

http://s10267.chomikuj.pl/File.aspx?e=NlTiaIxXXYwF0IJTOA8rq7Ai3uwTYLLf2dFW5nq2yeO-qTFS-S5hYl1eGnZNDP7fQxgU9RaSPE0URoNmKjrK9auaGfF2TCOVq-H7prD5Hpfbw_9Aw8SN1Wju-7oqXtDhp9G_P1H9-7km3BDablsLUg&pv=2

http://www.vaultsfarmhosting.com/t8B8HKQrNaRj0RB0u1Snjrvq_bbmz6uX4tTx1cp4vjH1kbc0n2LTude_kCsHso TlX_FXTMy2nFHO1ayA9qk1HiUaSKs0UXipeQKPZDrynUCtmY4S2hoiXDUKLI3H3Z3HyW5MBr7Xbg9Q6za W_TcxRfMSMsMoWB9e2uZMWVQuS5b8qCHHyrAxulmyQaTDSIt73nnOd41fc0h5n9FLysB8QgpbwUEIASMZ7jlpsgc7TTT2FRjoGBuYl3UV5qGrg_fVG7GuUcRosYLidFY gP7FylXyS2zlNNCtB6DG_mq9JSBXv 0vhYetvMAOcZQ1TynLQjUpssJmT4Vl6Q1sQP5c3tb6qPzbLWBBQI_2_RZN5ZBnBzsB63VHzQeijO2W7_Xb1Qzlpy7S2OfbP6vy7xv1pqcPKhTp9HQOBjeTCcVm88WyF8 akO8viqobEaInMT0r8NUpgsi_nCQJV3S6uQ0o3e3ZpJxGK4uC9GhO zdmmfn OA0S4hrgrttp5CoJ0ABQ4Wraq2OhU MlyObqARviD nL6F8cm5hkKMl_sreCPTTN10EqzU0A0wtxpnX5zNAzCg3T_dV3Ausq dJ0LaMeEUttvHBHgC6r5AmoSXYqZa6tfAoEU=-G00AAGRwXkyTWhQvgEMOnC50sdwSa8FELtGW3M8aty1BF5dm560AbTmjlhMRriiWnEiB6oUkIhyECA4MldKAty6gx18V8YDxiw==-e

http://s10267.chomikuj.pl/File.aspx?e=NlTiaIxXXYwF0IJTOA8rq7Ai3uwTYLLf2dFW5nq2yeNFytxwYmFjKe4uzFtokavbOMOyiBPJ4wQehRAd6rWAcVoHzGcAMDTojekbshOgSAoSqqapni8rTNWNmMxPGt0DI1qD107pvCh-l_7RloNDmQ&pv=2

http://www.winkeyfinder.com/.../WinKeyFinder173.exe

Remove WinKeyFinder173.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.