» WinProductKey.exe
Overview
Analysis
File Details

WinProductKey.exe

Windows Activation Key Viewer

Ultimate Systems

The executable WinProductKey.exe has been detected as malware by 4 anti-virus scanners.

File name:

WinProductKey.exe

Publisher:

Ultimate Systems (signed and verified)

Product:

Windows Activation Key Viewer

Description:

WinProductKey

Version:

1.1.0.1

MD5:

aee05924b52a157c578c51ba4813748c

SHA-1:

854d8a3a56e194aa064860fa1350968d91c1cb45

SHA-256:

dd6d3d57ff148839b514cffe6ef27f757fb595051213c4229423eff6796f999a

Scanner detections:

4 / 68

Status:

Malware

Analysis date:

11/23/2024 9:17:19 PM UTC (today)

Scan engine

Detection

Engine version

Emsisoft Anti-Malware

Win32.Floxif

11.5.0.6191

ESET NOD32

Win32/Floxif.H virus

8.0.319.0

Norman

Win32.Floxif.A

19.05.2016 01:04:49

VIPRE Antivirus

Threat.4760052

50516

File size:

3.3 MB (3,499,535 bytes)

Product version:

1.1.0.1

Original file name:

WinProductKey.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\winproductkey\winproductkey.exe

Digital Signature

Signed by:

Ultimate Systems

Authority:

COMODO CA Limited

Valid from:

2/11/2015 12:00:00 AM

Valid to:

2/11/2016 11:59:59 PM

Subject:

CN=Ultimate Systems, O=Ultimate Systems, STREET="Intr. Ioan Vasii, Bl. C8, Ap.4", L=Timisoara, S=Timis, PostalCode=300133, C=RO

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

11EB064F748B3729B48E31B2FF88D458

File PE Metadata

Compilation timestamp:

9/8/2015 2:12:31 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

98304:JUliCnZHBRn/B8TS/QsTwuTuzS2XhFLOAkGkzdnEVomFHKnPq+:JUvDeiuzS2RFLOyomFHKnPq+

Entry address:

0x12B776

Entry point:

E9, 5B, 79, F4, FF, E9, 7F, FE, FF, FF, 3B, 0D, B0, 71, 5A, 00, 75, 02, F3, C3, E9, 3D, 00, 00, 00, 55, 8B, EC, FF, 15, 00, 43, 55, 00, 6A, 01, A3, BC, 1F, 5B, 00, E8, 78, 79, 00, 00, FF, 75, 08, E8, 0D, 79, 00, 00, 83, 3D, BC, 1F, 5B, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 5E, 79, 00, 00, 59, 68, 09, 04, 00, C0, E8, DB, 78, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, D0, 80, 01, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, A0, 1D, 5B, 00, 89, 0D, 9C, 1D, 5B, 00, 89, 15, 98, 1D, 5B, 00... 
[+]

Entropy:

7.1216

Packer / compiler:

Xtreme-Protector v1.05

Code size:

1.3 MB (1,384,960 bytes)

Remove WinProductKey.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.