» keygen.exe
Overview
Analysis
File Details
Downloads (2)

keygen.exe

Keymaker

The application keygen.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from drive.google.com and multiple other hosts.

File name:

keygen.exe

Product:

Keymaker

Version:

2, 0, 0, 5

MD5:

1b4e8b2d50cf6d7102476703687fbf0c

SHA-1:

1ebd17b5f8e3de52ccd76c7b6968237a710c5bb7

SHA-256:

3e27b008946c74684995ffe5986304c94cc1bb192e0b72e809610c137350340b

Scanner detections:

22 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 8:54:42 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.9576502

1134

Agnitum Outpost

Suspicious

7.1.1

AhnLab V3 Security

Unwanted/Win32.Keygen

2014.01.10

AVG

Crack

2014.0.3612

Bitdefender

Trojan.Generic.9576502

1.0.20.1805

Comodo Security

Packed.Win32.MUPX.Gen

17585

Emsisoft Anti-Malware

Trojan.Generic.9576502

8.14.01.11.01

ESET NOD32

Win32/Keygen.IH (variant)

7.9273

Fortinet FortiGate

W32/Keygen.K!tr

12/27/2013

G Data

Trojan.Generic.9576502

13.12.22

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.2.2.29

K7 AntiVirus

Riskware

13.175.10794

Malwarebytes

Riskware.Tool.CK

v2013.12.27.07

McAfee

RDN/Generic.dx!cqq

5600.7268

MicroWorld eScan

Trojan.Generic.9576502

15.0.0.33

Norman

Suspicious_Gen4.EXODZ

11.20131227

nProtect

Trojan.Generic.9576502

14.01.10.01

Panda Antivirus

Malicious Packer

14.01.11.01

Sophos

Mal/Keygen-K

4.96

Trend Micro House Call

CRCK_KEYGEN

7.2.361

Trend Micro

CRCK_KEYGEN

10.465.27

VIPRE Antivirus

Trojan.Win32.Generic

25280

File size:

56 KB (57,344 bytes)

Product version:

2, 0, 0, 5

Original file name:

keygen.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

File PE Metadata

Compilation timestamp:

9/4/2013 6:56:46 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:SNJtEadeO8gFKCH3Vkit+e+ub997fqYhzmNzJ16MtTS2:SNbEadr8mKSVbt1D9LqY2J1w2

Entry address:

0x295AD

Entry point:

0F, BE, EA, 0F, BB, D3, 87, C8, 0F, A4, F7, FD, BE, CD, 5C, AF, B6, E8, 00, 00, 00, 00, 59, 83, C1, 07, 51, C3, C3, BA, F0, 93, 42, 00, 52, B9, A8, 00, 00, 00, 81, 32, E4, A7, 10, 00, 51, 2B, C9, B9, 04, 00, 00, 00, 83, C2, 01, E2, FB, 59, 83, E9, 03, 49, 75, E6, EB, D8, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 06, 00, 02, 00, 00, 00, 40, 00, 00, 80, 03, 00, 00, 00, E0, 00, 00, 80, 05, 00, 00, 00, 20, 01, 00, 80, 06, 00, 00, 00, 60... 
[+]

Entropy:

7.7629 (probably packed)

Code size:

48 KB (49,152 bytes)

The file keygen.exe has been seen being distributed by the following 2 URLs.

https://drive.google.com/uc?export=download&confirm=hMqI&id=0B0LsMero6S_LRHMwNlhPdjE4Nms

http://example.com/

Remove keygen.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.