» keygen.exe
Overview
Analysis
File Details

keygen.exe

The executable keygen.exe has been detected as malware by 24 anti-virus scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power.

File name:

keygen.exe

Version:

1.0.0.0

MD5:

218bbea13ef763f676909b126beb48cd

SHA-1:

34659fa0a89644de74e2ed2d46b210e89d3106af

SHA-256:

f3b4fe28e9c4370f04588f7ace3c1fc427b926d1cb6d4f146e7a45b4c0156dd9

Scanner detections:

24 / 68

Status:

Malware

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

4/20/2024 10:39:51 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

RiskTool.BitCoinMiner

7.1.1

Avira AntiVirus

TR/Rogue.16851.3

7.11.115.162

avast!

Java:Malware-gen [Trj]

2014.9-170316

Bitdefender

Gen:Variant.Application.BitCoinMiner.5

1.0.20.375

Comodo Security

UnclassifiedMalware

17336

Dr.Web

Tool.BtcMine.134

9.0.1.075

Emsisoft Anti-Malware

Gen:Variant.Application.BitCoinMiner

8.17.03.16.12

ESET NOD32

Win32/BitCoinMiner (variant)

11.9095

Fortinet FortiGate

W32/BitCoinMiner.L

3/16/2017

F-Prot

W32/Trojan4.IJM

v6.4.7.1.166

F-Secure

Gen:Variant.Application.BitCoinMiner.5

11.2017-16-03_5

G Data

Gen:Variant.Application.BitCoinMiner

17.3.22

Kaspersky

not-a-virus:NetTool.Win32.Sniffer

14.0.0.-1318

Malwarebytes

Trojan.Autoit

v2017.03.16.12

McAfee

Artemis!218BBEA13EF7

5600.6093

Microsoft Security Essentials

HackTool:Win32/Keygen

1.163.1557.0

MicroWorld eScan

Gen:Variant.Application.BitCoinMiner.5

18.0.0.225

NANO AntiVirus

Trojan.Win32.Click1.bxhmez

0.28.0.56420

Norman

Suspicious_Gen2.GJISS

11.20170316

Panda Antivirus

Suspicious file

17.03.16.12

Sophos

Mal/LCKeyGen-B

4.95

Trend Micro House Call

CRCK_AGENT

7.2.75

Trend Micro

TROJ_SPNR.29FR13

10.465.16

VIPRE Antivirus

Trojan.Win32.Generic.pak!cobra

23734

File size:

1.9 MB (1,981,000 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\keygen.exe

File PE Metadata

Compilation timestamp:

1/29/2012 10:32:28 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

Entry address:

0x165C1

Entry point:

E8, 16, 90, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, 24, 97, 4A, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, DD, 03, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, 40, 67, 41, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83, E0, 03, 03, C8... 
[+]

Code size:

514 KB (526,336 bytes)

Remove keygen.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.