» Keygen.exe
Overview
Analysis
File Details
Downloads (1)

Keygen.exe

The executable Keygen.exe has been detected as malware by 31 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from girier.free.fr.

File name:

Keygen.exe

MD5:

17ef9a108d30df8cee4cffc088274c3b

SHA-1:

7153a757180595fdd308b4a1fd579253cf8b63a0

SHA-256:

729c8d1ca5e275cb5ea03f3c44fbf81dc09d47d3e062dca6c05f38328d0f8150

Scanner detections:

31 / 68

Status:

Malware

Analysis date:

4/26/2024 4:52:56 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.1179809

1150

Agnitum Outpost

Trojan.Agent

7.1.1

AhnLab V3 Security

Win-Trojan/Xema.variant

2013.12.26

Avira AntiVirus

TR/PWS.53760.25

7.11.121.228

AVG

PSW.OnlineGames3

2014.0.3543

Baidu Antivirus

Trojan.Win32.Agent

4.0.3.131127

Bitdefender

Trojan.Generic.1179809

1.0.20.1205

Bkav FE

HW32.CDB

1.3.0.4613

Emsisoft Anti-Malware

Trojan.Generic.1179809

8.13.08.29.06

ESET NOD32

Win32/Keygen.EM (variant)

7.9190

Fortinet FortiGate

Malware_fam.A

8/29/2013

F-Prot

W32/MalwareF.GRTQ

v6.4.7.1.166

F-Secure

Trojan.Generic.1179809

11.2013-29-08_5

G Data

Trojan.Generic.1179809

13.8.22

IKARUS anti.virus

Trojan-Downloader.Win32.VB.bbe

t3scan.2.2.29

K7 AntiVirus

Trojan

13.174.10623

McAfee

Generic.dx!ksz

5600.7181

MicroWorld eScan

Trojan.Generic.1179809

14.0.0.723

NANO AntiVirus

Trojan.Win32.Agent2.inhef

0.28.0.57029

Norman

Troj_Generic.HDMI

11.20130829

nProtect

Trojan/W32.Agent.53760.FY

13.12.24.01

Panda Antivirus

Trj/CI.A

13.08.29.06

Reason Heuristics

Unnamed.Threat.69

14.3.1.0

Rising Antivirus

PE:Trojan.Win32.Generic.11E783B5!300385205

23.00.65.13827

Sophos

Mal/KeyGen-W

4.96

SUPERAntiSpyware

Trojan.Agent/Gen-StartPage

10708

Trend Micro House Call

CRCK_KEYGEN

7.2.241

Trend Micro

CRCK_KEYGEN

10.465.29

Vba32 AntiVirus

Trojan-GameThief.OnLineGames

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

24736

ViRobot

Backdoor.Win32.S.Poison.53760

2011.4.7.4223

File size:

52.5 KB (53,760 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\keygen.exe

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

1536:4rzDH5d0iXfnaQ6nDHtXrGL0YR8W9CwFq:4Pr0iXfj6yJRN9Cws

Entry address:

0x994C

Entry point:

B8, 00, C9, 43, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, D0, 1B, 7B, CD, 85, 36, DA, 7C, 57, 60, 40, D7, 41, C5, D4, DE, 44, 7A, 81, 38, A0, 32, 11, DD, 76, 4A, A3, 88, 6A, 4F, B5, A5, F6, A8, 79, 0A, 93, C7, 0D, C1, E4, 54, C3, 83, E3, 43, E2, AF, 71, AD, 3B, 56, 38, A8, DC, F9, 38, 05, CD, 4A, 7B, D0, 9A, 5C, 1C, 99, 19, 4B, 87, 03, A4, 65, BF, 86, C7, 5C, 0A, 44, 33, D7, 52, 42, B7, 4D, 14, 40, E5, 88, FD, 92, 1B, 93, 95... 
[+]

Entropy:

7.8745

Packer / compiler:

PECompact v2

Code size:

35 KB (35,840 bytes)

The file Keygen.exe has been seen being distributed by the following URL.

http://girier.free.fr/Microsoft Research AutoCollage 2008/.../Keygen.exe

Remove Keygen.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.