» keygen.exe
Overview
Analysis
File Details
Downloads (1)

keygen.exe

The application keygen.exe has been detected as a potentially unwanted program by 24 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from yansong.liu.free.fr.

File name:

keygen.exe

MD5:

5941f8b39486de756e479d2259c4309d

SHA-1:

d6006734b46f3e0bd44edaca1ffc13ab974c2915

SHA-256:

83766e687121b85a5d40d409f08526d087e07335dbbedfc8dbed9c05730c51d9

Scanner detections:

24 / 68

Status:

Potentially unwanted

Analysis date:

4/16/2024 10:26:57 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Backdoor.ProRat

7.1.1

AhnLab V3 Security

Trojan/Win32.Prorat

2013.12.24

Avira AntiVirus

BDS/Prorat.hjg

7.11.121.112

AVG

Crack

2014.0.3543

Baidu Antivirus

Trojan.Win32.Agent

4.0.3.131127

Bkav FE

W32.Clodd8e.Trojan

1.3.0.4613

Comodo Security

TrojWare.Win32.Agent.yywn

17487

ESET NOD32

Win32/Keygen.AU (variant)

7.9190

Fortinet FortiGate

W32/ProRat.HJG!tr.bdr

8/29/2013

F-Prot

W32/MalwareF.GYQV

v6.4.7.1.166

IKARUS anti.virus

not-a-virus.Keygen.Corel

t3scan.2.2.29

K7 AntiVirus

Riskware

13.174.10609

Malwarebytes

RiskWare.Tool.CK

v2013.08.29.06

McAfee

BackDoor-AVW!bd

5600.7181

Microsoft Security Essentials

HackTool:Win32/Keygen

1.165.247.01

NANO AntiVirus

Trojan.Win32.Prorat.cpznw

0.28.0.57029

nProtect

Backdoor/W32.Agent.215552.L

13.12.23.01

Panda Antivirus

Bck/Prorat.HT

13.08.29.06

Reason Heuristics

Unnamed.Threat.50

14.3.1.0

Sophos

Troj/Keygen-DS

4.96

Trend Micro House Call

BKDR_PRORAT.OY

7.2.241

Trend Micro

BKDR_PRORAT.OY

10.465.29

Vba32 AntiVirus

Backdoor.Prorat

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic.pak!cobra

24672

File size:

210.5 KB (215,552 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\keygen.exe

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

3072:0d/pbvBZPqfCIR6PsZAmHH24PUgkXr6tZBPJ6TjXzBYv+p1TKw:epbGf6Pss8KXr2hcTjU+p1

Entry address:

0x250C8

Entry point:

B8, 04, 97, 47, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 0F, 5E, 60, A1, F3, B1, 1B, B4, BF, 76, 85, 81, 80, BB, 50, 22, 74, AA, D1, C5, B7, 29, 24, EA, 49, 5E, B7, 1F, 2B, 8D, 34, F5, F9, CD, 2B, A0, 22, 90, 2C, AD, E9, 40, E9, F1, E0, 66, DE, 78, CD, 70, 75, 13, 31, 86, B5, 60, 38, E0, 88, 3E, 28, 12, 26, E1, 61, C7, C3, B1, 09, EF, F5, 92, 6C, 63, 4F, 72, 7D, C0, 47, B2, 84, 3A, C9, D0, 81, 08, C9, B9, DF, 1A, C9, 2E, 98... 
[+]

Entropy:

7.9673

Packer / compiler:

PECompact v2

Code size:

144.5 KB (147,968 bytes)

The file keygen.exe has been seen being distributed by the following URL.

http://yansong.liu.free.fr/logiciel/.../keygen.exe

Remove keygen.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.