home

RecoverKeys.exe

Recover Keys

ONE UP LTD.

The executable RecoverKeys.exe, “Tool for getting installed software keys” has been detected as malware by 7 anti-virus scanners. This is a setup and installation application and has been known to bundle potentially unwanted software.
Publisher:
ONE UP LTD.  (signed and verified)

Product:
Recover Keys

Description:
Tool for getting installed software keys

Version:
9.0.3.168

MD5:
53a0a824ccf38f2ab7b78d9eb74b10db

SHA-1:
96c7686eccf93b1bafabe0785bbce10e9ab9af4c

SHA-256:
0a20c5b9e7242ab6043e15e6589dd7739ca46ba60e760105d8067697874e525d

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
4/24/2024 8:42:22 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11430506
361

F-Secure
Trojan.Generic.11430506
11.2016-08-02_2

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.6.1.0

McAfee
Artemis!57FC79B87AE9
5600.6495

MicroWorld eScan
Trojan.Generic.11430506
17.0.0.117

Reason Heuristics
Win32.Generic
16.2.8.14

Trend Micro House Call
Suspicious_GEN.F47V0815
7.2.39

File size:
21.7 MB (22,708,640 bytes)

Product version:
9.0.3.168

Copyright:
© ONE UP LTD. All rights reserved.

Original file name:
RecoverKeys.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\recover keys\recoverkeys.exe

Digital Signature
Signed by:
ONE UP LTD.

Authority:
Starfield Technologies, Inc.

Valid from:
4/25/2013 3:33:03 PM

Valid to:
4/25/2016 3:33:03 PM

Subject:
CN=ONE UP LTD., O=ONE UP LTD., L=LEMESOS, S=LEMESOS, C=CY

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
041ABD63CA5DA9

File PE Metadata
Compilation timestamp:
2/4/2016 3:14:41 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:5W5X6M3fLMwkdELzxfblM7AHzceWsSwYvcq8tGwZcTgJaU9tzkdR3wrtFNwGmgx+:8KMPL7RLzxjsWr/q8IwZcQacpQpNDAHK

Entry address:
0xA129A0

Entry point:
55, 8B, EC, 83, C4, E8, 33, C0, 89, 45, EC, 89, 45, E8, B8, F0, B0, DF, 00, E8, 48, 9B, 5F, FF, 33, C0, 55, 68, 4F, 2A, E1, 00, 64, FF, 30, 64, 89, 20, 8D, 55, E8, B8, 01, 00, 00, 00, E8, 75, 23, 5F, FF, 8B, 45, E8, 8D, 55, EC, E8, AA, DA, 60, FF, 8B, 45, EC, BA, 68, 2A, E1, 00, E8, A9, 67, 5F, FF, A1, 98, D4, E4, 00, 0F, 94, 00, A1, 6C, DC, E4, 00, 8B, 00, E8, 39, 78, 71, FF, A1, 6C, DC, E4, 00, 8B, 00, BA, 84, 2A, E1, 00, E8, 68, 72, 71, FF, 8B, 0D, 0C, DA, E4, 00, A1, 6C, DC, E4, 00, 8B, 00, 8B, 15, 1C...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
10.1 MB (10,556,928 bytes)

Remove RecoverKeys.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.