Keygen[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Keygen.exe
Size

3.2MB
MD5

46d41a1e47cfa865873228f3558f9ad6
SHA1

7a5392a1688be520a23992f6bf579c28b59af4ce
SHA256

0268db7d732722c72ce403c57984ce68dfcd07cdb6286276c85381b1e2d99b52
SHA512

47cadec98e7c5331969e0f78ea314d685dac6a94f2edac5f9bec7843681ec25c26e108cc13d1f3f00496f273ef50ff8ca4fac3abaf68e71a070ad30938d308ea
SSDEEP

98304:xAKMNpzR4rYvwFAik96UvyF9FbZMLC4X4n:xeNX6YICiksUvyFPWLCg4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Keygen.exe

Files

Keygen.exe
.exe windows:5 windows x86

05d2b996a1c3463b70348352130a4eb4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

oleaut32

SysFreeString

advapi32

RegCloseKey

user32

CharNextW

gdi32

Pie

version

VerQueryValueW

netapi32

NetWkstaGetInfo

ole32

IsEqualGUID

comctl32

ImageList_Add

msvcrt

memset

shell32

Shell_NotifyIconW
IsUserAnAdmin

comdlg32

GetSaveFileNameW

winspool.drv

OpenPrinterW

Exports

Exports

TMethodImplementationIntercept

Sections

.
Size: 3.1MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE