keygen[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

keygen.exe
Size

1.3MB
MD5

0acb059ec807e4c2864eb15f595ddc48
SHA1

cda0c27cde9002bfa3cfd8089e636324865d9c32
SHA256

0773f3e7517a11f256267e347b08afb63b4d4d22680c650fcb1e8d3473929592
SHA512

58cc4ab26133c4f54000bcfb32a5eafb86aeedd057834b53fa2054c49d428d03393a80dac404f24b9bd340fa4ad5eb6ea44eac262a093dac8b03d59852b5c064
SSDEEP

24576:w2hZKfhiUFireBv9NA//Noy0Cg1etE4D8tfw8ChXNPtqq:RPKfhiAisjge1eyE8tfw8ChZAq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
keygen.exe

Files

keygen.exe
.exe windows:6 windows x86 arch:x86

4659b6faac481f8c975611b6aaed1d29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileW
CreateFileMappingW
MapViewOfFile
GetTickCount
DecodePointer
HeapSize
FlushFileBuffers
GetStringTypeW
SetStdHandle
GetFileSize
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetFilePointerEx
GetConsoleMode
UnmapViewOfFile
SetEndOfFile
SetFilePointer
FreeLibrary
GetProcessHeap
GetProcAddress
HeapAlloc
SetLastError
HeapFree
LoadResource
LockResource
FindResourceA
SizeofResource
GetSystemTime
ExitProcess
DeleteFileW
GetLastError
GetCurrentDirectoryA
Sleep
DeviceIoControl
CreateMutexW
WaitForSingleObject
WritePrivateProfileStringW
CreateDirectoryW
CloseHandle
CreateFileW
WriteFile
QueryPerformanceCounter
CreateThread
QueryPerformanceFrequency
GetExitCodeThread
ExitThread
GetConsoleOutputCP
HeapReAlloc
GetFileType
WideCharToMultiByte
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
EncodePointer
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
RaiseException
SetThreadPriority
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
WriteConsoleW

user32

GetClientRect
GetDlgItem
GetWindowTextA
GetDC
GetWindowRect
GetWindowDC
GetWindowTextLengthA
ReleaseDC
BeginPaint
EndPaint
FillRect
LoadBitmapW
DialogBoxParamW
wsprintfW
PostMessageW
CreateWindowExW
SendMessageW
EndDialog
ShowWindow
MapWindowPoints
SetWindowTextA
MessageBoxA
MoveWindow
LoadIconW
SetDlgItemTextA
SendMessageA
GetParent

gdi32

Rectangle
GetObjectW
CreateCompatibleBitmap
GetTextExtentPoint32A
CreateCompatibleDC
GetPixel
DeleteDC
SetBkMode
LineTo
CreatePen
MoveToEx
SetBkColor
AddFontMemResourceEx
RemoveFontMemResourceEx
BitBlt
SelectObject
SetPixel
CreateFontW
SetTextColor
TextOutA
GetTextExtentPointA
DeleteObject
CreateSolidBrush

comdlg32

GetOpenFileNameW

advapi32

GetUserNameA

shell32

SHGetFolderPathW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

VariantClear

ntdll

NtSetTimerResolution
NtQueryTimerResolution

winmm

waveOutReset
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveOutGetPosition

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 667KB - Virtual size: 667KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 473KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4659b6faac481f8c975611b6aaed1d29

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

ntdll

winmm

Sections

.text Size: 120KB - Virtual size: 120KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 3KB - Virtual size: 38KB

.rsrc Size: 667KB - Virtual size: 667KB

.reloc Size: 473KB - Virtual size: 1.2MB

.text
Size: 120KB - Virtual size: 120KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 3KB - Virtual size: 38KB

.rsrc
Size: 667KB - Virtual size: 667KB

.reloc
Size: 473KB - Virtual size: 1.2MB