keygen[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

keygen.exe
Size

528KB
MD5

0a4f074fbca50f1615e233fc4de4c63f
SHA1

9d5c99d8cd19b88f08ff036513e9bf343531d127
SHA256

8abeadf021e50cee6df2434f35e658d0a58497a3c11cab05975f3ccba5f5b3b7
SHA512

84830075f0398acd3deaa7453e0d72dfd0cb0f77713e5789bf8b9423b21a6463d05269bbd34134eda6f1bf5216c6900a54295975df510256d1b0a2ab2ad22709
SSDEEP

12288:eqbfNbYtGYTQNFwa64ulIzW5AaPLvBFsvJg+B:eI0t5Ux0IzW5AazvjkJVB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
keygen.exe

Files

keygen.exe
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.enigma1
Size: 80KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma2
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE