015a355a7890a08dfb38868f8a45610a

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2014-Mar-18 21:02:35
Detected languages French - France

Plugin Output

Suspicious PEiD Signature: UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h)
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
Info Libraries used to perform cryptographic operations: Microsoft's Cryptography API
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Uses Microsoft's cryptographic API:
  • CryptGenRandom
Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
Can take screenshots:
  • BitBlt
  • GetDC
Suspicious The PE is possibly a dropper. Resource 4 is possibly compressed or encrypted.
Resource 102 is possibly compressed or encrypted.
Resource 105 is possibly compressed or encrypted.
Resource 106 is possibly compressed or encrypted.
Resource 107 is possibly compressed or encrypted.
Resource 108 is possibly compressed or encrypted.
Resource 111 is possibly compressed or encrypted.
Resource 112 is possibly compressed or encrypted.
Resource 113 is possibly compressed or encrypted.
Resource 115 is possibly compressed or encrypted.
Resource 101 is possibly compressed or encrypted.
Resources amount for 86.1933% of the executable.
Malicious VirusTotal score: 41/68 (Scanned on 2019-10-07 08:24:13) CAT-QuickHeal: Hacktool.Keygen
ALYac: Misc.Keygen
Malwarebytes: RiskWare.Tool.HCK
Zillya: Backdoor.NanoCore.Win32.603
SUPERAntiSpyware: Hack.Tool/Gen-Crack
K7AntiVirus: Trojan ( 0047838c1 )
Alibaba: HackTool:Win32/Keygen.fc3aeee0
K7GW: Trojan ( 0047838c1 )
Cybereason: malicious.455d4a
TrendMicro: CRCK_ACTIVATOR
Symantec: Trojan.Gen.X
ESET-NOD32: a variant of Win32/Keygen.HA potentially unsafe
Avast: FileRepMetagen [PUP]
ClamAV: Win.Trojan.Sality-67905
NANO-Antivirus: Trojan.Win32.Kryptik.eopvgw
Comodo: ApplicUnwnt@#vdgy2m5kfkzt
VIPRE: Trojan.Win32.Generic!BT
Invincea: heuristic
McAfee-GW-Edition: BehavesLike.Win32.Backdoor.fc
Trapmine: suspicious.low.ml.score
FireEye: Generic.mg.015a355a7890a08d
Sophos: X-Force Keymaker (PUA)
Jiangmin: Trojan.Heur.hm
Webroot: W32.Trojan.Gen
Fortinet: Riskware/KeyGen
Endgame: malicious (moderate confidence)
ViRobot: Patcher.Autodesk.329216
Microsoft: HackTool:Win32/Keygen
AhnLab-V3: Unwanted/Win32.KeyGen.R268532
Acronis: suspicious
McAfee: HTool-Keygen.c
MAX: malware (ai score=98)
Cylance: Unsafe
TrendMicro-HouseCall: CRCK_ACTIVATOR
Yandex: PUP.Agent!
SentinelOne: DFI - Malicious PE
MaxSecure: Trojan.Malware.3405.susgen
GData: Win32.Application.Agent.VL8PN3
AVG: FileRepMetagen [PUP]
Panda: PUP/Keygen
CrowdStrike: win/malicious_confidence_70% (W)

Hashes

MD5 015a355a7890a08dfb38868f8a45610a
SHA1 c91e544455d4a513bd46794531785fbdf4ce05dc
SHA256 71baab951f223bcd95039cc838e959469d0d770b62c0479e3e62bb4ede677a99
SHA3 361bdf67cb6a68d85318adc8deb5ad7f7d357fdccdf6cb69d70bfe50527b6c77
SSDeep 6144:ZMEuEWdCgGPVw7wzXfx2iK86fRy4rJlnro0ZHYnQ0Gk0B/v3oSf:KEuE7gX7w12ySXZQ0B//oSf
Imports Hash 2378aae57a0a1466c0bb63b992615e14

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2014-Mar-18 21:02:35
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 9.0
SizeOfCode 0x4e000
SizeOfInitializedData 0x3000
SizeOfUninitializedData 0xe2000
AddressOfEntryPoint 0x0012FFD0 (Section: UPX1)
BaseOfCode 0xe3000
BaseOfData 0x131000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x134000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xe2000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 46f6f649f193684f527161ee3d830bf8
SHA1 1021064028c6943847f6aaf1578926db3ef23bae
SHA256 a9ce8e5d0d6f0ba6b839a1f4afe61da8978ff2ef1e7c7436bd36b1858679aa1f
SHA3 471fc805ba9903e219dee340e2666bdba2fe80cc889647bac836e5a8a505d881
VirtualSize 0x4e000
VirtualAddress 0xe3000
SizeOfRawData 0x4dc00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.99892

.rsrc

MD5 348cba83bcfb275bcb48ee579379f0a0
SHA1 f3df1f753fca587bd2ded187574c1afff6a9255f
SHA256 ac8ab971b8332d799f67ec5870d7e87e1e0bc75f05bc397cd0e71fdd7f65e3ff
SHA3 19cf5a7849db029c9b5572b85e6977507ff87c9f1e17ce7303d4e190853b548d
VirtualSize 0x3000
VirtualAddress 0x131000
SizeOfRawData 0x2600
PointerToRawData 0x4e000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.40493

Imports

KERNEL32.DLL LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
ADVAPI32.dll CryptGenRandom
GDI32.dll BitBlt
USER32.dll GetDC
WINMM.dll waveOutOpen

Delayed Imports

4

Type RT_RCDATA
Language French - France
Codepage UNKNOWN
Size 0x13e00
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.99785
MD5 65b519a8554e03e803fe6b7c629834f2
SHA1 8a1fdf5f30c2005bbd337610cade63df7205e30a
SHA256 ebc44e9c951300d21cc17a0411f7cb7ec11d002cb9e94afac1b778ee65fa1193
SHA3 70393cd560b957445421db9fbc4a318ac116b83c2799283a6d120b4b6e048da4

102

Type RT_BITMAP
Language French - France
Codepage UNKNOWN
Size 0x293a6
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.99896
MD5 76f50cbec821abf7432708fce3f5be7c
SHA1 7d4b94d6d06f193b2f129cb216ba70985c136816
SHA256 51d3c47ee117e992077c7f2650eb8d95f85f3778aa7a060c4332858ff2584a44
SHA3 143c44cc579afcdc6fe580cbe54284445a8e23ab9f2b937e0d7287820e464110
Preview

105

Type RT_BITMAP
Language French - France
Codepage UNKNOWN
Size 0xf08
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.9504
MD5 d0e0e781b46864c5207ea8e0dee0af38
SHA1 02308e10efa89d1aad393122b83732b456bff5ee
SHA256 7022af6d21d451b343a0202f351e76df68404cd211dbc89819e72adb536e7a21
SHA3 8f8d7db1be0d49bbb7fd071e937e700801a9a6db614644c9a63f1a1b15cf31f5
Preview

106

Type RT_BITMAP
Language French - France
Codepage UNKNOWN
Size 0xf06
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.94724
MD5 348a0b3bcd960bb8f802280725409739
SHA1 cd9c6aa466e92ed8bc13d48dfd7ca279af7e13c1
SHA256 657846bbdf60d23836c4a6af46b553718e495f7ebc141bfb733a506d8421fd30
SHA3 268c0ff8ab0bebfed0c99a1179f7c336c59e2816a2c1c61cf80637bd54d790df
Preview

107

Type RT_BITMAP
Language French - France
Codepage UNKNOWN
Size 0xf08
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.95244
MD5 ee8f574619a07c993addd20a7e24e7c5
SHA1 83ea3265ed50513d8bc113343371f315a3409538
SHA256 62943646314e1449097af2ff1d64e1f1d8a0f710926d1a599d69adffccc16caf
SHA3 0c92d0ce393cb1c13aac6c13a56b15dfe2dc556bf6f9cbded214cbd3b121699a
Preview

108

Type RT_BITMAP
Language French - France
Codepage UNKNOWN
Size 0xf06
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.94708
MD5 a46ee66e7fb50386ecb877eaa53f1f2c
SHA1 fd8fa13427943bfd5dbce7b3855480a884106517
SHA256 0682df335354a3bc2e13d425c7eb766a835a291c676b4c74b70933bb07af6e76
SHA3 8621ae127d43b10e539fb1e9f96f5a9bc8c663a89023ee243a14f8457c341164
Preview

111

Type RT_BITMAP
Language French - France
Codepage UNKNOWN
Size 0x2ee
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.75891
MD5 9411d82e0d116724f158bf2eedadeff2
SHA1 38a1299710ecccc6f89ebfce61dbba24f920f0b9
SHA256 ab97721c9f366b3b7249c9d95c2e5aa6246f8082289dfc36930d07ddb89df227
SHA3 2c31279daa4c2a6a587167f4d80499cbcca09846592dc7f483c580834764e601
Preview

112

Type RT_BITMAP
Language French - France
Codepage UNKNOWN
Size 0x356
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.71621
MD5 bf97410ccdd93bb001c3ef22c6ea1f63
SHA1 c9dffa598369eb0e3c9c09a55425c95fdcccb79f
SHA256 bf7c9b56cf7c68eac6a28aa4ba934a733b1dee8afda70ea0b88eed5913325348
SHA3 93377672a78443c88ca6191bab34d0e765f328499a51f1ac087695e4a125720f
Preview

113

Type RT_BITMAP
Language French - France
Codepage UNKNOWN
Size 0xf08
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.9507
MD5 a820fb86679bfdcfcc6b81a96f7fa74b
SHA1 b339cd19f3f25b2601b9cf77d6c4ddbd7b95b2b9
SHA256 92ec07719fdda56653772a92281cf32cf5985e8bc19128f2691dd8fc598adf20
SHA3 7efc24d935d3fe3d47aa8528d75163add1099d24d2602dbacd37b9c40c28a2fb
Preview

115

Type RT_BITMAP
Language French - France
Codepage UNKNOWN
Size 0xf08
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.94821
MD5 e58aa1975b2f146c796048d27d8e32b7
SHA1 d864e1ef9cdaa48921ca4af5f466f84167118976
SHA256 f0b38c2685537a13dd0f925e498f383ea3e3e7a6d6fc15e860122fa1a952ea5b
SHA3 5d99491a950300f48f04f789cbee3c1b3578f734beef712db2205328bedd9f8d
Preview

1

Type RT_ICON
Language French - France
Codepage UNKNOWN
Size 0x2134
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.58355
MD5 29979b3a24a2b05ce107227d9e590e0a
SHA1 8de4352de832022b715a389a16f0123fac68cfe7
SHA256 3f64f684a2b567b870b30699388640186a34537f5299f758e42091f5ceb557f7
SHA3 f84c09e39fbda2e8837ce845a78e31ff79f376bdef45ebd6dd7a3ec6c01514e7

101

Type RT_DIALOG
Language French - France
Codepage UNKNOWN
Size 0x114
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.1308
MD5 7e9a08ebffb67b2aac1ca8e4538fddb2
SHA1 8583a1866f9d3578525279f9430d001a57903999
SHA256 fe661246b3aa6f7d17fea6805567aeff40354bb6c99ea18421be892767c468a8
SHA3 705bb772d1ceff95db7aaf04cd6613c903e06b5b87cbca15c96d1c2cbfccd844

103

Type RT_GROUP_ICON
Language French - France
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.91924
Detected Filetype Icon file
MD5 e5e5a43c3fe2d6ce9e1c48462c08de9b
SHA1 102da52437d828765fe09d1fafca1cb2acb2824a
SHA256 ebdbbf828eaca2f5930352386aa667a45402d6afd4c724b611da2a06a05579f2
SHA3 3ebbf0e7a0a9ee8a285b5f627c5a49fb3677ca649575b7a0a81149bba1fd3e70

Version Info

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x493f44
SEHandlerTable 0x411f90
SEHandlerCount 326

RICH Header

XOR Key 0xce8b20f8
Unmarked objects 0
ASM objects (VS2008 build 21022) 33
C objects (VS2008 build 21022) 131
19 (8034) 2
138 (VS2008 build 21022) 60
Imports (VS2012 build 50727 / VS2005 build 50727) 11
Total imports 162
C++ objects (VS2008 build 21022) 62
Linker (VS2008 build 21022) 1
Resource objects (VS2008 build 21022) 1

Errors

[*] Warning: Section UPX0 has a size of 0!