4c91fd071034e8f7d0f7dd307e801bd3

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2012-May-17 10:54:24
Detected languages English - United States
Russian - Russia
CompanyName TEAM XFORCE
FileDescription Adobe Keygen
InternalName Keygen
LegalCopyright X-FORCE 2015 SMOKING THE COMPETITION
OriginalFilename keygen.exe
PrivateBuild June 29, 2015
ProductName Keygen

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++
Microsoft Visual C++ v6.0
Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • %Temp%
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Possibly launches other programs:
  • ShellExecuteW
  • CreateProcessW
Can create temporary files:
  • CreateFileW
  • GetTempPathW
Functions related to the privilege level:
  • CheckTokenMembership
Enumerates local disk drives:
  • GetDriveTypeW
Can take screenshots:
  • CreateCompatibleDC
  • GetDC
Suspicious The PE header may have been manually modified. The resource timestamps differ from the PE header:
  • 2025-Aug-14 13:26:18
Suspicious The file contains overlay data. 477538 bytes of data starting at offset 0x20e00.
The overlay data has an entropy of 7.99963 and is possibly compressed or encrypted.
Overlay data amounts for 78.0044% of the executable.
Malicious The program tries to mislead users about its origins. The PE pretends to be from Adobe but is not signed!
Malicious VirusTotal score: 34/61 (Scanned on 2020-10-24 03:27:27) CAT-QuickHeal: Trojan.Keygen
Cylance: Unsafe
SUPERAntiSpyware: Hack.Tool/Gen-Crack
Sangfor: Malware
CrowdStrike: win/malicious_confidence_60% (W)
Alibaba: HackTool:Win32/Generic.51bf79a9
K7GW: Unwanted-Program ( 004d38111 )
K7AntiVirus: Unwanted-Program ( 004d38111 )
Cyren: W32/Application.TNPI-0076
Symantec: PUA.Keygen
APEX: Malicious
Avast: Win32:Malware-gen
Paloalto: generic.ml
AegisLab: Riskware.Win32.Generic.1!c
Comodo: Malware@#3splzn8i7ye0b
DrWeb: Trojan.MulDrop11.25697
VIPRE: HackTool.Win32.Keygen
Invincea: Generic PUA FP (PUA)
McAfee-GW-Edition: PUP-XGI-EQ
Sophos: Generic PUA FP (PUA)
GData: Win32.Application.Keygen.B
Webroot: W32.Malware.gen
eGambit: Generic.Malware
Microsoft: HackTool:Win32/Keygen
AhnLab-V3: HackTool/Win32.Keygen.C3577075
McAfee: GenericRXAA-AA!4C91FD071034
MAX: malware (ai score=99)
ESET-NOD32: a variant of Win32/Keygen.HA potentially unsafe
Ikarus: possible-Threat.Hacktool.Patcher
MaxSecure: Trojan.Malware.3405.susgen
Fortinet: Riskware/Keygen_HA
BitDefenderTheta: Gen:NN.ZexaF.34590.gmGfa8bRlfpe
AVG: Win32:Malware-gen
Panda: Trj/CI.A

Hashes

MD5 4c91fd071034e8f7d0f7dd307e801bd3
SHA1 5ff5c3a4e48dedb29ed098aaa6f7042fcba6486e
SHA256 dcbbb8faef5be39428bd3ffe6c1a4a98da43c23df3a88c5dfc9c42a40af6b8c4
SHA3 009f38e6bbc9cb8e3217fc9bdb0efe9910bced09b0e7599471d592c381503057
SSDeep 12288:WpDianmFDyij+18XHdZ5vFo41zQwUnaYauwYbqqj0vEC0NymMiF/haCILG:WpWaFitNZDMnnaQqqjkB0qiF/ZILG
Imports Hash b9ceb4645c6a86f28757b8a6fc6d0927

DOS Header

e_magic MZ
e_cblp 0x60
e_cp 0x1
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x60

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2012-May-17 10:54:24
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 8.0
SizeOfCode 0x13200
SizeOfInitializedData 0xda00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0001383F (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x15000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x26000
SizeOfHeaders 0x200
Checksum 0x217bd
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 243d0617d8788131a6a913655dd94132
SHA1 6108d387c7062792b89b49af447f24aafc78c343
SHA256 4557dbe418689b9ec852245651c963f1212278076263aac937c4abdbf12476c4
SHA3 04e30ffdcac208d482e9272a1f8f0ff3dec321ea93e58c3cc37977f9d7e69c66
VirtualSize 0x13100
VirtualAddress 0x1000
SizeOfRawData 0x13200
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.61576

.rdata

MD5 ef9b5d5552149e0a8d1000ee22204a8b
SHA1 ffcc9af4118346708825d39e90ee5a2195674914
SHA256 b909c7d1d9b5eb783905f863f359fe2745f5d7533045e7ef5560c6c5d0bef588
SHA3 7a1e33ed56a7a4f6e5d7bbac92055191871c0a359432554e93e38eb86099ef68
VirtualSize 0x3560
VirtualAddress 0x15000
SizeOfRawData 0x3600
PointerToRawData 0x13400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.58681

.data

MD5 ce9195bc96f65911ce6f50b1e7e978fe
SHA1 1306d8ed7b1d035ac869b72fe2d766d0f4a46a4c
SHA256 289a1004cf3357be02d4a203e1363b6ee51daeee8c95fa24f0e3c4f9c1039dce
SHA3 3aa22140d228ded0668a797b3749d6190e065fed82b93414146e07d318166802
VirtualSize 0x29ec
VirtualAddress 0x19000
SizeOfRawData 0x800
PointerToRawData 0x16a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.82263

.rsrc

MD5 cc70d106977496e7603f9159c7feadcc
SHA1 9b2c240f51d6ce9e421d3ca3b77cef54ecfd892d
SHA256 8a690ad65520acacc3978ebdc72c19d08fe1f43cb89cc84b1c43197709d31c33
SHA3 8bd16eeb0b0ac9521c2feaa50a10f0d30ba6da40b14c9360d155d42c5dadc8bb
VirtualSize 0x9a1e
VirtualAddress 0x1c000
SizeOfRawData 0x9c00
PointerToRawData 0x17200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.15906

Imports

COMCTL32.dll #17
SHELL32.dll SHGetSpecialFolderPathW
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteExW
GDI32.dll CreateCompatibleDC
CreateFontIndirectW
DeleteObject
DeleteDC
GetCurrentObject
StretchBlt
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
GetObjectW
ADVAPI32.dll FreeSid
AllocateAndInitializeSid
CheckTokenMembership
USER32.dll GetMenu
SetWindowPos
GetWindowDC
ReleaseDC
CopyImage
GetKeyState
GetWindowRect
ScreenToClient
GetWindowLongW
SetTimer
GetMessageW
DispatchMessageW
KillTimer
DestroyWindow
EndDialog
SendMessageW
wsprintfW
GetClassNameA
GetWindowTextW
GetWindowTextLengthW
GetSysColor
wsprintfA
SetWindowTextW
CreateWindowExW
GetDlgItem
GetClientRect
SetWindowLongW
UnhookWindowsHookEx
SetFocus
GetSystemMetrics
SystemParametersInfoW
ShowWindow
DrawTextW
GetDC
ClientToScreen
GetWindow
DialogBoxIndirectParamW
DrawIconEx
CallWindowProcW
DefWindowProcW
CallNextHookEx
PtInRect
SetWindowsHookExW
LoadImageW
LoadIconW
MessageBeep
EnableWindow
IsWindow
EnableMenuItem
GetSystemMenu
wvsprintfW
CharUpperW
MessageBoxA
GetParent
ole32.dll CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
OLEAUT32.dll #2
#9
#418
KERNEL32.dll SetFileTime
SetEndOfFile
EnterCriticalSection
DeleteCriticalSection
GetModuleHandleA
LeaveCriticalSection
WaitForMultipleObjects
ReadFile
SetFilePointer
GetFileSize
FormatMessageW
lstrcpyW
LocalFree
IsBadReadPtr
GetSystemDirectoryW
GetCurrentThreadId
SuspendThread
TerminateThread
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
GetVersionExW
GetModuleFileNameW
GetCurrentProcess
SetProcessWorkingSetSize
SetCurrentDirectoryW
GetDriveTypeW
CreateFileW
GetCommandLineW
GetStartupInfoW
CreateProcessW
CreateJobObjectW
ResumeThread
AssignProcessToJobObject
CreateIoCompletionPort
SetInformationJobObject
GetQueuedCompletionStatus
GetExitCodeProcess
CloseHandle
SetEnvironmentVariableW
GetTempPathW
GetSystemTimeAsFileTime
lstrlenW
CompareFileTime
SetThreadLocale
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
ExpandEnvironmentStringsW
WideCharToMultiByte
VirtualAlloc
GlobalMemoryStatusEx
lstrcmpW
GetEnvironmentVariableW
lstrcmpiW
lstrlenA
GetLocaleInfoW
MultiByteToWideChar
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetSystemDefaultLCID
lstrcmpiA
GlobalAlloc
GlobalFree
MulDiv
FindResourceExA
SizeofResource
LoadResource
LockResource
LoadLibraryA
ExitProcess
lstrcatW
GetDiskFreeSpaceExW
SetFileAttributesW
SetLastError
Sleep
GetExitCodeThread
WaitForSingleObject
CreateThread
GetLastError
SystemTimeToFileTime
GetLocalTime
GetFileAttributesW
CreateDirectoryW
WriteFile
GetStdHandle
VirtualFree
GetModuleHandleW
GetProcAddress
GetStartupInfoA
MSVCRT.dll ??3@YAXPAX@Z
??2@YAPAXI@Z
memcmp
free
memcpy
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
_CxxThrowException
_beginthreadex
_EH_prolog
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
memset
_wcsnicmp
strncmp
wcsncmp
malloc
memmove
_wtol
_purecall

Delayed Imports

1

Type RT_ICON
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.12903
MD5 dd73cda96ef55266b18f36ac956a5b4b
SHA1 9f0f2d748ff98d2cde08deb39c901f1361d8619c
SHA256 7221b64aa005742666bc79b8be1af1379ec1b488f72666e1ff0a6a95469b367e
SHA3 54072969bc082f965d0c6b32231bce1ca7b34d26456660a02ce5179b0e43bdd2

2

Type RT_ICON
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.85183
MD5 3d13fe51178218fe89925c8ace6a21ce
SHA1 ff10ed586129be4824f1180299a69dfd37fc13af
SHA256 2d4d66b8d9f7e6a6c6e420c7a86598b392f5df84dc0d44c850158aaf4cb8e894
SHA3 97f567c8675ea8b0db00021dbe34f285c28f7e25fa050091bc15bf7fb9854dc0

3

Type RT_ICON
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.70766
MD5 5da6e88f05aba53307eff74278ee4a8b
SHA1 3bac9264163b49890150bbc5e6a007a0dd0a4be5
SHA256 59052135649b2b0b64c934f3b05108b13b151d1b2298376ee6ca1dc48bd3af70
SHA3 c3409355c55976598e14a5943d6e64e313c328c96b122847fc955cf74b32bfc2

4

Type RT_ICON
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.48011
MD5 d620b34110cab006c39a817433ef8de4
SHA1 ed8c312c1f2abfeeffc6643be4ee30bdfe7f99be
SHA256 de64722562dbc4b71c7ce792d32883b9ade831f35b9802544e2a57d9effa78b1
SHA3 cba7fdaf8b1e65adfc8ead8d0000c4d0c65a366c32e7e0109e8e0a25e655d9c3

5

Type RT_ICON
Language Russian - Russia
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 2025-Aug-14 13:26:18
Entropy 4.74725
MD5 32e0c1e4ed7e3d84bd68c359a3c2f1bc
SHA1 6a9ce2ac6de3ee740510a51f5d8069e881600c2b
SHA256 2da7a0837918029dd021cd14f11c0ac7991e9bc5f0c1a90ff4687031ec8ef569
SHA3 736781520d908c2f0e5c2eabaf7c70346f2beb819c163b42b8fa489effa16583

6

Type RT_ICON
Language Russian - Russia
Codepage UNKNOWN
Size 0x468
TimeDateStamp 2025-Aug-14 13:26:18
Entropy 4.93873
MD5 10e30a5ed6ff409ecbc6d5e0f2a048d1
SHA1 40a13a1db044abf86592db80ecdf70a024846831
SHA256 7c5f4d18c7537abb46f43d33dca6304d483f2369743282203264890a34874cd5
SHA3 a5b7f0fa89459cd0056a1a7a09944518ce22a4af08d234b1bf5eb4c48a0ae3e3

101

Type RT_GROUP_ICON
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x22
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.21059
Detected Filetype Icon file
MD5 86561693760b088960969f3b7654507a
SHA1 82368be1644244e0fd66f1d737b3d45d26b2218f
SHA256 b1a9ff73f6a9d486c67f409a629924792ca40aa8966d45e48239863f63629fd0
SHA3 206e8d2db4680b7736ddcf7885984ca26fa1a66e72ec9073e8052ba82ea94408

1 (#2)

Type RT_VERSION
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2a4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.35564
MD5 184830333395a327d13bd9d5ab0d3007
SHA1 853a5707f8718e958170a99b2e908c19c4c74513
SHA256 c3db05bd0c6fe2c6113d94e7253c6cc5dc05db64335317318bac3916a126dc12
SHA3 c8fca9b84dc1781bd3e9e649d4d03fc74b3e63ee83e5e1d6f57aee9cbe8cba7a

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x346
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.23039
MD5 6502bb9952b4fc12f6b16fca85818b90
SHA1 c9f79f16e841331a44083fd89ee60c1eb3f9c41c
SHA256 ef4cabfb4f28961718f2a5a7618d798f473a4204071d9e4338c5c6ae8a6246c7
SHA3 90c759f5554af0d94e307965bf6630eb2d78c6d4f04614443ed673b04d14594f

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 0.0.0.0
ProductVersion 0.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
CompanyName TEAM XFORCE
FileDescription Adobe Keygen
InternalName Keygen
LegalCopyright X-FORCE 2015 SMOKING THE COMPETITION
OriginalFilename keygen.exe
PrivateBuild June 29, 2015
ProductName Keygen
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->