Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2012-May-17 10:54:24 |
Detected languages |
English - United States
Russian - Russia |
CompanyName | TEAM XFORCE |
FileDescription | Adobe Keygen |
InternalName | Keygen |
LegalCopyright | X-FORCE 2015 SMOKING THE COMPETITION |
OriginalFilename | keygen.exe |
PrivateBuild | June 29, 2015 |
ProductName | Keygen |
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ Microsoft Visual C++ v6.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
May have dropper capabilities:
|
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | The PE header may have been manually modified. |
The resource timestamps differ from the PE header:
|
Suspicious | The file contains overlay data. |
477538 bytes of data starting at offset 0x20e00.
The overlay data has an entropy of 7.99963 and is possibly compressed or encrypted. Overlay data amounts for 78.0044% of the executable. |
Malicious | The program tries to mislead users about its origins. | The PE pretends to be from Adobe but is not signed! |
Malicious | VirusTotal score: 34/61 (Scanned on 2020-10-24 03:27:27) |
CAT-QuickHeal:
Trojan.Keygen
Cylance: Unsafe SUPERAntiSpyware: Hack.Tool/Gen-Crack Sangfor: Malware CrowdStrike: win/malicious_confidence_60% (W) Alibaba: HackTool:Win32/Generic.51bf79a9 K7GW: Unwanted-Program ( 004d38111 ) K7AntiVirus: Unwanted-Program ( 004d38111 ) Cyren: W32/Application.TNPI-0076 Symantec: PUA.Keygen APEX: Malicious Avast: Win32:Malware-gen Paloalto: generic.ml AegisLab: Riskware.Win32.Generic.1!c Comodo: Malware@#3splzn8i7ye0b DrWeb: Trojan.MulDrop11.25697 VIPRE: HackTool.Win32.Keygen Invincea: Generic PUA FP (PUA) McAfee-GW-Edition: PUP-XGI-EQ Sophos: Generic PUA FP (PUA) GData: Win32.Application.Keygen.B Webroot: W32.Malware.gen eGambit: Generic.Malware Microsoft: HackTool:Win32/Keygen AhnLab-V3: HackTool/Win32.Keygen.C3577075 McAfee: GenericRXAA-AA!4C91FD071034 MAX: malware (ai score=99) ESET-NOD32: a variant of Win32/Keygen.HA potentially unsafe Ikarus: possible-Threat.Hacktool.Patcher MaxSecure: Trojan.Malware.3405.susgen Fortinet: Riskware/Keygen_HA BitDefenderTheta: Gen:NN.ZexaF.34590.gmGfa8bRlfpe AVG: Win32:Malware-gen Panda: Trj/CI.A |
e_magic | MZ |
---|---|
e_cblp | 0x60 |
e_cp | 0x1 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x60 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2012-May-17 10:54:24 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 8.0 |
SizeOfCode | 0x13200 |
SizeOfInitializedData | 0xda00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0001383F (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x15000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x26000 |
SizeOfHeaders | 0x200 |
Checksum | 0x217bd |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
COMCTL32.dll |
#17
|
---|---|
SHELL32.dll |
SHGetSpecialFolderPathW
ShellExecuteW SHGetMalloc SHGetPathFromIDListW SHBrowseForFolderW SHGetFileInfoW ShellExecuteExW |
GDI32.dll |
CreateCompatibleDC
CreateFontIndirectW DeleteObject DeleteDC GetCurrentObject StretchBlt GetDeviceCaps CreateCompatibleBitmap SelectObject SetStretchBltMode GetObjectW |
ADVAPI32.dll |
FreeSid
AllocateAndInitializeSid CheckTokenMembership |
USER32.dll |
GetMenu
SetWindowPos GetWindowDC ReleaseDC CopyImage GetKeyState GetWindowRect ScreenToClient GetWindowLongW SetTimer GetMessageW DispatchMessageW KillTimer DestroyWindow EndDialog SendMessageW wsprintfW GetClassNameA GetWindowTextW GetWindowTextLengthW GetSysColor wsprintfA SetWindowTextW CreateWindowExW GetDlgItem GetClientRect SetWindowLongW UnhookWindowsHookEx SetFocus GetSystemMetrics SystemParametersInfoW ShowWindow DrawTextW GetDC ClientToScreen GetWindow DialogBoxIndirectParamW DrawIconEx CallWindowProcW DefWindowProcW CallNextHookEx PtInRect SetWindowsHookExW LoadImageW LoadIconW MessageBeep EnableWindow IsWindow EnableMenuItem GetSystemMenu wvsprintfW CharUpperW MessageBoxA GetParent |
ole32.dll |
CreateStreamOnHGlobal
CoCreateInstance CoInitialize |
OLEAUT32.dll |
#2
#9 #418 |
KERNEL32.dll |
SetFileTime
SetEndOfFile EnterCriticalSection DeleteCriticalSection GetModuleHandleA LeaveCriticalSection WaitForMultipleObjects ReadFile SetFilePointer GetFileSize FormatMessageW lstrcpyW LocalFree IsBadReadPtr GetSystemDirectoryW GetCurrentThreadId SuspendThread TerminateThread InitializeCriticalSection ResetEvent SetEvent CreateEventW GetVersionExW GetModuleFileNameW GetCurrentProcess SetProcessWorkingSetSize SetCurrentDirectoryW GetDriveTypeW CreateFileW GetCommandLineW GetStartupInfoW CreateProcessW CreateJobObjectW ResumeThread AssignProcessToJobObject CreateIoCompletionPort SetInformationJobObject GetQueuedCompletionStatus GetExitCodeProcess CloseHandle SetEnvironmentVariableW GetTempPathW GetSystemTimeAsFileTime lstrlenW CompareFileTime SetThreadLocale FindFirstFileW DeleteFileW FindNextFileW FindClose RemoveDirectoryW ExpandEnvironmentStringsW WideCharToMultiByte VirtualAlloc GlobalMemoryStatusEx lstrcmpW GetEnvironmentVariableW lstrcmpiW lstrlenA GetLocaleInfoW MultiByteToWideChar GetUserDefaultUILanguage GetSystemDefaultUILanguage GetSystemDefaultLCID lstrcmpiA GlobalAlloc GlobalFree MulDiv FindResourceExA SizeofResource LoadResource LockResource LoadLibraryA ExitProcess lstrcatW GetDiskFreeSpaceExW SetFileAttributesW SetLastError Sleep GetExitCodeThread WaitForSingleObject CreateThread GetLastError SystemTimeToFileTime GetLocalTime GetFileAttributesW CreateDirectoryW WriteFile GetStdHandle VirtualFree GetModuleHandleW GetProcAddress GetStartupInfoA |
MSVCRT.dll |
??3@YAXPAX@Z
??2@YAPAXI@Z memcmp free memcpy _controlfp _except_handler3 __set_app_type __p__fmode __p__commode _adjust_fdiv __setusermatherr _initterm __getmainargs _acmdln exit _XcptFilter _exit ??1type_info@@UAE@XZ _onexit __dllonexit _CxxThrowException _beginthreadex _EH_prolog ?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z memset _wcsnicmp strncmp wcsncmp malloc memmove _wtol _purecall |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 0.0.0.0 |
ProductVersion | 0.0.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | UNKNOWN |
CompanyName | TEAM XFORCE |
FileDescription | Adobe Keygen |
InternalName | Keygen |
LegalCopyright | X-FORCE 2015 SMOKING THE COMPETITION |
OriginalFilename | keygen.exe |
PrivateBuild | June 29, 2015 |
ProductName | Keygen |
Resource LangID | UNKNOWN |
---|