cdc264d720fc58d301786d0023be0e5714d09f51c98146e8a477e3721a149d8e

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1992-Jun-19 22:22:17
Detected languages Russian - Russia
Ukrainian - Ukraine

Plugin Output

Suspicious PEiD Signature: UPX -> www.upx.sourceforge.net
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
The PE only has 7 import(s).
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Can access the registry:
  • RegCloseKey
 Can take screenshots:
  • BitBlt
  • GetDC
Suspicious The PE header may have been manually modified. Resource LOGO is possibly compressed or encrypted.
Resource 4094 is possibly compressed or encrypted.
Resource 4095 is possibly compressed or encrypted.
Resource 4096 is possibly compressed or encrypted.
Resource PACKAGEINFO is possibly compressed or encrypted.
The resource timestamps differ from the PE header:
  • 2004-Mar-02 12:25:16
Malicious VirusTotal score: 34/72 (Scanned on 2026-02-13 14:16:28) APEX: Malicious
Antiy-AVL: Trojan/Win32.Tgenic
Bkav: W32.Common.763AAAA9
CTX: exe.trojan.keygen
CrowdStrike: win/grayware_confidence_100% (W)
Cylance: Unsafe
Cynet: Malicious (score: 100)
DeepInstinct: MALICIOUS
ESET-NOD32: Win32/Keygen.AQ potentially unsafe application
Elastic: malicious (moderate confidence)
Google: Detected
Ikarus: possible-Threat.Keygen
K7AntiVirus: Hacktool ( 005ce8211 )
K7GW: Hacktool ( 005ce8211 )
Lionic: Trojan.Win32.Keygen.4!c
Malwarebytes: Keygen.CrackTool.RiskWare.DDS
McAfeeD: ti!CDC264D720FC
Microsoft: HackTool:Win32/Keygen
NANO-Antivirus: Riskware.Win32.Keygen.yaumz
Paloalto: generic.ml
Rising: Malware.Undefined!8.C (C64:YzY0Ov0Ct9gjdNnC)
SUPERAntiSpyware: HackTool/Gen-Keygen
Sangfor: Hacktool.Win32.Keygen.Vd7x
SentinelOne: Static AI - Suspicious PE
Skyhigh: BehavesLike.Win32.ObfuscatedPoly.pc
Sophos: Keygen (PUA)
Symantec: ML.Attribute.HighConfidence
Trapmine: malicious.moderate.ml.score
TrellixENS: Artemis!A7A68D857C5E
Varist: W32/Risk.FEEW-4870
Xcitium: ApplicUnwnt@#yu26t3naj9rd
Yandex: PUP.Agent!JgL3zgdYy1M
Zillya: Worm.Palevo.Win32.115869
alibabacloud: Trojan:Win/Keygen.aef5b2db

Hashes

MD5 a7a68d857c5ef11eb5ac90abb0a77227
SHA1 2cbb1036c8913aa1f6fc2b9021e36beacafb98aa
SHA256 cdc264d720fc58d301786d0023be0e5714d09f51c98146e8a477e3721a149d8e
SHA3 9a661811f7d2bc7dc391f698990d063cddfcd720e756769bb865c80b2945e273
SSDeep 768:4uUsxxXSfnDazRC1lnd+4ecPwj1YF/xcEHxx5t0K+vEebAPtUv6T9UG:LDrYkWeY9iU3OKElsevy9UG
Imports Hash 7483b214dd654d35e4c58c390c6f5037

DOS Header

e_magic MZ
e_cblp 0x50
e_cp 0x2
e_crlc 0
e_cparhdr 0x4
e_minalloc 0xf
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0x1a
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 1992-Jun-19 22:22:17
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0xb000
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0x10000
AddressOfEntryPoint 0x0001BE10 (Section: UPX1)
BaseOfCode 0x11000
BaseOfData 0x1c000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x1d000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x4000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x10000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 f870de642995f9d34f703c1b47631454
SHA1 4efd50f791fff24fadb03e1017d0d9421a0e767c
SHA256 80d761fcfd535bbd113c9064e6a35eb8b4f9a3849a85c32d9013bb8c5e00dd6c
SHA3 fe43df7ba3501506c9b1f8ec52f25ed5f58b2771ec92f021a63301013a426d9a
VirtualSize 0xb000
VirtualAddress 0x11000
SizeOfRawData 0xb000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.92982

.rsrc

MD5 6287122de5e36e9ff5b4bf32319c66c8
SHA1 c506b6cf2b28aa8aa0c59c05952924527b3591b3
SHA256 9f224fd0873e4ab4e00f703f0f746647c95ee6c258e9740eb9a492900ba887be
SHA3 60020c0e8b3494d614fb40ed5a5a0e6acca9b7bf4e69528872c7d878cf032a7f
VirtualSize 0x1000
VirtualAddress 0x1c000
SizeOfRawData 0x800
PointerToRawData 0xb400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.51887

Imports

KERNEL32.DLL LoadLibraryA
GetProcAddress
ExitProcess
advapi32.dll RegCloseKey
gdi32.dll BitBlt
oleaut32.dll SysFreeString
user32.dll GetDC

Delayed Imports

LOGO

Type RT_BITMAP
Language Ukrainian - Ukraine
Codepage UNKNOWN
Size 0x4500
TimeDateStamp 2004-Mar-02 12:25:16
Entropy 7.9314
MD5 935630354e454f978a5863a965d4fad3
SHA1 34c17299a93f25c7db3bfaaa6570a264d21543e4
SHA256 ad9791435d2a4b22a5a750eb1715620fae038cad6d557bc3b5d529d847c0fadf
SHA3 efc30867231c1b294ab52599a12ddccf7222094c0c16b1fe48d1e24567e895de
Preview

1

Type RT_ICON
Language Russian - Russia
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 2004-Mar-02 12:25:16
Entropy 3.27894
MD5 d2008b797eb3a19866a16c92e2415415
SHA1 2ef6097eec07660880e8454ffe2ef0f94fbf1ac2
SHA256 e56bef4e591d04b66e02421667fcdf21e80043e87eb8a6109be7e9c89c9d50f3
SHA3 dc9861ad1aeedc809d6daef92a012424c3654a0fe0b9579bae8ee6a53dc1924e

4091

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x34
TimeDateStamp 2004-Mar-02 12:25:16
Entropy 5.32525
MD5 7492c2b75c1388c004812e27eb10791e
SHA1 4d54518f4585414ecd80cf07eedcc36bb43a953c
SHA256 c9254777103108c128dcacbc7b3cf4e6ab5432d8948d2fe85337b25cf50d58da
SHA3 fe22055f637ea5907ead3af5ba9ae1b3297edab6deae90e4ebfd6e5a145a6eb3

4092

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0xec
TimeDateStamp 2004-Mar-02 12:25:16
Entropy 6.95662
MD5 05f572507b8430ef8829aa7048f1b6fe
SHA1 f055c047d26f88c8518fed29fd9a8b2783322162
SHA256 8a468a06ea7acae469f851dc6a60456f45b08084022cc9908e8d257c7250e940
SHA3 8e56322532d293a2459b5b7f3fbaa6376faa59c918cb194d86d34c66044db2aa

4093

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0xd0
TimeDateStamp 2004-Mar-02 12:25:16
Entropy 6.75109
MD5 ce03a47d6decba887c737afd8b48d3c7
SHA1 89d69fdf86247c8738717d4035001862911656e0
SHA256 17b489cb7907bc774594df6329cdbfc2abae01de09bdcbc51bf2b364c9f5665b
SHA3 f1d50e8ad77a76197ef90725fe7ea9e822f4a1a0dd1120c34a575bf6dde0280b

4094

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x2ac
TimeDateStamp 2004-Mar-02 12:25:16
Entropy 7.57278
MD5 dccd1fb554812392c392593fbd0d63a8
SHA1 2b6ce66ec8976c6717ccc5a61bb3f421cc888ad3
SHA256 27aea5ab276d6b8a196d29434653e731b85a644bce76c795962f1ec269da35ce
SHA3 ac5c4a3af786afb58308cdf6e23708deb03a4839c3f17b72f79b1d601fbba859

4095

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x358
TimeDateStamp 2004-Mar-02 12:25:16
Entropy 7.64316
MD5 94d0760d9f1d4baec80b35282cdf78bf
SHA1 6af6ae90a248588f7bc346b99cbb9990541da804
SHA256 f6f79492e791f53a034610d4bca54400fd4b6c0f048c083653a97beaa340e3e9
SHA3 d9aa865cb973d6018e2a1ca246f595a1bc9d547d8208941f79a526cb75a594f4

4096

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x2b4
TimeDateStamp 2004-Mar-02 12:25:16
Entropy 7.62404
MD5 9151153ccc5d16b39168badeeef39d4f
SHA1 fd54e948f476f64c8882f5338134151aca48901a
SHA256 b212ea58c5cf011666fa39c57c97365045aa861d8900538ea9f13ecc75375949
SHA3 af6bc29fd82847fc50a6269b87d384f6724db6fafc090f253f47f09948e2ce80

DVCLAL

Type RT_RCDATA
Language UNKNOWN
Codepage UNKNOWN
Size 0x10
TimeDateStamp 2004-Mar-02 12:25:16
Entropy 4
MD5 9619526332200c8f4fa0b928a7faea03
SHA1 a2589a3e06007d8621afe9c761229fce3b5e625b
SHA256 987838ac836cc21983e0e36fd2d11909bf509f5fc3cc752caa883f078c6c4275
SHA3 8d187469988aa86cf59752eaf6e01c10fdf92b7ebe86205f01fe16a6e8594b5f

PACKAGEINFO

Type RT_RCDATA
Language UNKNOWN
Codepage UNKNOWN
Size 0x100
TimeDateStamp 2004-Mar-02 12:25:16
Entropy 7.09299
MD5 bd1c032826435a078e65e97376d47256
SHA1 969dd9a0b2d03925532ad3ff53793d0f9a464b4f
SHA256 37d12d825ffe9824ac0245d6f49c0e7611c276cee52aedf461c100e8f281ce13
SHA3 1ca5cc8562622bcf3a60a89a310301d5396b9b2d2b97c4b16c4f3ebf10ae474f

MAINICON

Type RT_GROUP_ICON
Language Russian - Russia
Codepage UNKNOWN
Size 0x14
TimeDateStamp 2004-Mar-02 12:25:16
Entropy 2.16096
Detected Filetype Icon file
MD5 42cf62b780813706e75fb9f2b2e8c258
SHA1 a022d5c1cfdd8aace0089f3e72f2eedd41bda464
SHA256 a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf
SHA3 0aafc8e3d8b6bde595537da4ffe0efc5fe53f01dafe336a2a5828b6a71283d3c

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not reach the TLS callback table. [*] Warning: Section UPX0 has a size of 0! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8! [*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
Leave a comment

No comments yet.