popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

keygen.exe

Malicious Packer UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Oct. 16, 2024, 1:37 p.m. Oct. 16, 2024, 1:40 p.m.
Size 54.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 3bd08acd4079d75290eb1fb0c34ff700
SHA256 4d3d060d8ec7089acfb4ba233d6f2a00a910503be648709a97714c84a80cccd8
CRC32 567E703A
ssdeep 768:PnnRvIebZmzgaCbKvyyEhI1lA8y2RsYAExUnzVBN5Rt4v94MtCZoSW:/nRAG6DvyyE+1lZy2RhAmUnty6MtTSW
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2552
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x733c2000
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x0000ae00', u'virtual_address': u'0x0001d000', u'entropy': 7.886096569178283, u'name': u'UPX1', u'virtual_size': u'0x0000b000'} entropy 7.88609656918 description A section with a high entropy has been found
entropy 0.820754716981 description Overall entropy of this PE file is high
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Keygen.4!c
Skyhigh Generic Malware.ch!ats
Cylance Unsafe
Sangfor Trojan.Win32.Keygen.Vopt
CrowdStrike win/grayware_confidence_100% (W)
K7GW Riskware ( 00584baa1 )
K7AntiVirus Riskware ( 00584baa1 )
VirIT Trojan.Win32.Generic.LAG
Symantec PUA.Keygen
Elastic malicious (moderate confidence)
ESET-NOD32 Win32/Keygen.IH potentially unsafe
SUPERAntiSpyware Hack.Tool/Gen-Keygen
McAfeeD ti!4D3D060D8EC7
CTX exe.trojan.keygen
Sophos Keygen (PUA)
Ikarus not-a-virus:Keygen.Acronis
Jiangmin Worm.Viking.py
Webroot W32.Hack.Tool
Google Detected
Antiy-AVL RiskWare/Win32.KeyGen
Gridinsoft PUP.Win32.Presenoker.oa
Xcitium Malware@#30poc4x7fwuf9
Microsoft HackTool:Win32/Keygen!pz
GData Win32.Application.Keygen.B
Varist W32/Keygen.Y.gen!Eldorado
AhnLab-V3 Unwanted/Win32.Keygen.R23827
McAfee Generic Malware.ch!ats
DeepInstinct MALICIOUS
Malwarebytes Keygen.CrackTool.RiskWare.DDS
MaxSecure Trojan.Malware.2588.susgen
Fortinet W32/Shifu.AEZ!tr
Paloalto generic.ml