File name: | keygen.exe |
Full analysis: | https://app.any.run/tasks/d64dbd38-64a5-4d13-8ca2-b503df9ffb27 |
Verdict: | Malicious activity |
Analysis date: | October 20, 2020, 01:19:17 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
MD5: | 9CCF3D76DE2D848E01981B3D8153BC65 |
SHA1: | E635262DECE716924686D2E58578E14326F40359 |
SHA256: | CD5FED24E45FFA986B56784E494559C37162966AB6608BA745ACB83B8CF1E4AD |
SSDEEP: | 24576:8M6H7/V8s6tmsFXqU9/K9BkIDgA3wal1:8M4/Ss6JFJSX53l |
.exe | | | UPX compressed Win32 Executable (71.8) |
---|---|---|
.exe | | | Win32 Executable (generic) (11.9) |
.exe | | | Win16/32 Executable Delphi generic (5.5) |
.exe | | | Generic Win/DOS Executable (5.3) |
.exe | | | DOS Executable Generic (5.3) |
ProductName: | EaseUS_DRW |
---|---|
FileDescription: | EaseUS_DRW |
ProgramID: | com.embarcadero.EaseUS_DRW |
ProductVersion: | 1.0.0.0 |
FileVersion: | 2.0.0.0 |
CharacterSet: | Windows, Latin1 |
LanguageCode: | English (U.S.) |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Win32 |
FileFlags: | (none) |
FileFlagsMask: | 0x003f |
ProductVersionNumber: | 1.0.0.0 |
FileVersionNumber: | 2.0.0.0 |
Subsystem: | Windows GUI |
SubsystemVersion: | 5 |
ImageVersion: | - |
OSVersion: | 5 |
EntryPoint: | 0x35e610 |
UninitializedDataSize: | 2887680 |
InitializedDataSize: | 569344 |
CodeSize: | 643072 |
LinkerVersion: | 2.25 |
PEType: | PE32 |
TimeStamp: | 2018:12:22 14:25:01+01:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 22-Dec-2018 13:25:01 |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0050 |
Pages in file: | 0x0002 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x000F |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x001A |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000100 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 3 |
Time date stamp: | 22-Dec-2018 13:25:01 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
UPX0 | 0x00001000 | 0x002C1000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0 |
UPX1 | 0x002C2000 | 0x0009D000 | 0x0009CA00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 7.92651 |
.rsrc | 0x0035F000 | 0x0008B000 | 0x0008AE00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.55151 |
KERNEL32.DLL |
advapi32.dll |
comctl32.dll |
gdi32.dll |
netapi32.dll |
ole32.dll |
oleaut32.dll |
shell32.dll |
user32.dll |
version.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2592 | "C:\Users\admin\AppData\Local\Temp\keygen.exe" | C:\Users\admin\AppData\Local\Temp\keygen.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Description: EaseUS_DRW Version: 2.0.0.0 |