File name:

Keygen_PCTrans.exe

Full analysis: https://app.any.run/tasks/1a2e3191-542a-47c0-a1c5-00eb04cfb7f2
Verdict: Suspicious activity
Analysis date: October 03, 2022, 17:39:18
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

40B8AE373AA61F06F3A5EB36F9B38096

SHA1:

C60348AE001455AC84DEB1F8C71624C5327C74B2

SHA256:

F8F03EB41C0B00AA6131804A787A6CC7A2A75C26539B5859F551DDE077F8FC06

SSDEEP:

24576:ftAI+w2xVzggCGRsBX7yKXWC/IbSOCXxPdatpVxK0vW5O3Vc:FR2xVz5RsBX+KqbSOWdqZK0vVVc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads the computer name

      • Keygen_PCTrans.exe (PID: 3880)

    • Checks supported languages

      • Keygen_PCTrans.exe (PID: 3880)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | DOS Executable Generic (100)

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 2020-Aug-24 13:15:55
Detected languages:
  • English - United States
FileVersion: 2.0.0.0
ProductVersion: 1.0.0.0
ProgramID: com.embarcadero.EaseUS_TodoPCTrans
FileDescription: EaseUS_TodoPCTrans
ProductName: EaseUS_TodoPCTrans

DOS Header

e_magic: MZ
e_cblp: 58881
e_cp: 13427
e_crlc: 52048
e_cparhdr: 42488
e_minalloc: 51251
e_maxalloc: 59341
e_ss: 32386
e_sp: 8644
e_csum: 41674
e_ip: 30321
e_cs: 26762
e_ovno: 43163
e_oemid: 27780
e_oeminfo: 2580
e_lfanew: 256

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
NumberofSections: 5
TimeDateStamp: 2020-Aug-24 13:15:55
PointerToSymbolTable: -
NumberOfSymbols: -
SizeOfOptionalHeader: 224
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_RELOCS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.tls
4096
2961408
0
IMAGE_SCN_MEM_READ
.data
2965504
4096
512
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
2.90622
.rsrc
2969600
149660
116940
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
7.59055
.didata
3121152
4096
512
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0.328119
.tls (#2)
3125248
98304
96608
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
7.99738

Resources

Title
Entropy
Size
Codepage
Language
Type
1
7.23316
308
UNKNOWN
English - United States
RT_CURSOR
2
7.33506
308
UNKNOWN
English - United States
RT_CURSOR
3
7.27298
308
UNKNOWN
English - United States
RT_CURSOR
4
7.21879
308
UNKNOWN
English - United States
RT_CURSOR
5
7.35017
308
UNKNOWN
English - United States
RT_CURSOR
6
7.29973
308
UNKNOWN
English - United States
RT_CURSOR
7
7.28842
308
UNKNOWN
English - United States
RT_CURSOR
8
5.5419
4264
UNKNOWN
English - United States
RT_ICON
9
5.44407
9640
UNKNOWN
English - United States
RT_ICON
10
7.96619
31098
UNKNOWN
English - United States
RT_ICON

Imports

advapi32.dll
comctl32.dll
kernel32.dll
user32.dll
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start keygen_pctrans.exe no specs keygen_pctrans.exe

Process information

PID
CMD
Path
Indicators
Parent process
2200"C:\Users\admin\AppData\Local\Temp\Keygen_PCTrans.exe" C:\Users\admin\AppData\Local\Temp\Keygen_PCTrans.exeExplorer.EXE
User:
admin
Integrity Level:
MEDIUM
Description:
EaseUS_TodoPCTrans
Exit code:
3221226540
Version:
2.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\keygen_pctrans.exe
c:\windows\system32\ntdll.dll
3880"C:\Users\admin\AppData\Local\Temp\Keygen_PCTrans.exe" C:\Users\admin\AppData\Local\Temp\Keygen_PCTrans.exe
Explorer.EXE
User:
admin
Integrity Level:
HIGH
Description:
EaseUS_TodoPCTrans
Version:
2.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\keygen_pctrans.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
Total events
339
Read events
339
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Keygen_PCTrans.exe