PUP.Keygen.HE

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.Keygen.HE
Signature status:	No Signature

Known Samples

MD5: e35da12416c2365be2b012c7c45da98d

SHA1: f64bb8b33f7303e39db4bfe9817a9558b38dd66e

SHA256: 09D14B8FFC5600536E022D192AB05881D4C291DA775479548AE82D48C1E67F6F

File Size: 1.93 MB, 1931103 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has TLS information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)

File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

HighEntropy
No Version Info
x86

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\eut14\_instiz.cmd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\eut14\creadctmanuale.cmd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\eut14\creatuttoautomatico.cmd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\eut14\deviceid.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\eut14\estraimetakey.cmd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\eut14\guidaattivazione.pdf	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\eut14\metti_qui_file_meta_della_mappa\soloper_creadct_o_estrai.metakey	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\eut14\progs\keygen6.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\eut14\progs\meta.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\eut14\progs\tt7_metacheck.exe	Generic Write,Read Attributes

c:\users\user\appdata\local\temp\eut14\progs\tt8_keygen2.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\eut14\progs\tt8_mapcheck2.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\eut14\ttsystem_patcher\compact.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\eut14\ttsystem_patcher\cygwin1.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\eut14\ttsystem_patcher\extract.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\eut14\ttsystem_patcher\gzip.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\eut14\ttsystem_patcher\patchydg.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\eut14\ttsystem_patcher\runme.bat	Generic Write,Read Attributes
c:\users\user\desktop\eut_149	Generic Read,Write Data,Write Attributes,Write extended,Delete,LEFT 262144
c:\users\user\desktop\eut_149	Write Attributes
c:\users\user\desktop\eut_149\_instiz.cmd	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\desktop\eut_149\_instiz.cmd	Write Attributes
c:\users\user\desktop\eut_149\creadctmanuale.cmd	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\desktop\eut_149\creadctmanuale.cmd	Write Attributes
c:\users\user\desktop\eut_149\creatuttoautomatico.cmd	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\desktop\eut_149\creatuttoautomatico.cmd	Write Attributes
c:\users\user\desktop\eut_149\deviceid.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\desktop\eut_149\deviceid.txt	Write Attributes
c:\users\user\desktop\eut_149\estraimetakey.cmd	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\desktop\eut_149\estraimetakey.cmd	Write Attributes
c:\users\user\desktop\eut_149\guidaattivazione.pdf	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\desktop\eut_149\guidaattivazione.pdf	Write Attributes
c:\users\user\desktop\eut_149\metti_qui_file_meta_della_mappa	Generic Read,Write Data,Write Attributes,Write extended,Delete,LEFT 262144
c:\users\user\desktop\eut_149\metti_qui_file_meta_della_mappa	Write Attributes
c:\users\user\desktop\eut_149\metti_qui_file_meta_della_mappa\soloper_creadct_o_estrai.metakey	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\desktop\eut_149\metti_qui_file_meta_della_mappa\soloper_creadct_o_estrai.metakey	Write Attributes
c:\users\user\desktop\eut_149\progs	Generic Read,Write Data,Write Attributes,Write extended,Delete,LEFT 262144
c:\users\user\desktop\eut_149\progs	Write Attributes
c:\users\user\desktop\eut_149\progs\keygen6.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\desktop\eut_149\progs\keygen6.exe	Write Attributes
c:\users\user\desktop\eut_149\progs\meta.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\desktop\eut_149\progs\meta.txt	Write Attributes
c:\users\user\desktop\eut_149\progs\tt7_metacheck.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\desktop\eut_149\progs\tt7_metacheck.exe	Write Attributes
c:\users\user\desktop\eut_149\progs\tt8_keygen2.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\desktop\eut_149\progs\tt8_keygen2.exe	Write Attributes
c:\users\user\desktop\eut_149\progs\tt8_mapcheck2.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\desktop\eut_149\progs\tt8_mapcheck2.exe	Write Attributes
c:\users\user\desktop\eut_149\ttsystem_patcher	Generic Read,Write Data,Write Attributes,Write extended,Delete,LEFT 262144
c:\users\user\desktop\eut_149\ttsystem_patcher	Write Attributes
c:\users\user\desktop\eut_149\ttsystem_patcher\compact.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\desktop\eut_149\ttsystem_patcher\compact.exe	Write Attributes
c:\users\user\desktop\eut_149\ttsystem_patcher\cygwin1.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\desktop\eut_149\ttsystem_patcher\cygwin1.dll	Write Attributes
c:\users\user\desktop\eut_149\ttsystem_patcher\extract.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\desktop\eut_149\ttsystem_patcher\extract.exe	Write Attributes
c:\users\user\desktop\eut_149\ttsystem_patcher\gzip.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\desktop\eut_149\ttsystem_patcher\gzip.exe	Write Attributes
c:\users\user\desktop\eut_149\ttsystem_patcher\patchydg.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\desktop\eut_149\ttsystem_patcher\patchydg.exe	Write Attributes
c:\users\user\desktop\eut_149\ttsystem_patcher\runme.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\desktop\eut_149\ttsystem_patcher\runme.bat	Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	䫡巔ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475	㵙ȁ獖}	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	CreateProcess ShellExecute WriteConsole
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtConnectPort Show More ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenMutant ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetTimer2 ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForMultipleObjects ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile UNKNOWN
Anti Debug	IsDebuggerPresent
User Data Access	GetUserObjectInformation
Process Terminate	TerminateProcess

Shell Command Execution


							open C:\Users\Mzxhtshc\AppData\Local\Temp\EUT14\_instIZ.cmd


							C:\WINDOWS\system32\xcopy.exe xcopy  .  "C:\Users\Mzxhtshc\Desktop\EUT_149\" /e /i /q /h /r /y


							WriteConsole: 18 File(s) copie


							WriteConsole: The process cann


							WriteConsole: The batch file c

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.Keygen.HE

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

File Traits

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Scrutchother.club

System Antivirus Microsoft 2011

Trojan.MSIL.Krypt.ABQHB

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Is Stuck on Gray Screen

Discord Shows Black Screen when Sharing Screen