PUP.Keygen.I
Table of Contents
Analysis Report
General information
| Family Name: | PUP.Keygen.I |
|---|---|
| Packers: | UPX |
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
953a619c1821e8901b21d4ef05f0ad45
SHA1:
97b9b939386833589d6f4ac517c9b7a2b4cc4b12
File Size:
58.37 KB, 58368 bytes
|
|
MD5:
37e8f8a772a0acc1a9ca2f575e457286
SHA1:
5f76950f4f06f83a4c197536fbaf372db63142fd
SHA256:
25255EE36CEEE5F40417283141EF3A02944563C59AB55A1915CED41382F9D10A
File Size:
268.26 KB, 268262 bytes
|
|
MD5:
402fe46fad9c99d767502ec512893684
SHA1:
a78e8824b79167861467505a2301f15b0cb1bb16
SHA256:
D127C7A4B0F4C33348F34133B392837FE4965650AA02D316F718209D5DACD1CD
File Size:
83.46 KB, 83456 bytes
|
|
MD5:
32881944ed2ab940c14bb77c2772139f
SHA1:
7816fcf9bac6ce8679b27367d2b0d1dfcb98e134
SHA256:
087BB9340D1E04AA6607629EE9EB23CD25D1CE02BFC9166CD4B0233F03EC753F
File Size:
57.60 KB, 57603 bytes
|
|
MD5:
efe26fdf99c06d390d7ed57393da7206
SHA1:
2f196bac1ccd11cb1ad97860c113315eb5c96066
SHA256:
0A9F3052AD454FA3FE7C573A64E3DC7EEBE0D4C0FF65423A790E5AE02F007903
File Size:
76.29 KB, 76288 bytes
|
Show More
|
MD5:
b4eb925499780b0ad07cae139bf0967b
SHA1:
5a0de23aea8d1c789509a99961162c734abb62cd
SHA256:
98F374FE2B72491FC6CA60EA22C60C096376AC5F8047B37887D369885EA57076
File Size:
97.79 KB, 97792 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has been packed
- File has TLS information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name | Microsoft |
| File Version | 1.00 |
| Internal Name | Win |
| Original Filename | Win.exe |
| Product Name | Win |
| Product Version | 1.00 |
File Traits
- .UPX
- 2+ executable sections
- HighEntropy
- No Version Info
- packed
- upx
- UPX!
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 408 |
|---|---|
| Potentially Malicious Blocks: | 49 |
| Whitelisted Blocks: | 359 |
| Unknown Blocks: | 0 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
0
0
0
0
0
x
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
x
x
0
0
x
x
x
0
x
x
x
x
0
0
x
x
x
x
x
x
x
x
x
x
x
x
0
0
0
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
0
x
x
0
x
0
x
x
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Anti Debug |
|
| User Data Access |
|
| Other Suspicious |
|
