PUP.Keygen.RDA
Table of Contents
Analysis Report
General information
| Family Name: | PUP.Keygen.RDA |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
49e5c01952cd892dbf42a51c6a5f3ceb
SHA1:
f68abc65c1e189d1de603de23b5bbf2f0105f996
File Size:
37.89 KB, 37888 bytes
|
|
MD5:
7efdb13acf9ab3600c262438f0cde340
SHA1:
49b983cee4c6eac0258b71445d53e223c84fe0d5
SHA256:
02CE00821EF4DC696BF5CD80CE178DF5E85DAC9DF1F580F0AC7A03E4B557C4BF
File Size:
76.29 KB, 76288 bytes
|
|
MD5:
24751195a25718e734b16dad063a8911
SHA1:
c88277050e6b6e0201086adc15ac7a2adda484dc
SHA256:
A93FC3C9D4BD5D16FBDD427B6C0A6C4F461A5BEB50F382AB03BE74AE3B0E8AC4
File Size:
37.89 KB, 37888 bytes
|
|
MD5:
a20c78d95f2baefb52b7216b438c3373
SHA1:
9fafdf7d61b9d589675d0ee1dcd016f61c0b371b
SHA256:
9C1F9ED17BEF016188C150A6B2AB74748CE2D75DD18C880DC0C0BBAA70B22D30
File Size:
37.89 KB, 37888 bytes
|
|
MD5:
a995cbab3e11aa93b73f0ddc32a5bcc1
SHA1:
d886d5ac6ce7d8f43e32d55f085495148420ba80
SHA256:
A49B6D665E28E925B51EDD851EA7558CDB03EC9D445DE485A0BF41A70E2C23BC
File Size:
37.89 KB, 37888 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
File Traits
- No Version Info
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 9 |
|---|---|
| Potentially Malicious Blocks: | 7 |
| Whitelisted Blocks: | 2 |
| Unknown Blocks: | 0 |
Visual Map
x
x
0
x
x
x
x
x
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Keygen.RDA
Registry Modifications
Registry Modifications
This section lists registry keys and values that were created, modified and/or deleted by samples in this family. Windows Registry activity can provide valuable insight into malware functionality. Additionally, malware often creates registry values to allow itself to automatically start and indefinitely persist after an initial infection has compromised the system.| Key::Value | Data | API Name |
|---|---|---|
| HKCU\software\ams software\calendar::type_s | ok:{Calk|||dd7ed1a0eed5af8043c9} | RegNtPreCreateKey |
| HKCU\software\ams software\calendar::type_e | sairuwkdzue@gmail.com | RegNtPreCreateKey |
| HKCU\software\ams software\calendar::type_k | 3HXJWJ6GQ9Wabcdef | RegNtPreCreateKey |
| HKCU\software\ams software\calendar::type_v | 18.12.2023 | RegNtPreCreateKey |
| HKCU\software\ams software\fotoshowpro::type_s | ok:{Calk|||9833398a0a0a383321ae} | RegNtPreCreateKey |
| HKCU\software\ams software\fotoshowpro::type_e | xaiuetsxplj@gmail.com | RegNtPreCreateKey |
| HKCU\software\ams software\fotoshowpro::type_k | 3AE26RNY1YAabcdef | RegNtPreCreateKey |
| HKCU\software\ams software\fotoshowpro::type_v | 16.02.2022 | RegNtPreCreateKey |
| HKCU\software\ams software\calendar::type_s | ok:{Calk|||866c0fc5d55775f39897} | RegNtPreCreateKey |
| HKCU\software\ams software\calendar::type_e | quoxzqachnc@gmail.com | RegNtPreCreateKey |
Show More
| HKCU\software\ams software\calendar::type_v | 22.12.2022 | RegNtPreCreateKey |
| HKCU\software\ams software\homedesign::type_s | ok:{Calk|||c693e87369cfc5c82d8b} | RegNtPreCreateKey |
| HKCU\software\ams software\homedesign::type_e | upbgdfwuevm@gmail.com | RegNtPreCreateKey |
| HKCU\software\ams software\homedesign::type_k | 37Z5K3G5DXTabcdef | RegNtPreCreateKey |
| HKCU\software\ams software\homedesign::type_v | 07.07.2025 | RegNtPreCreateKey |
| HKCU\software\ams software\photomaster::type_s | ok:{Calk|||b8d15f5263b8cba1f4c7} | RegNtPreCreateKey |
| HKCU\software\ams software\photomaster::type_e | hydtmgjhqby@gmail.com | RegNtPreCreateKey |
| HKCU\software\ams software\photomaster::type_k | 3AF1WDBPMARabcdef | RegNtPreCreateKey |
| HKCU\software\ams software\photomaster::type_v | 26.10.2025 | RegNtPreCreateKey |
