PUP.Keygen.VAA

Analysis Report

General information

Family Name: PUP.Keygen.VAA
Packers: UPX
Signature status: Hash Mismatch

Known Samples

MD5: 6475ba350ea3e0448a1086aba260a86c
SHA1: fba99395468c8466ed059a5a9bd7b134e13359a1
SHA256: 9014113EEC093249A0F39FC955F32398C4A77D3FA82A7B478004DD57DBE6AF6E
File Size: 798.21 KB, 798208 bytes
MD5: 169af4324af8d7a88a16b855342a576e
SHA1: df17b676e4d412d91ce8d910f2f92206867db68d
SHA256: C5A590720AF1799ADBB807F947F4ADB275A9C6DC071386FEDD3156F4EE75BF08
File Size: 235.52 KB, 235520 bytes
MD5: ab4afa929628e61eb9aee6fb9bccd0d9
SHA1: d9a73b4960773b827c825c59540804ed830a3e91
SHA256: 69B591193D6EC73C45E7B1806BC2F98AC06832070F2553457B811E979D90009C
File Size: 217.42 KB, 217424 bytes
MD5: 92076a4cc51181fa35ba90b5a2d31148
SHA1: fb23d99a18e26b8e73cbb27f328ded2b136e05ac
SHA256: 0EF1F44DEF48551056207C94AC9FCC2E6BCA9F22D3E60D96BA1F8BEA2E19741E
File Size: 1.04 MB, 1038848 bytes
MD5: d3c3dbe155f6e162773fa28045e046e4
SHA1: 8589dde373f472990c5eb0883b1946559a76f791
SHA256: 306753E4DF9F1192E71812781B03F35B9B4D23B234894A91212BE553544D543E
File Size: 366.14 KB, 366136 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • OnLyOnE Inc.
  • Synaptics
File Description
  • Activator for StartIsBack++ fuck the brains
  • Synaptics Pointing Device Driver
File Version
  • 1.00
  • 1.0.0.4
  • 1.0.0.0
Internal Name
  • Activator
  • TJprojMain
Legal Copyright Copyright (C) 2001-2015, OnLyOnE
Original Filename
  • Activator.exe
  • TJprojMain.exe
Product Name
  • Activator for StartIsBack
  • Project1
  • Synaptics Pointing Device Driver
Product Version
  • 1.00
  • 1.0.0.0

Digital Signatures

Signer Root Status
Stanislav Zinukhov Research Root CA Hash Mismatch

File Traits

  • 2+ executable sections
  • dll
  • HighEntropy
  • No Version Info
  • ntdll
  • packed
  • PECompact v2.20
  • UPack (Generic)
  • UPack 0.39
  • x86

Block Information

Total Blocks: 63
Potentially Malicious Blocks: 42
Whitelisted Blocks: 9
Unknown Blocks: 12

Visual Map

x x ? ? ? ? x x x x ? ? x x 2 0 x 0 1 1 0 ? x 0 0 ? ? ? ? ? x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Windows API Usage

Category API
Other Suspicious
  • SetWindowsHookEx
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
  • OutputDebugString
User Data Access
  • GetUserObjectInformation
Cert Store Read
  • CertOpenStore
Cert Store Write
  • CertAddCertificateContextToStore

Trending

Most Viewed

Loading...