× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 11791655863320a61e687444c00f67d92a4928da37552a8a1c14fe6d07e7de0f
File name: ProduKey.exe
Detection ratio: 25 / 67
Analysis date: 2018-10-13 16:27:03 UTC ( 1 week, 2 days ago )
Antivirus Result Update
Antiy-AVL RiskWare[PSWTool]/Win32.ProductKey 20181013
Avira (no cloud) SPR/Tool.ProdKey.1 20181013
CMC Generic.Win32.46aa38c995!CMCRadar 20181013
Cylance Unsafe 20181013
Cyren W32/Risk.WANJ-2094 20181013
DrWeb Tool.PassSteel.959 20181013
Endgame malicious (moderate confidence) 20180730
ESET-NOD32 a variant of Win32/PSWTool.ProductKey potentially unsafe 20181013
F-Prot W32/MalwareS.BKHD 20181013
Fortinet Riskware/ProductKey 20181013
GData Win32.Application.Agent.BS0RJ2 20181013
K7AntiVirus Hacktool ( 004a50aa1 ) 20181013
K7GW Hacktool ( 004a50aa1 ) 20181013
Kingsoft Win32.PSWTroj.Undef.(kcloud) 20181013
Malwarebytes PUP.Optional.ProductKeyFinder 20181013
MAX malware (ai score=97) 20181013
McAfee Tool-ProduKey 20181013
McAfee-GW-Edition Tool-ProduKey 20181013
NANO-Antivirus Riskware.Win32.ProductKey.iljle 20181013
Sophos AV NirSoft ProduKey (PUA) 20181013
TheHacker Posible_Worm32 20181011
VIPRE Nirsoft Password Recovery (not malicious) None
ViRobot PSWTool.ProductKey.35328.A 20181013
Webroot Hacktool:Nirsoftpassview 20181013
Zillya Tool.ProductKey.Win32.25 20181012
Ad-Aware 20181013
AegisLab 20181013
AhnLab-V3 20181013
Alibaba 20180921
ALYac 20181013
Arcabit 20181013
Avast 20181013
Avast-Mobile 20181013
AVG 20181013
Babable 20180918
Baidu 20181012
BitDefender 20181013
Bkav 20181013
CAT-QuickHeal 20181013
ClamAV 20181013
Comodo 20181013
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
eGambit 20181013
Emsisoft 20181013
F-Secure 20181013
Ikarus 20181013
Sophos ML 20180717
Jiangmin 20181013
Kaspersky 20181013
Microsoft 20181013
eScan 20181013
Palo Alto Networks (Known Signatures) 20181013
Panda 20181013
Qihoo-360 20181013
Rising 20181012
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181013
Symantec 20181012
Symantec Mobile Insight 20181001
TACHYON 20181013
Tencent 20181013
TrendMicro 20181010
TrendMicro-HouseCall 20181010
Trustlook 20181013
VBA32 20181012
Yandex 20181012
ZoneAlarm by Check Point 20181013
Zoner 20181012
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2005 - 2008 Nir Sofer

Product ProduKey
Original name ProduKey.exe
Internal name ProduKey
File version 1.35
Description ProduKey
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-11-18 10:08:36
Entry Point 0x00014EE0
Number of sections 3
PE sections
PE imports
RegCloseKey
SetBkMode
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetOpenEnumA
SHGetMalloc
gethostbyname
FindTextA
CoInitialize
Number of PE resources by type
RT_STRING 10
RT_DIALOG 4
RT_ICON 3
RT_BITMAP 3
RT_MENU 2
RT_GROUP_ICON 2
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 17
HEBREW DEFAULT 12
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
8192

ImageVersion
0.0

ProductName
ProduKey

FileVersionNumber
1.3.5.0

UninitializedDataSize
53248

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
ProduKey.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.35

TimeStamp
2008:11:18 11:08:36+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ProduKey

ProductVersion
1.35

FileDescription
ProduKey

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2005 - 2008 Nir Sofer

MachineType
Intel 386 or later, and compatibles

CompanyName
NirSoft

CodeSize
32768

FileSubtype
0

ProductVersionNumber
1.3.5.0

EntryPoint
0x14ee0

ObjectFileType
Executable application

File identification
MD5 46aa38c995bd7ceda75d48df6e7aa935
SHA1 e7c9e4dfb58b609f1138c704ae7cf0e89e9ebe25
SHA256 11791655863320a61e687444c00f67d92a4928da37552a8a1c14fe6d07e7de0f
ssdeep
768:jiRsPZ/lE355Fv1sHDeljcuy4i2HZPhL/Dl46jc2D5l:jUsB+LmiA2Hb/Hokl

authentihash 2951d0d8c2c283e58c89831e9442897a4cc25eb5f4469a689ad76eca26e953b9
imphash 231f4ee798a8ec95079cd0b91a628974
File size 34.5 KB ( 35328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe

VirusTotal metadata
First submission 2008-11-18 23:15:12 UTC ( 9 years, 11 months ago )
Last submission 2018-10-13 16:27:03 UTC ( 1 week, 2 days ago )
File names 6e9fb9939f3adf6e10851c03cdf5ce41_ProduKey.exe.safe
ed3482c5000d62178a18000f22ca630058486722.exe
ProduKey
file-3164449_exe
ProduKey.exe
e7c9e4dfb58b609f1138c704ae7cf0e89e9ebe25
smona132022297965515401166
46aa38c995bd7ceda75d48df6e7aa935
avz00002.dta
produkey.exe
_VIRUS_ProduKey.exe
46aa38c995bd7ceda75d48df6e7aa935.exe
E7C9E4DFB58B609F1138C704AE7CF0E89E9EBE25.exe
avz00001.dta
Cloner32Virus (6).exe
01. ProduKey.exe
filename
0
smona132205443149935959667
sample.exe
ProduKey.
ed3482c5000d62178a18000f22ca630058486722.EXE
PRODUKEY.EXE
PSWTool.Win32.ProductKey.exe
file-11497_exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!