Gridinsoft Logo
File Icon

Keygen_For_Fake_2021_11_by_ReverseCodez.exe Trojan CoinMiner Analysis

Technical Analysis

File Name Keygen_For_Fake_2021_11_by_ReverseCodez.exe
File Type
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Scanner Version 1.0.212.174
Database Version 2025-04-07 14:00:48 UTC

Trojan.Win32.CoinMiner.ns

Malware family: CoinMiner

CoinMiner malware utilizes system resources including CPU and RAM for unauthorized cryptocurrency mining. It establishes persistence through startup integration and may use resource management techniques to avoid detection while mining currencies like Monero or Zcash.
N/A
Detection Rate
159,232
File Size (bytes)
2025-04-07
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
6da69b8791c12096042659efcca980c5
SHA1
f0612c041b348a9c36af965257549e588eb8e319
SHA256
27faca387d9a8e5c7e43366b3eb4e0e108c9bc1bbfade960a7a41eb134f0eae0
SHA512
bd752b04820e4aa862fb4fc9dcd1d2a6571eaf326f043d88544cd0fba953c8ee297be067a0a4c261847efd35896bc5f8b92c0612539f4ec3c5ccd53c2f3b58ff
ImpHash
f34d5f2d4577ed6d9ceec516c1f5a744

PE Analysis

Basic Information

Icon
Hash: 97d50cf5e83327b5ad43227830bd48f9
Fuzzy: 6c49fad5477be665e46394a07ad7e0bf
dHash: 704dccd4e4e8f0d0
Image Base 0x00400000
Entry Point 0x0042c00a
Compilation Time 2023-02-04 19:09:24
Checksum 0x00000000 (Actual: 0x00027aee)
OS Version 4.0
PEiD Signatures PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Digital Signature No valid SignedData structure was found.
Imports 1 libraries
mscoree
Exports 0 functions
Resources 7 Resources
Sections 5 Sections

Version Information

Translation 0x0000 0x04b0
Comments
CompanyName
FileDescription Keygen
FileVersion 1.0.0.0
InternalName Keygen2020.exe
LegalCopyright Copyright © 2021
LegalTrademarks
OriginalFilename Keygen2020.exe
ProductName Keygen
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
e^JyB5 ] 0x00002000 82,688 bytes 82,944 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 1946F7FDFA4B736FA222126F2A7CCAE0
.text 0x00018000 48,076 bytes 48,128 bytes 5.22 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 89C073F6F8030D39CCCBC5D7BCB1AD98
.rsrc 0x00024000 25,766 bytes 26,112 bytes 4.14 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ B08970D19F57E9BA3E2026B2BAB9CC95
0x0002c000 16 bytes 512 bytes 0.14 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6F55453EFDE4923A1B69CEF6BF806365
.reloc 0x0002e000 12 bytes 512 bytes 0.10 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 99CD0CB485D94D155A53D4DD92C3C62F
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 7 (25,316 bytes)
Resource Type Count Total Size Percentage
RT_ICON 4 23,968 bytes
94.7%
RT_GROUP_ICON 1 62 bytes
0.2%
RT_VERSION 1 796 bytes
3.1%
RT_MANIFEST 1 490 bytes
1.9%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Win32.CoinMiner.ns Removal

Gridinsoft has the capability to identify and eliminate Trojan.Win32.CoinMiner.ns without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Gridinsoft Anti-Malware