Gridinsoft Logo
File Icon

ABLETON KEYGEN.exe Trojan Wacatac Analysis

Updated 9 months ago
Checked by Malaware Check
ABLETON KEYGEN.exe

Technical Analysis

File Name ABLETON KEYGEN.exe
File Type
PE32+ executable (console) x86-64, for MS Windows
Scanner Version 1.0.185.174
Database Version 2024-08-18 19:00:16 UTC

Ransom.Win64.Wacatac.sa

Malware family: Wacatac

Wacatac malware demonstrates multiple malicious capabilities including data theft, system compromise, and secondary payload deployment. It can download additional malware components including ransomware to extend attack impact.
N/A
Detection Rate
8,210,818
File Size (bytes)
2024-08-18
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
bef1e3ad5ab1f1db255af1a5e5851cdb
SHA1
1089364edc57f3c6b962c64ef59d4ad8ad34dc91
SHA256
98860ab48bdf40ae51bb4b3608a4fb2f1d37a6f9ed417805932deee2d85a67ee
SHA512
6875261cc05c66265cfb07bfa51ece40675e4b11090d28087b2ccbec53f3eaaaf26caabf8c8e1d61704b3c7a3e05ad664b2c8d2a396dc5b4599e435f74e2ff83
ImpHash
bae3d3e8262d7ce7e9ee69cc1b630d3a

PE Analysis

Basic Information

Icon
Hash: 4a8b201deb3283354ca9c79748c9f8c1
Fuzzy: c107f94b0e19ce4e1e8c0dbb5a37ad39
dHash: ccc29cccc4ccb2e8
Image Base 0x140000000
Entry Point 0x14000b680
Compilation Time 2023-12-07 19:03:09
Checksum 0x007e2fe7 (Actual: 0x007e2fe7)
OS Version 5.2
PEiD Signatures PE32+ executable (console) x86-64, for MS Windows
Digital Signature The PE file does not contain a certificate table.
Imports 3 libraries
USER32, KERNEL32, ADVAPI32
Exports 0 functions
Resources 3 Resources
Sections 7 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 171,328 bytes 171,520 bytes 6.50 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ E66F2F95928939DA653D981BE7E60B7D
.rdata 0x0002b000 76,034 bytes 76,288 bytes 5.84 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 67749395E1DEEDA3311BA36A166B509A
.data 0x0003e000 13,112 bytes 3,584 bytes 1.82 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 033E0B425E93447B2CE3C4EC77BDC191
.pdata 0x00042000 8,904 bytes 9,216 bytes 5.34 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ F0ABC814F732E2131394598AB622B584
_RDATA 0x00045000 348 bytes 512 bytes 2.76 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7E231EB5CDBE4EC938E06160E612FF6B
.rsrc 0x00046000 5,812 bytes 6,144 bytes 5.91 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ C08D17FE20070AC3777E5D3CEB9CCF99
.reloc 0x00048000 1,884 bytes 2,048 bytes 5.24 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 50E469E3D07609E6FF26B5103D72E931
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 3 (5,577 bytes)
Resource Type Count Total Size Percentage
RT_ICON 1 4,264 bytes
76.5%
RT_GROUP_ICON 1 20 bytes
0.4%
RT_MANIFEST 1 1,293 bytes
23.2%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Ransom.Win64.Wacatac.sa Removal

Gridinsoft has the capability to identify and eliminate Ransom.Win64.Wacatac.sa without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware