Gridinsoft Logo
File Icon

ProduKey.exe Virtool Gen Analysis

Updated 1 year ago
Checked by Malware Check
ProduKey.exe

Technical Analysis

File Name ProduKey.exe
File Type
PE32+ executable (GUI) x86-64, for MS Windows
Scanner Version 1.0.178.174
Database Version 2024-06-06 08:01:07 UTC

Virtool.Win64.Gen.ns

Malware family: Gen

This is a generic detection identifier for files exhibiting Trojan horse characteristics. It indicates malware that disguises itself as legitimate software while containing malicious code designed to compromise system security or steal information.
N/A
Detection Rate
130,768
File Size (bytes)
2024-06-06
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
22cd6c6bcce535f98624e1e82b52c4b2
SHA1
257de45aa761b6b112d6f9078ac60f81c57dc1d0
SHA256
a7eb4df3caefecad0fe169ba191aa20f9dbca9e5ee1edfb115ea3c4359df8bbb
SHA512
acd52441effee4c35b7542c451cf91431cc56fe410c5764fd25f5413ba007de8ab912dd94fc80e0a64a85fb5d114e9dc49ba01223b4be3f3dc8f0cec350a960d
ImpHash
dfa1c89393579564a2863331b1dec285

PE Analysis

Basic Information

Icon
Hash: 7ef9b7a09b352e41238fce1f1c417096
Fuzzy: cfdcf09c47d4099479ecd6cc05160fc1
dHash: 44b2686938d8cc00
Image Base 0x140000000
Entry Point 0x140014830
Compilation Time 2018-02-01 06:21:22
Checksum 0x0002455d (Actual: 0x0002455d)
OS Version 4.0
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
PDB Path c:\Projects\VS2005\ProduKey\x64\Release\ProduKey.pdb
Digital Signature OK
Imports 11 libraries
Exports 0 functions
Resources 32 Resources
Sections 5 Sections

Version Information

CompanyName NirSoft
FileDescription Shows Windows/Office product keys stored in the Registry
FileVersion 1.92
LegalCopyright Copyright © 2005 - 2018 Nir Sofer
ProductName ProduKey
ProductVersion 1.92
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 81,376 bytes 81,408 bytes 6.18 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 4815D979DCBF87CC92677E77F51E5537
.rdata 0x00015000 16,460 bytes 16,896 bytes 5.27 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 55A0E79D6CA37982307F8C4737CF8C13
.data 0x0001a000 4,792 bytes 1,024 bytes 0.89 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 86929F732533307D9B9486E2883A4DF1
.pdata 0x0001c000 3,108 bytes 3,584 bytes 4.53 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 0CDB7F45EFB0841E248A41B0A0817C3C
.rsrc 0x0001d000 14,824 bytes 14,848 bytes 4.08 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ B99180ACBC2F8B55CABA6DCDD31B16C3

Resource Analysis

Total Resources: 32 (12,984 bytes)
Resource Type Count Total Size Percentage
RT_CURSOR 1 308 bytes
2.4%
RT_BITMAP 3 1,432 bytes
11%
RT_ICON 3 1,336 bytes
10.3%
RT_MENU 2 2,374 bytes
18.3%
RT_DIALOG 4 3,822 bytes
29.4%
RT_STRING 13 1,952 bytes
15%
RT_ACCELERATOR 1 112 bytes
0.9%
RT_GROUP_CURSOR 1 20 bytes
0.2%
RT_GROUP_ICON 2 54 bytes
0.4%
RT_VERSION 1 676 bytes
5.2%
RT_MANIFEST 1 898 bytes
6.9%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

OK

Virtool.Win64.Gen.ns Removal

Gridinsoft has the capability to identify and eliminate Virtool.Win64.Gen.ns without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware