The Line6_KeyGen.exe (HelixNative KeyGen) File Analysis

Updated 1 year ago

Checked by Malware Check

Line6_KeyGen.exe

Technical Analysis

File Name	Line6_KeyGen.exe
File Type	Win32 EXE
Magic Bytes	`PE32+ executable (GUI) x86-64, for MS Windows`
SSDEEP Hash	3072:k7duTuceyaasrHPY2Nb63d4HEkSljEp2rbc2AjtKu:sceNTvY2N+SHErljgZ
Scanner Version	1.0.169.174
Database Version	2024-03-16 14:00:20 UTC

⚠

Suspicious File Detected

Detected by 5 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

Detection Rate

162,200

File Size (bytes)

5/73

Engines Detected

2024-03-16

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	ab8cc9d9ffb056fe8ca922758fa27750
SHA1	e765d33de8a69b6bc6f8aa8ab33ca1c777e6aaa0
SHA256	de7b1712c275686ef014a617d3e7b8eb5343c24a84f2f861628fecc43d9a04e8
SHA512	3848ae370bb37209f243c549df4555c30f2722d6e21d2a5de478ff1b89e9350ae33c28eae4ed99d1122343c40fca0697748f310364755600228381b0d0751c93
ImpHash	9ad1c31d6ba45b3f8635c166442d7952

Security Engines with Detections (5 of 73)

Bkav

W64.AIDetectMalware Malicious

Webroot

W32.Hack.Tool Malicious

Antiy-AVL

GrayWare[AdWare]/Win32.KeyGen Malicious

Microsoft

PUA:Win32/Keygen Malicious

MaxSecure

Trojan.Malware.108905947.susgen Malicious

68 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Icon	Hash: 7cd1237930ec5eca765adf3b5490479b Fuzzy: c0548aa7874d75386a1e0a24faaf6374 dHash: 71e8f0f0aacc6882
Image Base	`0x140000000`
Entry Point	`0x140002208`
Compilation Time	2022-11-24 10:45:38
Checksum	0x00030b58 (Actual: 0x00030b58)
OS Version	6.0
PEiD Signatures	`PE32+ executable (GUI) x86-64, for MS Windows`
Digital Signature	Chain verification from CN=R2R, O=R2R, C=JP (serial:-124693743733297935284415478778265267506, sha1:004d47889e493832b4fe1db48e95ba7c0dcaa83a) failed: Unable to build a validation path for the certificate "Common Name: R2R, Organization: R2R, Country: JP" - no issuer matching "Common Name: R2RCA" was found
Imports	7 libraries KERNEL32, USER32, ADVAPI32, SHELL32, ole32, OLEAUT32, imagehlp
Exports	0 functions
Resources	5 Resources
Sections	6 Sections

Version Information

▼

CompanyName	TEAM R2R
FileDescription	HelixNative KeyGen
FileVersion	4.1.0.1
InternalName	HelixNative_KeyGen.exe
LegalCopyright	Copyright (C) 2022
OriginalFilename	HelixNative_KeyGen.exe
ProductName	HelixNative KeyGen
ProductVersion	4.1.0.1
Translation	0x0400 0x04b0

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	93,246 bytes	93,696 bytes	6.51 (Compressed)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`81826A2B6F01CB838064C688CB953FA8`
`.rdata`	`0x00018000`	49,330 bytes	49,664 bytes	4.93 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`0524D99B0398DF47EC572083F3528103`
`.data`	`0x00025000`	7,424 bytes	3,072 bytes	2.12 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`9E85D788C5653E05B4F29270B8DF341D`
`.pdata`	`0x00027000`	5,328 bytes	5,632 bytes	4.96 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`1252BFCC9302677CCF4402EEC725FAC5`
`_RDATA`	`0x00029000`	348 bytes	512 bytes	2.81 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`0CA84FFF7A617E0CB641C4443BCC0E0D`
`.rsrc`	`0x0002a000`	6,936 bytes	7,168 bytes	4.81 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`4044C854F84609FDAD18B37EE70E853E`

Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 5 (6,575 bytes)

Resource Type	Count	Total Size	Percentage
RT_ICON	2	5,392 bytes	82%
RT_GROUP_ICON	1	34 bytes	0.5%
RT_VERSION	1	768 bytes	11.7%
RT_MANIFEST	1	381 bytes	5.8%

Certificate Chain Analysis

▼

Certificate Information

Product	HelixNative KeyGen
Description	HelixNative KeyGen
File Version	4.1.0.1
Original Name	HelixNative_KeyGen.exe
Verification Status	A certificate chain could not be built to a trusted root authority.
Internal Name	HelixNative_KeyGen.exe
Copyright	Copyright (C) 2022

✓ This file has been digitally signed and the certificate chain has been verified

The signature ensures file integrity and authenticity from the publisher
Timestamping proves when the signature was applied

Certificate Verification Status

Chain verification from CN=R2R, O=R2R, C=JP (serial:-124693743733297935284415478778265267506, sha1:004d47889e493832b4fe1db48e95ba7c0dcaa83a) failed: Unable to build a validation path for the certificate "Common Name: R2R, Organization: R2R, Country: JP" - no issuer matching "Common Name: R2RCA" was found

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

5 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1