Home / malware PUA:Win32/Keygen
First posted on 15 February 2019.
Source: MicrosoftAliases :
PUA:Win32/Keygen is also known as not-a-virus:RiskTool.Win32.Patcher.dk, RDN/Generic PUP.z, a variant of Win32/HackTool.Patcher.AD potentially unsafe ap, Troj/Agent-WFN, HKTL_PATCH, Malware.UDM!4998, Gen:Trojan.Heur.FU.CuW@auufXUl, Trojan.Malcol.
Explanation :
Installation
This application can be downloaded from websites that offer third-party software downloads. For example, we have seen it downloaded from:
download802.fshare.vn download803.fshare.vn zima9h.storage.yandex.net download014.fshare.vn download009.fshare.vn
We have seen this application use the following file names:
vegas.pro.13.0.(64-bit)-patch.exe Patch.exe Crack07.29N.exe Sony Vegas Proexe patch.exe keygen.exe adobe.photoshop.cc-patch-painter.exe adobe.photoshop.cs6.beta-patch.exe nero.15.platinum.build.16.0.02900-patch.exe
It can be digitally signed by the following vendors:
Fullstuff.net Sokaris Oprogramowanie ADMIN@CRACK softxxoo AoRE Team
We have seen this application using product names such as:
Activator ProMod CODEX Language Changer TeamViewer v8.0.16642 Patch Trainer
This application communicates with domains such as:
www.statswhore.net www.eu-comm.de player4player.de bok.sokaris.com.pl www.update.sapio.pl
For example:
www.statswhore.net/promod/language/languages.txt www.statswhore.net/promod/language/German.xml www.statswhore.net/promod/0.9.15.0.1/promod.zip Payload
Installs other programs
We have seen this application install other software on your PC. Some of these applications might be bundled during the installation process and not intended to be installed. We have seen it installing programs such as:
Activation Windows 10 Office Audacity 2.1.0 Baidu Browser CPUID CPU-Z MSI 1.76 Call of Duty GamersFirst LIVE! Kevin TV Online 2.3 LG Mobile Driver LG On-Screen Phone
This description was published using automated analysis.Last update 15 February 2019