Concrete signature match: Hack Tool - Tool used to exploit vulnerabilities for 32-bit Windows platform, family Keygen
This detection targets a key generator (keygen), classified as a HackTool. Keygens are utilized to illicitly generate license keys for commercial software, bypassing legitimate activation. Their presence indicates potential software piracy and carries a risk of being bundled with other malicious payloads.
Relevant strings associated with this threat: - Cracker Game. (PEHSTR) - XXX Virtual Sex. (PEHSTR) - Credit Card. (PEHSTR) - Hacker. (PEHSTR) - Norton Keygen. (PEHSTR) - Hotmail Hack. (PEHSTR) - ICQ Hack. (PEHSTR) - porn. (PEHSTR) - crack. (PEHSTR) - \Kazza (PEHSTR) - \Morpheus (PEHSTR) - \Grokster (PEHSTR) - \Bearshare (PEHSTR) - \Gnucleus (PEHSTR) - \Edonkey2000\Incoming (PEHSTR) - Keygen by PARADOX (PEHSTR) - Stop/Play Music (PEHSTR) - www.dayanzai.me (PEHSTR) - Corel Products Keygen (PEHSTR) - Software\ASProtect\Key (PEHSTR) - aspr_keys.ini (PEHSTR) - FastTracker v2.00 (PEHSTR) - ghidorah@musician.org (PEHSTR) - http://www.CollakeSoftware.com (PEHSTR) - Code and Keygen (PEHSTR_EXT) - GFX: kR8ViTy/CRO (PEHSTR_EXT) - com.embarcadero.EaseUS_DRW (PEHSTR_EXT) - EaseUS_DRW.exe (PEHSTR_EXT) - Corel Products Keygen (PEHSTR_EXT) - Keygen (PEHSTR_EXT) - \Corel\StubFramework\VSP (PEHSTR_EXT) - NCH Software Keygen (PEHSTR_EXT) - Keygen.exe (PEHSTR_EXT) - secure.nch.com.au (PEHSTR_EXT) - www.nchsoftware.com (PEHSTR_EXT) - 6Dis iz ToTo V.1 ... Dont worry ! Everything is Okey...2 (PEHSTR) - C:\WINDOWS\SYSTEM32\autoexec.nt2 (PEHSTR) - 0@COPY C:\WINDOWS\svhost.bak C:\WINDOWS\Adobe.exe (PEHSTR) - MSN_Hacker_v3.exe (PEHSTR) - Windows_Vista_Activation.exe (PEHSTR) - Windows_Vista_Crack.exe (PEHSTR) - Nero_7_Keygen.exe (PEHSTR) - Yahoo_Hacker_V2.exe (PEHSTR) - NAV_2006_Keygen.exe (PEHSTR) - Office_2007_Crack.exe (PEHSTR) - Visual_Studio_2005_Crack.exe (PEHSTR) - Hotmail_Hack_V1.exe (PEHSTR) - C:\Program Files\eMule\Incoming\ (PEHSTR) - !C:\Program Files\Kazaa\My Shared\ (PEHSTR) - /C:\Program Files\StreamCast\Morpheus\My Shared\ (PEHSTR) - %s\%s\calc.cfg (PEHSTR_EXT) - %s\%s\calc.exe (PEHSTR_EXT) - %s - NoCD Crack KeyGen.exe (PEHSTR_EXT) - %s Crack Patch Serial Keygen.exe (PEHSTR_EXT) - %s + CRACK + NOCD.exe (PEHSTR_EXT) - %s + CRACK + ACTIVATOR.EXE (PEHSTR_EXT) - %s keygen crack patch.exe (PEHSTR_EXT) - %s_crack_keygen.exe (PEHSTR_EXT) - root\CIMV2 (PEHSTR_EXT) - norwich.net (PEHSTR_EXT) - BKT/BRD (PEHSTR_EXT) - KMS Keygen (PEHSTR) - Office 2010 Toolkit.pdb (PEHSTR) - password stealer.exe (PEHSTR) - Kama Sutra Tetris.exe (PEHSTR) - XXX Porn Passwords.exe (PEHSTR) - cute girl giving head.exe (PEHSTR) - Counter Strike CD Keygen.exe (PEHSTR) - play station emulator crack.exe (PEHSTR) - Keygen (PEHSTR) - KeygenLayer (PEHSTR) - RIPPGrazey / PHF (PEHSTR) - CONVGrazey / PHF (PEHSTR) - keygenned by ice/BRD (PEHSTR_EXT) - - Keygen by BRD (PEHSTR_EXT) - rarreg.key (PEHSTR_EXT) - keygen (PEHSTR_EXT) - kentpw@norwich.net (PEHSTR_EXT) - keygen.exe (PEHSTR) - eygen.exe (PEHSTR) - R2RS1KG2.dll (PEHSTR) - BASSMOD.dll (PEHSTR) - bgm.xm (PEHSTR) - StudioOne KeyGen (PEHSTR) - hsp3debug.dll (PEHSTR) - Ableton 10 KeyGen (PEHSTR) - Traktor Pro 3 KeyGen (PEHSTR) - Native Instruments KeyGen (PEHSTR) - \nero8x\Release\keygen.pdb (PEHSTR) - get_DP_Keygen (PEHSTR_EXT) - keygen (PEHSTR) - http://www.cobans.net (PEHSTR) - -|| Keygen by AXiS^FiGHTiNG FOR FUN (PEHSTR_EXT) - HSKeygen (PEHSTR_EXT) - High-Society Keygen (PEHSTR_EXT) - 5/A^wH (SNID) - 2@v[.& (SNID) - .N|zT (SNID) - x.|(C) (SNID) - `Q\%@] (SNID) - #1[7/ (SNID) - keygen.dll (PEHSTR) - activate.adobe.com (PEHSTR) - keygen.exe (PEHSTR_EXT) - NewBot.Loader (PEHSTR_EXT) - System.Security.Cryptography (PEHSTR_EXT) - set_UseShellExecute (PEHSTR_EXT) - !#HSTR:StringCodeForMshta.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.C!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.D!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.L!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.O!pli (PEHSTR_EXT) - !#HSTR:StringCodeForRegsvr32.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForRundll32.A!pli (PEHSTR_EXT) - rundll32 (PEHSTR_EXT) - !#HSTR:StringCodeForBITSJobs.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForPowerShell.G!pli (PEHSTR_EXT) - !#HSTR:StringCodeForScheduledTask.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForDataEncoding.D!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.J!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.K!pli (PEHSTR_EXT) - !#HSTR:StringCodeForRemoteFileCopy.B!pli (PEHSTR_EXT) - !#HSTR:ExecutionGuardrails (PEHSTR_EXT) - !#HSTR:StringCodeForFileDeletion.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.M!pli (PEHSTR_EXT) - !#HSTR:StringCodeForNetshHelperDLL.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForRemoteServices.A!pli (PEHSTR_EXT)
rule HackTool_Win32_Keygen_2147593794_0
{
meta:
author = "threatcheck.sh"
detection_name = "HackTool:Win32/Keygen"
threat_id = "2147593794"
type = "HackTool"
platform = "Win32: Windows 32-bit platform"
family = "Keygen"
severity = "24"
signature_type = "SIGNATURE_TYPE_PEHSTR"
threshold = "4"
strings_accuracy = "High"
strings:
$x_3_1 = "Keygen by PARADOX" ascii //weight: 3
$x_1_2 = "Stop/Play Music" ascii //weight: 1
$x_1_3 = "Generate CD-Key" ascii //weight: 1
condition:
(filesize < 20MB) and
(
((1 of ($x_3_*) and 1 of ($x_1_*))) or
(all of ($x*))
)
}0c10769b277cf217dae2877ecd476e70413907f4eb7a70de55c2fba4edc947eaImmediately quarantine and remove the detected file. Users should avoid downloading or executing cracked software or hack tools, ensuring all software is obtained from legitimate sources. Perform a full system scan to check for any associated threats.