Scribd
Upload
166 views5 pages

UltraISO Premium Edition's Malware Analysis Report (Anubis)

This analysis report summarizes the behavior of the KeyGen.exe file. It accessed registry values and memory mapped files. It also created mutexes. When run, it displayed a popup window with registration information. The file terminated normally with no errors.

Uploaded by

Jessica Lewis
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
166 views5 pages

UltraISO Premium Edition's Malware Analysis Report (Anubis)

This analysis report summarizes the behavior of the KeyGen.exe file. It accessed registry values and memory mapped files. It also created mutexes. When run, it displayed a popup window with registration information. The file terminated normally with no errors.

Uploaded by

Jessica Lewis
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Anubis - Analysis Report

Analysis Report for KeyGen.exe


MD5: 55c8c0b31dbc9bfbf678d1c8cb9ee081

International Secure Systems Lab


Vienna University of Technology , Eurecom France , UC Santa Barbara
Contact: [email protected]

Dependency overview:
KeyGen.exe

C:\KeyGen.exe

Analysis reason: Primary Analysis Subject

Table of Contents:
1. General Information.............................................................................................................................................................................................. 4
2. KeyGen.exe...........................................................................................................................................................................................................4
a) Registry Activities............................................................................................................................................................................................. 5
b) File Activities.................................................................................................................................................................................................... 5
c) Other Activities................................................................................................................................................................................................. 5

Analysis Report for KeyGen.exe - submitted on 02/11/14, 20:22:04 UTC

1. General Information
Information about Anubis' invocation
Time needed:

33 s

Report created:

02/11/14, 20:22:04 UTC

Termination reason:

All tracked processes have exited

Program version:

1.76.3886

2. KeyGen.exe
General information about this executable
Analysis Reason:

Primary Analysis Subject

Filename:

KeyGen.exe

MD5:

55c8c0b31dbc9bfbf678d1c8cb9ee081

SHA-1:

4517a397c5aa1b72ba8d85234d53799aecdbc8e6

File Size:

29696

Command Line:

"C:\KeyGen.exe"

Process-status at analysis end:

dead

Exit Code:

Load-time Dlls
Module Name

Base Address

Size

C:\WINDOWS\system32\ntdll.dll

0x7C900000

0x000AF000

C:\WINDOWS\system32\kernel32.dll

0x7C800000

0x000F6000

Module Name

Base Address

Size

C:\WINDOWS\system32\UxTheme.dll

0x5AD70000

0x00038000

C:\WINDOWS\system32\MSCTF.dll

0x74720000

0x0004C000

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CommonControls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.DLL

0x773D0000

0x00103000

C:\WINDOWS\system32\msvcrt.dll

0x77C10000

0x00058000

C:\WINDOWS\system32\ADVAPI32.dll

0x77DD0000

0x0009B000

C:\WINDOWS\system32\RPCRT4.dll

0x77E70000

0x00092000

C:\WINDOWS\system32\GDI32.dll

0x77F10000

0x00049000

C:\WINDOWS\system32\SHLWAPI.dll

0x77F60000

0x00076000

C:\WINDOWS\system32\Secur32.dll

0x77FE0000

0x00011000

C:\WINDOWS\system32\user32.dll

0x7E410000

0x00091000

Run-time Dlls

Popups
Window Name

Window Text

Screenshot

UltraISO KeyGen

#101 for Premium Edition v9.x Retail


Registration Name: Registration Code:
OnLyOnE 6F33-A49B-2B75-5080 Generation:
[uikey.ini] Make File RegCode Language:
English

http://anubis.iseclab.org/

Number of Displayed
Times
1

Page 4 of 5

Analysis Report for KeyGen.exe - submitted on 02/11/14, 20:22:04 UTC

2.a) KeyGen.exe - Registry Activities


Registry Values Read:
Key

Name

Value

Times

HKLM\SOFTWARE\Microsoft\CTF\SystemShared\

CUAS

HKLM\Software\Microsoft\Windows NT\CurrentVersion\
Windows

AppInit_DLLs

HKLM\Software\Policies\Microsoft\Windows\Safer\
CodeIdentifiers

TransparentEnabled

1
1

HKLM\System\CurrentControlSet\Control\Terminal Server TSAppCompat

HKLM\System\CurrentControlSet\Control\Terminal Server TSUserEnabled

HKU\S-1-5-21-842925246-1425521274-308236825-500\
Keyboard Layout\Toggle

Language Hotkey

HKU\S-1-5-21-842925246-1425521274-308236825-500\
Keyboard Layout\Toggle

Layout Hotkey

2.b) KeyGen.exe - File Activities


File System Control Communication:
File

Control Code

Times

C:\Program Files\Common Files\

0x00090028

Memory Mapped Files:


File Name
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.DLL
C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\imm32.dll

2.c) KeyGen.exe - Other Activities


Mutexes Created:
CTF.Asm.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500
CTF.Compart.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500
CTF.LBES.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500
CTF.Layouts.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500
CTF.TMD.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500
CTF.TimListCache.FMPDefaultS-1-5-21-842925246-1425521274-308236825-500MUTEX.DefaultS-1-5-21-842925246-1425521274308236825-500
MSCTF.Shared.MUTEX.IFG

Windows SEH exceptions:


Description

Times

Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at


0x401b7f

http://anubis.iseclab.org/

Page 5 of 5

You might also like