1. Deleted User

    OP Deleted User Newbie

    I've been pirating paid software from a certain trusted site. From this site I've downloaded Spine2D, FLStudio, Photoshop (the most recent version at the time), Sony Vegas, MalwareBytes, Corel Suites, and a long etc.

    I now want to use Sketchbook 2018 Enterprise, and it comes with a KeyGen (I've used some for Corel Products) and Windows Defender as well as Chrome are telling me that the file is dangerous.
    Of course, everything I've used in the past is potentially dangerous.
    But I was wondering just now, if there's any way to really SEE or TEST if a Keygen is dangerous or not.

    Do anyone of you knows a way to "Test the Keygen.exe" to see if it has viruses or not?
     
  2. Arras

    Arras GBAtemp Guru
    Member

    Joined:
    Sep 14, 2010
    Messages:
    6,266
    Country:
    Netherlands
    you could try uploading it to https://www.virustotal.com/#/home/upload . A lot of keygens will trigger false positives, just by being a keygen. If the virus information only shows "dangerous software > Keygen" or something, it's probably safe.
     
    E1ite007 likes this.
  3. Deleted User

    OP Deleted User Newbie

    I've already tried with it.
    But when I choose the Keygen to be uploaded to the site, a window appears telling me:
    "Can't open this file as it contains Viruses or Malware"
    Captura de pantalla (2).png
     
    Last edited Jan 14, 2019
  4. Arras

    Arras GBAtemp Guru
    Member

    Joined:
    Sep 14, 2010
    Messages:
    6,266
    Country:
    Netherlands
    Try in a different browser then.
     
  5. KleinesSinchen

    KleinesSinchen GBAtemp's backup reminder + fearless testing Sina
    Member

    Joined:
    Mar 28, 2018
    Messages:
    1,826
    Country:
    Germany
    Other than a real malware analysis, which only an expert can do, there is no fully reliable method of telling if a file is malicious. Besides… cracking the malware scanner on your system is not very smart in my opinion. The attribute “trusted” for a site that distributes illegal copies sounds a bit odd.
    • Simply running the file on a virtual machine → Malware may behave innocent.
    • Simply running the file on a VM → (unlikely for malware in the wild, but possible) Malware might infect the host system with a VM-escape exploit.
    • Running the file on a test computer → You may not see the malicious behavior at first. It may wait for X minutes/hours/days or only start if certain condition(s) is/are met. [Wikipedia: Stuxnet]
    • Automated software can’t reliably detect unknown malware.
    On the other side: Many scanners treat keygens/cracks… cross-the-board as malicious. You get heuristic hits often (“heu-”, “gen-”, “generic-” in the name). This only adds to the uncertainty and is – in my opinion – a try to discourage people from using “pirating tools”.

    My position on this:

    Best idea: Don’t use such things at all.

    Second best idea: Use a permanently offline secondary computer. Create a backup image for the case some malware infects the system and makes it unusable.
    There is still a (smaller) risk of infecting your main computer when transferring files with USB devices from the dummy PC.
     
  6. Joom

    Joom  ❤❤❤
    Member

    Joined:
    Jan 8, 2016
    Messages:
    5,316
    Country:
    United States
    Keygens are typically marked malicious because they tend to be packed with UPX, and use other anti-RE methods. If you want to find out if one is malicious, you can use a site like Hybrid Analysis. If you'd like to do it locally, you can use Sandboxie, Komodo Firewall, and PE Explorer.
     
    E1ite007 and pustal like this.
  7. RattletraPM

    RattletraPM GBATemp's official 蒸気イーブイ
    Member

    Joined:
    Jan 18, 2017
    Messages:
    897
    Country:
    Italy
    As @KleinesSinchen said, there's no real answer other than getting your hands dirty with a lengthy and difficult analysis of the executable and/or watching its behaivor in a contained environment. Online scanners such as VirusTotal and heuristics can sometimes give you an idea if what you're using is good or not but most times they're misleading. In the end, if you want to stay safe then the best possible thing you can do is to not use cracks or keygens at all.

    If for whatever reason you still want to do so, follow the internet's golden rule: trust your gut. Avoid blogs and channels offering cracked software. Don't download warez from Youtube videos. Repeat after me, don't download warez from Youtube videos. Try to avoid direct downloads and stick to P2P networks (it's easy for someone to infect an executable to redestribute malware using a centralized network, while unless the file was already bad to begin with, multiple sources with hash checking as well as other measures will prevent a malicious user from modifying files on P2P ones). Stick to the well-known sources and websites. If possible, get an invite to private trackers/servers as they usually require users to keep a good upload quota in order to download files so everyone is incentivized to share good stuff. Finally, if you're downloading from public sources, check if there's a SFV or other types of hashes available for whatever you've downloaded to see if it's been tampered with (and don't just trust the one that was bundled with your files, check on Pastebin and Google around so you have more than one source just to be safe).

    Lastly, if you still want to go through the analyzing process yourself then you could use a VM/sandboxing software but I'd highly recommend getting a cheap junker PC to test your stuff on: not only you won't have to worry about the malware escaping the sandboxing environment anymore (as long as you keep that PC offline and be very mindful about handling USB drives you plug into it) but some badware could detect whether if they're inside a VM (ex. by checking known virtual device names/IDs) and not do anything to make them look safe - something much harder to accomplish on bare metal with real devices.
     
  8. Deleted User

    OP Deleted User Newbie

    Woah, this is much more complex than I thought.
    Thanks for the advices!
     
  9. Zaphod77

    Zaphod77 GBAtemp Advanced Fan
    Member

    Joined:
    Aug 25, 2015
    Messages:
    625
    Country:
    United States
    Here's the truth.

    1) antiviruses have been intentionally flagging cracks and keygens for ages. This is a fact. This started way back when McAffee would say that anything named keygen.exe was infected, and was uncleanable so it had to be deleted. They had to stop that particular stunt when it was discovered. The more honest ones will actually tell you it got flagged because it's a crack or keygen. (Hacktool.Gendows anyone?). In my opinion detecting a crack as a crack is a useful thing to do. After all, you don't want pirated software on a work computer, and can get your company into serious trouble that way. I have no quarrel with an antivirus/antimalware that detects a a crack or keygen as a crack or keygen, and classifies it as a potentially unwanted program.

    2) cracks and keygens have had viruses in the past for real. This is also a fact. Sometimes it was put there by the cracker intentionally, and sometimes it was added in after the fact by someone else. Scene release groups do NOT put viruses in their cracks on purpose, and any releases that did actually have viruses would be nuked. This means that an antivirus detecting cracks as viruses can actually protect people, even if it can't actually detect the virus hidden in it. This is part of why antiviruses like to flag cracks.

    3) cracks often need to inject into processes to work. So does malware. Thus, unless they are whitelisted specifically, they tend to trip heuristics. Eventually someone submits a false positive report, and the antivirus program writer investigates.

    4) cracks often pack the executable, and have anti reverse engineering stuff to try to stop the software companies from figuring out how they did it. Again, so does malware, so this also trips heuristics. Again, a false positive report gets filed, and some qualified employee investigates. Sometimes hoofbeats do mean zebras.

    This is also why scene releases are contained in an ISO, and have a crack directory. By placing the file that's likely to trip false positives on a read only media, it guarantees that you can whitelist it while it's on a read only source.

    The best way to be reasonably sure is to virustotal it. If most antiviruses detect something, it's almost certainly infected. if only a small number do, then it's most likely a heuristic false positive.
     
    Kraken_X likes this.
  10. Joom

    Joom  ❤❤❤
    Member

    Joined:
    Jan 8, 2016
    Messages:
    5,316
    Country:
    United States
    This thread is over a year old and this statement is demonstrably false. Never blindly trust VirusTotal results. It's very easy to encrypt malicious binaries in order to bypass AV detection. The best thing to do is what I suggested and do the heuristics sleuthing yourself. It's very easy to find out if something is actually malicious by just watching it run.
     
    E1ite007 likes this.
  11. Zaphod77

    Zaphod77 GBAtemp Advanced Fan
    Member

    Joined:
    Aug 25, 2015
    Messages:
    625
    Country:
    United States
    Not everyone has a handy sandbox to safely run untrusted binaries in.

    and not everyone can easily interpret hybrid-analyssis.

    so if you have a better idea for "how to tell if it's a false positive for dummies" i'm all for it. :)
     
  12. notimp

    notimp Well-Known Member
    Member

    Joined:
    Sep 18, 2007
    Messages:
    4,197
    Country:
    Laos
    The only holdback these days is diskspace. (30-50 GB) I run Parallels on a Macbook Air, I ran VMWare Fusion on a 10 year old Macbook Air (Win XP back then, but still full speed.).

    A Windows 10 Pro license can be had for 5 USD, and Virtualbox is free.

    Also the Windows XP virtual image back when I still used it was 10GB in size.
     
    Last edited by notimp, Jun 14, 2020
  13. Zaphod77

    Zaphod77 GBAtemp Advanced Fan
    Member

    Joined:
    Aug 25, 2015
    Messages:
    625
    Country:
    United States
    a legit windows 10 pro license for 5$? That seems.. suspicious.

    I've always thought that windows should give a convenient way to run an untrusted binary, but the home version of 10 still doesn't come with the sandbox.

    A sandbox is ideal for actually running a keygen in, as it should lockdown any malware contained within the generator. But once that becomes common said malware will start having code to try and escape the sandbox.

    This solution works specifically for keygens because you don't need to ever run it on the main computer. Even if it did have malware, it can still create a working key, which can then be used on the real computer.

    I do know how to get genuine windows 10 for free. But not how to do it in a virtual machine. That said even a non genuine winowos 10 in a virtual machine is useful for such testing.
     
    Last edited by Zaphod77, Jun 14, 2020
  14. notimp

    notimp Well-Known Member
    Member

    Joined:
    Sep 18, 2007
    Messages:
    4,197
    Country:
    Laos
    More than that, probably illegal. But with no harm falling on the enduser.

    Those licenses more often than not arent even 're-salvaged', old oem license, but mass activation licenses MS hasnt disabled, and that are getting abused.

    The issue for MS is the profit calculation here. They get more money off of their average user overall, by 'funneling' them through their legal ecosystem (stores (they get 30% off of every 'native' app you install through the app store), native ads, ecosystem lock in, advertising in general...). So what should they do with you?

    If they 'disable' your license retroactively, they both get fallout from the non abuse license users in every block, and they are causing, people that usually arent even that tech savey (those who just wanted 'cheap') additional issues, that might have them switch over to Android, or 'iPad', where none of this is an issue.

    MS pivoted their income model to 'service based' (as in not product based) a few years back (under Satya Nadella), and every day since then you as a user became more valuable to them while you were using their software - than you ever where, when they were still selling Windows.

    (Calculation there goes: Almost no people back then 'bought' Windows either. Most of their customers got 'a new Windows', when they got a new PC - those also where mass licenses to OEMs, which were heavily discounted compared to end consumer prices. And this was before they sold advertising and 'apps' to you.)

    So as a result as far as I know - they dont deactivate abused mass activation keys anymore. It just gets them bad press, and probably costs them money. Part of the calculation still is though, that you have a bad conscience.

    And you should have one, because OEM licenses were a profit center for smaller Computer stores. Luckily they still have 'support'. ;)

    So dont do it, if you dont have to (legit OEM licenses arent that much more expensive), but if you are strapped for money, or really, really dont like MS... (Worst case scenario, you are down 5 USD, and can try again five times? ;) )

    Now dont do that with other software licenses. I've literally seen ebay accounts selling 'activators' (basically cracks) as genuine office licenses f.e. Those are distributed 'for free' by their original creators, so don't be the sucker that pays for warez, because they wanted it cheap. Show some decency, be clever, not just cheap, and also pay for software, because most software houses arent Microsoft, cant make money on you by showing you OS level ads, or piggibacking for 30% off of other developers.

    So either be 'good' all the way. Or choose your battles. ;) Dont become 'why should I pay?' guy.

    That said - why should I pay more for Windows? ;) MS doesnt even seem to enforce any action against key reselling... ;)

    (Also, if they only have 'one windows version to support' for most of their customers, their cost structure, makes 'producing Windows' much less expensive. (Which is why they usually dont allow you anymore to turn off auto updating). And every new 'ad driven' scheme rolls out to a much much wider user base (because the non ad driven Windows (which they'd still had to support in the past) dies out faster), which they then can sell to advertisers as bigger numbers... :))
     
    Last edited by notimp, Jun 15, 2020
  15. Zaphod77

    Zaphod77 GBAtemp Advanced Fan
    Member

    Joined:
    Aug 25, 2015
    Messages:
    625
    Country:
    United States
    the trick is updating from an oem activated windows 7. daz loader and/or bios mods will do the trick. you will have a genuine windows 10 and it will even remove the loader for you.

    still works, still completely undetectable by MS, as they refuse to deactivate the OEM SLP keys for upgrading. (they could easily have demanded you enter your COA key, and yet they don't bother).

    if you do have an oem home edition of windows 7 that came with the computer, you can also upgrade it to ultimate first by entering your oems ultimate SLP key in windows anytime upgrade. I've always disconnected from the net before trying it, but not sure if it's needed.
     
    Last edited by Zaphod77, Jun 15, 2020
  16. linuxares

    linuxares I'm not a generous god!
    Moderator

    Joined:
    Aug 5, 2007
    Messages:
    7,821
    Country:
    Sweden
    notimp likes this.
  17. Zaphod77

    Zaphod77 GBAtemp Advanced Fan
    Member

    Joined:
    Aug 25, 2015
    Messages:
    625
    Country:
    United States
    yeah, if you have Pro.... it doesn't come with the base windows 10....

    i really think it should.
     
  18. notimp

    notimp Well-Known Member
    Member

    Joined:
    Sep 18, 2007
    Messages:
    4,197
    Country:
    Laos
    Uh, new and shiny. :) (Ok, a year old.. ;) ) Didnt know that was a thing, thanks.
     
    Last edited by notimp, Jun 17, 2020
    linuxares likes this.
  19. Captain_N

    Captain_N GBAtemp Advanced Maniac
    Member

    Joined:
    Mar 29, 2010
    Messages:
    1,857
    Country:
    United States
    Create a virtual machine and install your software. then,
    run the key gen in a virtual machine. Then see what it does. Make sure networking is disabled in that virtual machine as many malicious software is designed to translate through a local network. Since your already getting software, im sure you will have no problem getting something like vmware workstation.

    You can also upload the cracked files to online virus scanners to see what they say. All the anti-virus software will report the key gen exe as dirty. Norton is notorious for this.
     
Draft saved Draft deleted
Loading...

Hide similar threads Similar threads with keywords - Keygens, Viruses,