Hacktool Win32 Keygen False Positive

16-09-2021

Hacktool Win32 Keygen False Positive

HackTool.Win32.HackAV or not-a-virus:Keygen (or HackTool:Win32/Keygen (Microsoft Malware Protection Center)) is the definition from Kaspersky Labs for a program designed to assist hacking. These programs often contain the signatures of potential malware, that is not dangerous by itself, but can interfere with the work on a PC, or can be used by a hacker to get some personal information from a user's computer.

Dec 27, 2012 Microsoft Security Essentials brought up another warning about the HackTool:Win32/Keygen being active again. Here is the ComboFix.txt log: ComboFix 12-12-27.03 - ofallonp 18:02:03.1.4 - x64.
The tool itself is not harmful, but Hacktool:Win32/Keygen is often delivered together with malware. Therefore, users who have installed Hacktool:Win32/Keygen (or it has infiltrated without their consent) are very likely to have infected computers. As mentioned above, the Hacktool:Win32/Keygen tool allows users to 'crack' (illegally register.

I have scanned with Malwarebytes, adwcleaner, HitmanPro, and Zemana after following advice online and none of them find PUA:Win32/Keygen. Do you think it is a false positive? Any advise on what further action I should take gratefully received. Windows 10 Pro Version 2004 Build 19041.388.

According to the Microsoft Malware Protection Center, its first known detection goes back to July 16, 2009.^[1]^[2]

Behaviour[edit]

This riskware is able to create license keys for illegally downloaded, non-registered software. This kind of tool may appear differently, depending on what software the tool is designed to create a key for.^[1] The following security threats were most often found on PCs that have been related to these tools:

Win32/Obfuscator^[1]

Other aliases[edit]

RiskWare/HackAV (Fortinet)
Troj/Keygen (Sophos)
CRCK_KEYGEN or HKTL_HACKAV (Trend Micro)

Hacktool Win32 Keygen Dangerous