0

I have been using Windows Product Key Viewer for ages to read current Windows' serial number. I had never any hack- or virus-related issue about this application.

A few days ago I have installed Bitdefender and one my OneDrive started to download a number of files to my new computer, Bitdefender has blocked it from downloading Windows Product Key Viewer claiming that this is Application.Hacktool.AMZ kind of threat.

What exactly is this?

Is it a false-positive and Bitdefender assumes / calls this a hacktool because I can use it to... erh... "do some hacking" by revealing some other user's serial number for Windows and/or Office? Or is using Windows Product Key Viewer truly a security risk and someone else can use it to hack into my PC?

In other words, is _Windows Product Key Viewer a legit software or is it a backdoor?

I have tried to search the Internet, but got some inconclusive answers. F-Secure says:

A utility program that can give its user more access than is normally authorised

Malwarebytes claims that everything in their database that has hacktool. in the ID is a riskware in general.

So, is Windows Product Key Viewer / Application.Hacktool.AMZ a "dirty" utility or a risk?

trejder
  • 3,329
  • 5
  • 23
  • 33

2 Answers2

2

Microsofts rationale goes like this:

As long as a tool of the kind of you mention is not open source and it has not been compiled by yourself of a trusted party, you cannot know if it contains any backdoors besides the announced functionality.

Microsoft claims that they have seen many versions of the very tool you are mentioning which do contain backdoors.

This is why they consider it a potential danger, which isn't entirely unreasonable.

You may argue this holds true for any application which is distributed binary only, yet these key viewer / changer tools are a bit special in that

  • they usually need to run with pretty high privileges
  • because od the disputable legal implications, there is usually no proper author / company who would sign the binary and could be help responsible for any damages

In other words: Run at your own risk!

TorstenS
  • 818
  • 4
  • 9
  • Thank you for your answer. I am upvoting it. I will wait with the acceptance for possibly some other answer, because -- while your answer is perfectly correct -- it is a wide-range answer, while I was asking specifically about this particular software, given by name and by antivirus ID. – trejder Jun 27 '22 at 18:47
2

"Application.Hacktool" is a Potentially Unwanted Application (PUA) category. That is, although the binary in question is not malware (in the sense that it will do anything malicious without your knowledge or against your will), and can even useful in the right hands, system administrators may consider its presence undesirable on systems they are responsible for. Typical examples are RATs (remote administration tools), password crackers, license key generators and pentest tools.

Since there are legitimate uses for that sort of program, antivirus software normally has an option to exempt that entire category from quarantining, or to whitelist specific subcategories or individual programs.

The statement from Malwarebytes refers to the fact that this sort of program is also quite popular to hide actual malware in, because they are often not digitally signed, distributed through untrustworthy platforms, and hence difficult to protect against tampering. In that event however, an antivirus tool should ideally detect the actual malware instead of flagging the host application.

Tilman Schmidt
  • 871
  • 4
  • 7