Summary | ZeroBOX

Crack.exe

UPX PE32 PE File DLL
Category Machine Started Completed
FILE s1_win7_x6401 April 5, 2025, 1:32 a.m. April 5, 2025, 1:35 a.m.
Size 206.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 5610bd76aebbe70fdbd92d1908374d79
SHA256 236ccfdedb487ebc691dd8f9bd2c5c10f549fc90d323e7cfbda4953bd13649c3
CRC32 3650189B
ssdeep 3072:qMk+lJCG7Acqej690z4RlkoxU5MiUzyp0bj4Zl+Z9l3/8lF7+nN/tuGGQbWPJ:qu7lq1u474VUzypdrQWFiptmQK
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

1 1 0
Time & API Arguments Status Return Repeated

__exception__

stacktrace:
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x76f4d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x76f4d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x76f4c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x736ed4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75981d2a
LoadLibraryExA+0x26 FreeLibrary-0x18 kernelbase+0x11d7a @ 0x75981d7a
LoadLibraryA+0x31 HeapCreate-0x25 kernel32+0x14a08 @ 0x755c4a08
crack+0x1107 @ 0xfd1107
crack+0x1030 @ 0xfd1030
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 89 08 50 45 43 6f 6d 70 61 63 74 32 00 31 38 c4
exception.instruction: mov dword ptr [eax], ecx
exception.exception_code: 0xc0000005
exception.symbol: load_patcher-0x13 dup2patcher+0x20f6
exception.address: 0x741a20f6
registers.esp: 3994176
registers.edi: 3994388
registers.eax: 0
registers.ebp: 3994212
registers.edx: 32
registers.ebx: 1
registers.esi: 3994200
registers.ecx: 3994352
1 0 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

process_identifier: 2548
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00410000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x734c2000
process_handle: 0xffffffff
1 0 0
description Crack.exe tried to sleep 352 seconds, actually delayed analysis time by 352 seconds
file C:\Users\test22\AppData\Local\Temp\bassmod.dll
file C:\Users\test22\AppData\Local\Temp\dup2patcher.dll
file C:\Users\test22\AppData\Local\Temp\7CEB9B2A0E395BD64E74381485A106AF.dll
file C:\Users\test22\AppData\Local\Temp\7CEB9B2A0E395BD64E74381485A106AF.dll
file C:\Users\test22\AppData\Local\Temp\bassmod.dll
file C:\Users\test22\AppData\Local\Temp\dup2patcher.dll
section {u'size_of_data': u'0x00032e00', u'virtual_address': u'0x00004000', u'entropy': 7.8187846825210325, u'name': u'.rsrc', u'virtual_size': u'0x00032d9c'} entropy 7.81878468252 description A section with a high entropy has been found
entropy 0.990267639903 description Overall entropy of this PE file is high
Lionic Hacktool.Win32.Agent.tpR4
Cynet Malicious (score: 100)
CAT-QuickHeal Riskware.Dupatcher.A4
Skyhigh BehavesLike.Win32.FilePatcher.dc
ALYac Application.Generic.3899159
Cylance Unsafe
VIPRE Application.Generic.3899159
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/grayware_confidence_100% (W)
BitDefender Application.Generic.3899159
K7GW Trojan ( 0040f3a51 )
K7AntiVirus Trojan ( 0040f3a51 )
Arcabit Application.Generic.D3B7F17
Baidu Win32.Trojan.Generic.f
Symantec SMG.Heur!gen
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/HackTool.Patcher.AD potentially unsafe
Avast FileRepMalware [Misc]
SUPERAntiSpyware Hack.Tool/Gen-Crack
MicroWorld-eScan Application.Generic.3899159
Rising HackTool.Patcher!1.B3BB (CLASSIC)
Emsisoft Application.Generic.3899159 (B)
McAfeeD Real Protect-LS!5610BD76AEBB
Trapmine malicious.moderate.ml.score
CTX exe.hacktool.patcher
Sophos Generic Patcher (PUA)
SentinelOne Static AI - Suspicious PE
FireEye Generic.mg.5610bd76aebbe70f
Webroot W32.Hacktool.Gen
Google Detected
Antiy-AVL HackTool/Win32.Patcher.ad
Kingsoft Win32.HackTool.Keygen.v
Gridinsoft Hack.Win32.Patcher.sa
Xcitium Application.Win32.HackTool.Patcher.T@8rlo7s
Microsoft HackTool:Win32/Keygen
ViRobot Trojan.Win32.Agent.754688.B
GData Win32.Riskware.Patcher.E
Varist W32/Agent.EWQQ-1275
McAfee FilePatcher
DeepInstinct MALICIOUS
Malwarebytes Generic.Malware.AI.DDS
Ikarus possible-Threat.Hacktool.Patcher
Panda Trj/CI.A
TrendMicro-HouseCall Trojan.Win32.VSX.PE04C9V
MaxSecure Trojan.Malware.300983.susgen
Fortinet Riskware/GamePatcher
AVG FileRepMalware [Misc]
Paloalto generic.ml
alibabacloud HackTool:Win/Patcher.AF