ScreenShot
| Created | 2025.04.05 01:35 | Machine | s1_win7_x6401 |
| Filename | Crack.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 49 detected (Hacktool, tpR4, Malicious, score, Dupatcher, FilePatcher, Unsafe, Save, grayware, confidence, 100%, high confidence, Patcher, AD potentially unsafe, FileRepMalware, Misc, Tool, Crack, CLASSIC, Real Protect, moderate, Generic Patcher, Static AI, Suspicious PE, Detected, T@8rlo7s, EWQQ, possible, Threat, PE04C9V, susgen, GamePatcher) | ||
| md5 | 5610bd76aebbe70fdbd92d1908374d79 | ||
| sha256 | 236ccfdedb487ebc691dd8f9bd2c5c10f549fc90d323e7cfbda4953bd13649c3 | ||
| ssdeep | 3072:qMk+lJCG7Acqej690z4RlkoxU5MiUzyp0bj4Zl+Z9l3/8lF7+nN/tuGGQbWPJ:qu7lq1u474VUzypdrQWFiptmQK | ||
| imphash | dc73a9bd8de0fd640549c85ac4089b87 | ||
| impfuzzy | 6:9O1Z/OzzLWPA+m/ERGDi3X1BJAEdBXz6x4PWE5fA2YXz:9O1ZGzMcDq9AIY4wXz | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| notice | A process attempted to delay the analysis task. |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | Checks if process is being debugged by a debugger |
| info | One or more processes crashed |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x402000 DeleteFileA
0x402004 ExitProcess
0x402008 FindResourceA
0x40200c FreeLibrary
0x402010 GetModuleHandleA
0x402014 GetProcAddress
0x402018 GetTempPathA
0x40201c LoadLibraryA
0x402020 LoadResource
0x402024 RtlMoveMemory
0x402028 SizeofResource
0x40202c VirtualAlloc
0x402030 lstrcatA
0x402034 CloseHandle
0x402038 CreateFileA
0x40203c FlushFileBuffers
0x402040 WriteFile
EAT(Export Address Table) is none
kernel32.dll
0x402000 DeleteFileA
0x402004 ExitProcess
0x402008 FindResourceA
0x40200c FreeLibrary
0x402010 GetModuleHandleA
0x402014 GetProcAddress
0x402018 GetTempPathA
0x40201c LoadLibraryA
0x402020 LoadResource
0x402024 RtlMoveMemory
0x402028 SizeofResource
0x40202c VirtualAlloc
0x402030 lstrcatA
0x402034 CloseHandle
0x402038 CreateFileA
0x40203c FlushFileBuffers
0x402040 WriteFile
EAT(Export Address Table) is none