Manalyze report for 4508be5588e5f7f8c1517a7526744208

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-May-17 10:54:24
Detected languages	English - United States Russian - Russia
CompanyName	WhiteDeath
FileDescription	Crack for Acrobat DC x64
FileVersion	`1.0.0.0`
InternalName	Crack for Acrobat DC x64
OriginalFilename	crack.exe
LegalCopyright	WhiteDeath
ProductName	Crack for Acrobat DC x64
ProductVersion	`1.0.0.0`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++` `Microsoft Visual C++ v6.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: %Temp%`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Possibly launches other programs: ShellExecuteW CreateProcessW` `Can create temporary files: CreateFileW GetTempPathW` `Functions related to the privilege level: CheckTokenMembership` `Enumerates local disk drives: GetDriveTypeW` `Can take screenshots: CreateCompatibleDC GetDC`
Suspicious	The PE header may have been manually modified.	`The resource timestamps differ from the PE header: 2022-Feb-27 13:37:44 2025-Aug-14 13:26:18`
Suspicious	The file contains overlay data.	`19775936 bytes of data starting at offset 0x73600.` `The overlay data has an entropy of 7.987 and is possibly compressed or encrypted.` `Overlay data amounts for 97.6661% of the executable.`
Malicious	VirusTotal score: 24/71 (Scanned on 2024-09-25 13:12:48)	`Antiy-AVL: HackTool/Win64.Crack` `CAT-QuickHeal: Trojan.Riskware` `CTX: exe.hacktool.crack` `ClamAV: Win.Virus.Zard-10032708-0` `CrowdStrike: win/grayware_confidence_100% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `Elastic: malicious (moderate confidence)` `Gridinsoft: Trojan.Win32.Agent.cl` `Ikarus: PUA.HackTool.Crack` `Jiangmin: WebToolbar.Asparnet.aey` `K7AntiVirus: Riskware ( 00584baa1 )` `K7GW: Riskware ( 00584baa1 )` `Lionic: Hacktool.Win32.Crack.3!c` `Malwarebytes: CrackTool.Agent` `MaxSecure: Trojan.Malware.3411146.susgen` `McAfee: Artemis!4508BE5588E5` `McAfeeD: ti!E7D7CD001F10` `Microsoft: HackTool:Win32/crack` `Panda: PUP/Crack` `Rising: Hacktool.Crack!8.38F (CLOUD)` `Skyhigh: Artemis` `Sophos: CrackTool (PUA)` `Webroot: W32.Malware.Gen`

Hashes

MD5	`4508be5588e5f7f8c1517a7526744208`
SHA1	`2ae3797a9f4152b43569ab514173d874b34f8882`
SHA256	`e7d7cd001f10599a4c61de3d91526d1b28bb455d9b188f04cb81bb93ed74b972`
SHA3	`b959a51b4ab1e08647f55a8fd1100eb959d399bbd6e2605e9d66ecd5b3395bab`
SSDeep	`393216:iSLIty441U1bAVA6FNP32J418bFxLvHKqsvingKYTiDrzRcobSOZNdMbV2Y:Cty3UBaOZZZvqLingB6rVxbxi`
Imports Hash	`1d1577d864d2da06952f7affd8635371`

DOS Header

e_magic	`MZ`
e_cblp	`0x60`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x60`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2012-May-17 10:54:24
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x13200`
SizeOfInitializedData	`0x60200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0001383F (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x15000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x79000`
SizeOfHeaders	`0x200`
Checksum	`0x73b7c`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`243d0617d8788131a6a913655dd94132`
SHA1	`6108d387c7062792b89b49af447f24aafc78c343`
SHA256	`4557dbe418689b9ec852245651c963f1212278076263aac937c4abdbf12476c4`
SHA3	`04e30ffdcac208d482e9272a1f8f0ff3dec321ea93e58c3cc37977f9d7e69c66`
VirtualSize	`0x13100`
VirtualAddress	`0x1000`
SizeOfRawData	`0x13200`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.61576`

.rdata

MD5	`ef9b5d5552149e0a8d1000ee22204a8b`
SHA1	`ffcc9af4118346708825d39e90ee5a2195674914`
SHA256	`b909c7d1d9b5eb783905f863f359fe2745f5d7533045e7ef5560c6c5d0bef588`
SHA3	`7a1e33ed56a7a4f6e5d7bbac92055191871c0a359432554e93e38eb86099ef68`
VirtualSize	`0x3560`
VirtualAddress	`0x15000`
SizeOfRawData	`0x3600`
PointerToRawData	`0x13400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.58681`

.data

MD5	`ce9195bc96f65911ce6f50b1e7e978fe`
SHA1	`1306d8ed7b1d035ac869b72fe2d766d0f4a46a4c`
SHA256	`289a1004cf3357be02d4a203e1363b6ee51daeee8c95fa24f0e3c4f9c1039dce`
SHA3	`3aa22140d228ded0668a797b3749d6190e065fed82b93414146e07d318166802`
VirtualSize	`0x29ec`
VirtualAddress	`0x19000`
SizeOfRawData	`0x800`
PointerToRawData	`0x16a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.82263`

.rsrc

MD5	`d9bd31e2aeb29b9481a8e5c3236f0bad`
SHA1	`368b004783665cbe84537d4d872a615a41f46480`
SHA256	`2d2a95c6de77acb888493c0ec4b6ac9232a6fbf1095eadcbe0fb696a3a740157`
SHA3	`b005524e569d112629859cbb14fe90356434b08466979e3673cd70928f946a82`
VirtualSize	`0x5c356`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x5c400`
PointerToRawData	`0x17200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.4799`

Imports

COMCTL32.dll	`#17`
SHELL32.dll	`SHGetSpecialFolderPathW` `ShellExecuteW` `SHGetMalloc` `SHGetPathFromIDListW` `SHBrowseForFolderW` `SHGetFileInfoW` `ShellExecuteExW`
GDI32.dll	`CreateCompatibleDC` `CreateFontIndirectW` `DeleteObject` `DeleteDC` `GetCurrentObject` `StretchBlt` `GetDeviceCaps` `CreateCompatibleBitmap` `SelectObject` `SetStretchBltMode` `GetObjectW`
ADVAPI32.dll	`FreeSid` `AllocateAndInitializeSid` `CheckTokenMembership`
USER32.dll	`GetMenu` `SetWindowPos` `GetWindowDC` `ReleaseDC` `CopyImage` `GetKeyState` `GetWindowRect` `ScreenToClient` `GetWindowLongW` `SetTimer` `GetMessageW` `DispatchMessageW` `KillTimer` `DestroyWindow` `EndDialog` `SendMessageW` `wsprintfW` `GetClassNameA` `GetWindowTextW` `GetWindowTextLengthW` `GetSysColor` `wsprintfA` `SetWindowTextW` `CreateWindowExW` `GetDlgItem` `GetClientRect` `SetWindowLongW` `UnhookWindowsHookEx` `SetFocus` `GetSystemMetrics` `SystemParametersInfoW` `ShowWindow` `DrawTextW` `GetDC` `ClientToScreen` `GetWindow` `DialogBoxIndirectParamW` `DrawIconEx` `CallWindowProcW` `DefWindowProcW` `CallNextHookEx` `PtInRect` `SetWindowsHookExW` `LoadImageW` `LoadIconW` `MessageBeep` `EnableWindow` `IsWindow` `EnableMenuItem` `GetSystemMenu` `wvsprintfW` `CharUpperW` `MessageBoxA` `GetParent`
ole32.dll	`CreateStreamOnHGlobal` `CoCreateInstance` `CoInitialize`
OLEAUT32.dll	`SysAllocString` `VariantClear` `OleLoadPicture`
KERNEL32.dll	`SetFileTime` `SetEndOfFile` `EnterCriticalSection` `DeleteCriticalSection` `GetModuleHandleA` `LeaveCriticalSection` `WaitForMultipleObjects` `ReadFile` `SetFilePointer` `GetFileSize` `FormatMessageW` `lstrcpyW` `LocalFree` `IsBadReadPtr` `GetSystemDirectoryW` `GetCurrentThreadId` `SuspendThread` `TerminateThread` `InitializeCriticalSection` `ResetEvent` `SetEvent` `CreateEventW` `GetVersionExW` `GetModuleFileNameW` `GetCurrentProcess` `SetProcessWorkingSetSize` `SetCurrentDirectoryW` `GetDriveTypeW` `CreateFileW` `GetCommandLineW` `GetStartupInfoW` `CreateProcessW` `CreateJobObjectW` `ResumeThread` `AssignProcessToJobObject` `CreateIoCompletionPort` `SetInformationJobObject` `GetQueuedCompletionStatus` `GetExitCodeProcess` `CloseHandle` `SetEnvironmentVariableW` `GetTempPathW` `GetSystemTimeAsFileTime` `lstrlenW` `CompareFileTime` `SetThreadLocale` `FindFirstFileW` `DeleteFileW` `FindNextFileW` `FindClose` `RemoveDirectoryW` `ExpandEnvironmentStringsW` `WideCharToMultiByte` `VirtualAlloc` `GlobalMemoryStatusEx` `lstrcmpW` `GetEnvironmentVariableW` `lstrcmpiW` `lstrlenA` `GetLocaleInfoW` `MultiByteToWideChar` `GetUserDefaultUILanguage` `GetSystemDefaultUILanguage` `GetSystemDefaultLCID` `lstrcmpiA` `GlobalAlloc` `GlobalFree` `MulDiv` `FindResourceExA` `SizeofResource` `LoadResource` `LockResource` `LoadLibraryA` `ExitProcess` `lstrcatW` `GetDiskFreeSpaceExW` `SetFileAttributesW` `SetLastError` `Sleep` `GetExitCodeThread` `WaitForSingleObject` `CreateThread` `GetLastError` `SystemTimeToFileTime` `GetLocalTime` `GetFileAttributesW` `CreateDirectoryW` `WriteFile` `GetStdHandle` `VirtualFree` `GetModuleHandleW` `GetProcAddress` `GetStartupInfoA`
MSVCRT.dll	`??3@YAXPAX@Z` `??2@YAPAXI@Z` `memcmp` `free` `memcpy` `_controlfp` `_except_handler3` `__set_app_type` `__p__fmode` `__p__commode` `_adjust_fdiv` `__setusermatherr` `_initterm` `__getmainargs` `_acmdln` `exit` `_XcptFilter` `_exit` `??1type_info@@UAE@XZ` `_onexit` `__dllonexit` `_CxxThrowException` `_beginthreadex` `_EH_prolog` `?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z` `memset` `_wcsnicmp` `strncmp` `wcsncmp` `malloc` `memmove` `_wtol` `_purecall`

Delayed Imports

1

Type	`RT_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22992`
MD5	`2b185f3a5dc437afe193ac976b5d8c6c`
SHA1	`74de5bc5cf9ecd716290a984b646aa3d5879836d`
SHA256	`4abe6eb74417a00ce22d7df97a849366ca44c2b9edf01b82f5d4f55091c8fafa`
SHA3	`e71d9196a6cbd9f24dd8b028bd7419e2a03726b513db41924fbf09935e2231b2`

2

Type	`RT_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.85284`
MD5	`b51fe8b56d46bcce8d15456923576ec6`
SHA1	`2536dd239e01a28c293d9f5587011d1cce2710c3`
SHA256	`1d10bf658cef69c1be58ae06449187bf1702dfc4bd4a0b0b8a0a13ee5bb2f991`
SHA3	`10c99edf2dbba074ae051beb518a2cc2f52bd3667201abcb4e240e1d08cfc823`

3

Type	`RT_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.74729`
MD5	`36d6a1eeabee58314784d083eac47453`
SHA1	`902c4715e441a254f390418a748926fa60268d1c`
SHA256	`a4e74ba9850a4a285328f682ff3eb7fe4fcb0158163dc24bdb25cf83a3fdd7ea`
SHA3	`9dba4ea0bde819f64563e854ce1d420ac6212913f27d21887c73ebfea296bfdf`

4

Type	`RT_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.63424`
MD5	`294b8b407c075e5ce8fbabb590afb5ae`
SHA1	`bed9a59b264d796b16e4c28deec49c12369fc47b`
SHA256	`d782489aa6d7d6373d9ffcc41033701e89d8fb0479210d39ff778753f8d6a670`
SHA3	`97e0bb4be49c4508e85acde46c0fb413f47e1d6979e2290313c78a4b9425a8a3`

5

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	2025-Aug-14 13:26:18
Entropy	`4.74725`
MD5	`32e0c1e4ed7e3d84bd68c359a3c2f1bc`
SHA1	`6a9ce2ac6de3ee740510a51f5d8069e881600c2b`
SHA256	`2da7a0837918029dd021cd14f11c0ac7991e9bc5f0c1a90ff4687031ec8ef569`
SHA3	`736781520d908c2f0e5c2eabaf7c70346f2beb819c163b42b8fa489effa16583`

6

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	2025-Aug-14 13:26:18
Entropy	`4.93873`
MD5	`10e30a5ed6ff409ecbc6d5e0f2a048d1`
SHA1	`40a13a1db044abf86592db80ecdf70a024846831`
SHA256	`7c5f4d18c7537abb46f43d33dca6304d483f2369743282203264890a34874cd5`
SHA3	`a5b7f0fa89459cd0056a1a7a09944518ce22a4af08d234b1bf5eb4c48a0ae3e3`

7

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	2022-Feb-27 13:37:44
Entropy	`2.43635`
MD5	`d9b36f73c798e21656f1250384fafae3`
SHA1	`171b091bd8c647328dddfdf6d2c0727835629bae`
SHA256	`6504e00794feae03bc67e8942c974c4e22e2a5aec694fac4a710c666d5e924e1`
SHA3	`2d6a3d510ab5b98ede587d8c09dd2ad970ae30cd06c96c88fb62354e76a3e6e6`

8

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	2022-Feb-27 13:37:44
Entropy	`2.26732`
MD5	`08769e87feabe38699b81a5d770c93b9`
SHA1	`e4ff99db0b8531d773ef039a353011fd5044a7db`
SHA256	`83a9a13adb3b22f20f3fd046472e39e5172619cd3d0f89e48814e2b2b021dcbd`
SHA3	`71363ae6f6eeb03bb960c35f22b9302717c76e129ded74fa900d5604e87fbfd5`

101

Type	`RT_GROUP_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76511`
Detected Filetype	Icon file
MD5	`00856b2c7602d49d9a77bfeaaa164968`
SHA1	`9ab21099af4005142a7f25fccfb1e1a43fac3665`
SHA256	`204fcf5fcf7706236a0cc6b0778ae43a3b7a67558dfe712c505d79ca19a0c681`
SHA3	`7ee39398e74b577eecd988af1089ad9d98ab0c5a91667b68bb418ace95f89f00`

1 (#2)

Type	`RT_VERSION`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x2f4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3196`
MD5	`693895e520a7ef2ee02a2455a62a3c98`
SHA1	`375c6be1208863c0708bda974389a961c21b4535`
SHA256	`effabbfded55934de021b9bcccec37d611c5b01e8f4b8634e1b771f0e68f7262`
SHA3	`252b502141f681182c2a7bcb36cc14c36bba235a7ac07254670430271ac6a93d`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x346`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.23039`
MD5	`6502bb9952b4fc12f6b16fca85818b90`
SHA1	`c9f79f16e841331a44083fd89ee60c1eb3f9c41c`
SHA256	`ef4cabfb4f28961718f2a5a7618d798f473a4204071d9e4338c5c6ae8a6246c7`
SHA3	`90c759f5554af0d94e307965bf6630eb2d78c6d4f04614443ed673b04d14594f`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	Russian - Russia
CompanyName	WhiteDeath
FileDescription	Crack for Acrobat DC x64
FileVersion (#2)	1.0.0.0
InternalName	Crack for Acrobat DC x64
OriginalFilename	crack.exe
LegalCopyright	WhiteDeath
ProductName	Crack for Acrobat DC x64
ProductVersion (#2)	1.0.0.0

Resource LangID	Russian - Russia

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Tried to convert an invalid DosDate: 1645969064. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1645969064. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1645969064. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1645969064. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1645969064. Falling back to posix timestamp.
[*] Warning: Tried to convert an invalid DosDate: 1645969064. Falling back to posix timestamp.