c760bd81062f3428d2f8fa48782f6ddd
Summary
| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2018-May-21 01:49:42 |
| CompanyName | WhiteDeath & Co |
| FileDescription | Crack for Acrobat Pro x64 |
| FileVersion | 2.0.0.0 |
| InternalName | Crack for Acrobat Pro x64 |
| LegalCopyright | WhiteDeath & Co |
| OriginalFilename | crack.exe |
| ProductName | Crack for Acrobat Pro x64 |
| ProductVersion | 2.0.0.0 |
Plugin Output
| Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
|
| Info | Cryptographic algorithms detected in the binary: |
Uses constants related to SHA256
Uses constants related to AES |
| Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
| Suspicious | The PE header may have been manually modified. |
The resource timestamps differ from the PE header:
|
| Suspicious | The file contains overlay data. |
26580466 bytes of data starting at offset 0x84a00.
The overlay data has an entropy of 7.99999 and is possibly compressed or encrypted. Overlay data amounts for 97.9972% of the executable. |
| Malicious | VirusTotal score: 18/72 (Scanned on 2024-10-30 17:55:15) |
Bkav:
W64.AIDetectMalware
DeepInstinct: MALICIOUS ESET-NOD32: Win64/HackTool.Crack.DL potentially unsafe Elastic: malicious (high confidence) Fortinet: Riskware/Crack GData: Win64.Application.Agent.6K25TJ Google: Detected Ikarus: PUA.HackTool.Crack K7AntiVirus: Riskware ( 0040eff71 ) K7GW: Riskware ( 0040eff71 ) Malwarebytes: RiskWare.Crack McAfee: Artemis!C760BD81062F Microsoft: Program:Win32/Wacapew.C!ml Paloalto: generic.ml Skyhigh: Artemis Sophos: CrackTool (PUA) Symantec: ML.Attribute.HighConfidence alibabacloud: HackTool:Win/Crack.DE |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x60 |
| e_cp | 0x1 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x60 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections | 6 |
| TimeDateStamp | 2018-May-21 01:49:42 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xf0 |
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Image Optional Header
| Magic | PE32+ |
|---|---|
| LinkerVersion | 10.0 |
| SizeOfCode | 0x1fe00 |
| SizeOfInitializedData | 0x68e00 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x0000000000020360 (Section: .text) |
| BaseOfCode | 0x1000 |
| ImageBase | 0x140000000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 5.2 |
| ImageVersion | 0.0 |
| SubsystemVersion | 5.2 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x8c000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0x8b37e |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rdata
.data
.pdata
.rsrc
.reloc
Imports
| COMCTL32.dll |
#17
|
|---|---|
| SHELL32.dll |
ShellExecuteW
SHBrowseForFolderW ShellExecuteExW SHGetPathFromIDListW SHGetFileInfoW SHGetSpecialFolderPathW SHGetMalloc |
| GDI32.dll |
CreateCompatibleDC
CreateFontIndirectW DeleteObject DeleteDC GetCurrentObject StretchBlt GetDeviceCaps CreateCompatibleBitmap SelectObject SetStretchBltMode GetObjectW |
| ADVAPI32.dll |
FreeSid
AllocateAndInitializeSid CheckTokenMembership |
| USER32.dll |
GetSystemMenu
EnableMenuItem EnableWindow MessageBeep LoadIconW LoadImageW SetWindowsHookExW PtInRect CallNextHookEx DefWindowProcW CallWindowProcW DrawIconEx DialogBoxIndirectParamW GetWindow ClientToScreen GetDC DrawTextW SystemParametersInfoW SetFocus UnhookWindowsHookEx GetWindowLongPtrW SetWindowLongPtrW GetSystemMetrics GetClientRect GetDlgItem IsWindow CreateWindowExA MessageBoxA DestroyWindow GetSysColor SetWindowTextW GetWindowTextLengthW GetWindowTextW wsprintfA GetClassNameA GetWindowLongW GetMenu GetWindowDC ReleaseDC CopyImage GetParent ScreenToClient CreateWindowExW GetDesktopWindow wvsprintfW SetWindowPos SetTimer GetMessageW DispatchMessageW GetWindowRect CharUpperW SendMessageW ShowWindow BringWindowToTop wsprintfW MessageBoxW EndDialog SetWindowLongW GetKeyState KillTimer |
| ole32.dll |
CreateStreamOnHGlobal
CoInitialize CoCreateInstance |
| OLEAUT32.dll |
SysFreeString
VariantClear SysAllocStringLen OleLoadPicture SysAllocString |
| KERNEL32.dll |
ReadFile
SetFileTime SetEndOfFile VirtualAlloc VirtualFree GetFileInformationByHandle WaitForMultipleObjects SetFilePointer GetFileSize LeaveCriticalSection EnterCriticalSection DeleteCriticalSection FormatMessageW lstrcpyW LocalFree IsBadReadPtr GetSystemDirectoryW GetCurrentThreadId SuspendThread TerminateThread InitializeCriticalSection ResetEvent SetEvent CreateEventW GetVersionExW GetModuleFileNameW GetCurrentProcess SetProcessWorkingSetSize SetEnvironmentVariableW GetDriveTypeW CreateFileW LoadLibraryA SetThreadLocale GetSystemTimeAsFileTime ExpandEnvironmentStringsW CompareFileTime WideCharToMultiByte GetTempPathW GetCurrentDirectoryW GetEnvironmentVariableW lstrcmpiW GetLocaleInfoW MultiByteToWideChar GetUserDefaultUILanguage GetSystemDefaultUILanguage GetSystemDefaultLCID lstrcmpiA GlobalAlloc GlobalFree MulDiv FindResourceExA SizeofResource LoadResource LockResource GetProcAddress GetModuleHandleW FindFirstFileW lstrcmpW DeleteFileW FindNextFileW FindClose RemoveDirectoryW GetStdHandle WriteFile lstrlenA CreateDirectoryW GetFileAttributesW SetCurrentDirectoryW GetLocalTime SystemTimeToFileTime CreateThread GetExitCodeThread Sleep SetFileAttributesW GetDiskFreeSpaceExW SetLastError GetCommandLineW GetStartupInfoW GetTickCount lstrlenW ExitProcess lstrcatW AddVectoredExceptionHandler RemoveVectoredExceptionHandler CloseHandle WaitForSingleObject GetExitCodeProcess GetQueuedCompletionStatus ResumeThread SetInformationJobObject CreateIoCompletionPort AssignProcessToJobObject CreateJobObjectW GetLastError CreateProcessW GetStartupInfoA |
| msvcrt.dll |
free
__set_app_type ??3@YAXPEAX@Z _purecall ??2@YAPEAX_K@Z _wtol __CxxFrameHandler memset memmove memcpy _wcsnicmp memcmp strncpy wcsncpy wcsncmp strncmp ?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z _beginthreadex _CxxThrowException wcsstr _fmode realloc malloc __dllonexit _onexit ??1type_info@@UEAA@XZ __C_specific_handler _XcptFilter _c_exit _exit _cexit exit _acmdln __getmainargs _initterm __setusermatherr _commode ?terminate@@YAXXZ |
Delayed Imports
1
2
3
4
5
6
101
1 (#2)
1 (#3)
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 2.0.0.0 |
| ProductVersion | 2.0.0.0 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language | UNKNOWN |
| CompanyName | WhiteDeath & Co |
| FileDescription | Crack for Acrobat Pro x64 |
| FileVersion (#2) | 2.0.0.0 |
| InternalName | Crack for Acrobat Pro x64 |
| LegalCopyright | WhiteDeath & Co |
| OriginalFilename | crack.exe |
| ProductName | Crack for Acrobat Pro x64 |
| ProductVersion (#2) | 2.0.0.0 |
| Resource LangID | UNKNOWN |
|---|