crack[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

crack.zip
Size

40.8MB
MD5

ccee2594fdc1b36910f39815dafd0ae2
SHA1

1aa94d921444f9ca6d1a93b6c4a6e217cb87a33f
SHA256

eb930d5b1c94559c91e3640c0f5e29ea8bb39958e6c271be0e563595ee9bb595
SHA512

3f510ec4e8c6e089ba148138fd6f87dc016f2b32887821be78e3badd01187cce831292e75936594be24f35932a7abaaaa9f5aae29a9e1569c90ec181fe34a7bf
SSDEEP

786432:0exbCNWyyBGcmhlWZUbn0tQGHsFslKbcmULtO/LhzIZWPFe36FVSHR+d8eNtGO:N4QUcUv0yGHsfHULA/LhzIwPI32QHR+R

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RedGiant Activation Service Unlocker.exe
unpack001/libmanager.db

Files

crack.zip
.zip
Maxon_App_3.1.1_Win.exe
.exe windows x86

3764040f14dce7c10295b2086d0b20f8

Code Sign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:9f:b7:dc:b6:42:7d:8c:bc:a6:41:42:dc:93:ca:1c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/06/2021, 00:00

Not After

13/08/2024, 23:59

Subject

CN=Maxon Computer GmbH,OU=SOFTWARE DEVELOPMENT,O=Maxon Computer GmbH,L=Friedrichsdorf,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e1:6b:71:98:fc:65:29:34:87:79:94:4e:10:e2:5a:3d:3e:64:75:d4
Signer

Actual PE Digest

e1:6b:71:98:fc:65:29:34:87:79:94:4e:10:e2:5a:3d:3e:64:75:d4

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Maxon Computer GmbH,OU=SOFTWARE DEVELOPMENT,O=Maxon Computer GmbH,L=Friedrichsdorf,C=DE

24/06/2022, 01:24
Valid: true

Chain 1

CN=Maxon Computer GmbH,OU=SOFTWARE DEVELOPMENT,O=Maxon Computer GmbH,L=Friedrichsdorf,C=DE

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysStringLen
SysAllocStringLen
VariantClear

user32

DialogBoxParamW
SetWindowLongW
GetWindowLongW
GetDlgItem
LoadStringW
CharUpperW
DestroyWindow
EndDialog
PostMessageW
SetWindowTextW
ShowWindow
MessageBoxW
SendMessageW
LoadIconW
KillTimer
SetTimer

shell32

ShellExecuteExW

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
wcsstr
free
malloc
memcpy
_CxxThrowException
_purecall
memmove
memcmp
wcscmp
__CxxFrameHandler

kernel32

CloseHandle
GetStartupInfoA
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetEvent
CreateEventW
lstrlenW
lstrcatW
VirtualFree
VirtualAlloc
Sleep
GetStdHandle
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
GetFileInformationByHandle
GetFileAttributesW
GetModuleHandleA
FindNextFileW
FindFirstFileW
FindClose
GetCurrentThreadId
GetTickCount
GetCurrentProcessId
GetTempPathW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetLastError
DeleteFileW
CreateDirectoryW
GetModuleHandleW
GetProcAddress
RemoveDirectoryW
SetFileAttributesW
CreateFileW
SetFileTime
GetSystemDirectoryW
FormatMessageW
LocalFree
GetModuleFileNameW
LoadLibraryExW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetVersionExW
GetCommandLineW
CreateProcessW
WaitForSingleObject

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RedGiant Activation Service Unlocker.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 718KB - Virtual size: 717KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.addImp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
libmanager.db
.dll windows x86

6378538b8a02b86e1046fa503f781625

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW

kernel32

ExitProcess
CloseHandle
GetCommandLineW
GetModuleFileNameW
CreateThread
WriteFile
GetTempPathW
SetHandleInformation
CreatePipe
CreateProcessW
GetProcAddress
LoadLibraryW
ExpandEnvironmentStringsW
GetFileAttributesW
GetTempFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetTickCount
FormatMessageA
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
LocalFree
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetLocaleInfoEx
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
RaiseException
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
GetModuleHandleW
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
HeapValidate
GetSystemInfo
GetCurrentThread
GetStdHandle
GetFileType
OutputDebugStringW
WriteConsoleW
SetConsoleCtrlHandler
HeapReAlloc
HeapSize
HeapQueryInformation
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
CreateFileW
SetEndOfFile

advapi32

RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
GetTokenInformation
RegQueryInfoKeyW
RegCreateKeyExW

shell32

CommandLineToArgvW
ShellExecuteW

user32

GetSystemMetrics

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoCreateGuid
StringFromGUID2
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString
GetErrorInfo
VariantChangeType
SetErrorInfo
VariantClear
VariantInit
CreateErrorInfo
SysAllocString

Exports

Exports

dkmiqQIpjvkw

Sections

.textbss
Size: - Virtual size: 660KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1024B - Virtual size: 658B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
win.ini

Sharing

General

Malware Config

Signatures

Files

3764040f14dce7c10295b2086d0b20f8

Code Sign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

04:9f:b7:dc:b6:42:7d:8c:bc:a6:41:42:dc:93:ca:1cCertificate

Extended Key Usages

Key Usages

e1:6b:71:98:fc:65:29:34:87:79:94:4e:10:e2:5a:3d:3e:64:75:d4Signer

Signature Validations

Verification

24/06/2022, 01:24 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

user32

shell32

msvcrt

kernel32

Sections

.text Size: 103KB - Virtual size: 102KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 8KB

.sxdata Size: 512B - Virtual size: 4B

.rsrc Size: 78KB - Virtual size: 78KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 718KB - Virtual size: 717KB

.itext Size: 6KB - Virtual size: 5KB

.data Size: 14KB - Virtual size: 13KB

.bss Size: - Virtual size: 27KB

.idata Size: 4KB - Virtual size: 3KB

.didata Size: 512B - Virtual size: 420B

.edata Size: 512B - Virtual size: 154B

.tls Size: - Virtual size: 24B

.rdata Size: 512B - Virtual size: 93B

.rsrc Size: 36KB - Virtual size: 36KB

.addImp Size: 4KB - Virtual size: 4KB

6378538b8a02b86e1046fa503f781625

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

advapi32

shell32

user32

ole32

oleaut32

Exports

Exports

Sections

.textbss Size: - Virtual size: 660KB

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 254KB - Virtual size: 254KB

.data Size: 22KB - Virtual size: 28KB

.idata Size: 5KB - Virtual size: 4KB

.msvcjmc Size: 1024B - Virtual size: 658B

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

04:9f:b7:dc:b6:42:7d:8c:bc:a6:41:42:dc:93:ca:1c
Certificate

e1:6b:71:98:fc:65:29:34:87:79:94:4e:10:e2:5a:3d:3e:64:75:d4
Signer

24/06/2022, 01:24
Valid: true

.text
Size: 103KB - Virtual size: 102KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 8KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 78KB - Virtual size: 78KB

.text
Size: 718KB - Virtual size: 717KB

.itext
Size: 6KB - Virtual size: 5KB

.data
Size: 14KB - Virtual size: 13KB

.bss
Size: - Virtual size: 27KB

.idata
Size: 4KB - Virtual size: 3KB

.didata
Size: 512B - Virtual size: 420B

.edata
Size: 512B - Virtual size: 154B

.tls
Size: - Virtual size: 24B

.rdata
Size: 512B - Virtual size: 93B

.rsrc
Size: 36KB - Virtual size: 36KB

.addImp
Size: 4KB - Virtual size: 4KB

.textbss
Size: - Virtual size: 660KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 254KB - Virtual size: 254KB

.data
Size: 22KB - Virtual size: 28KB

.idata
Size: 5KB - Virtual size: 4KB

.msvcjmc
Size: 1024B - Virtual size: 658B

.00cfg
Size: 512B - Virtual size: 265B

.rsrc
Size: 1024B - Virtual size: 806B

.reloc
Size: 48KB - Virtual size: 47KB