��3X�o�ʉ��}��AQՂ�4&(%�����TV~�Ʃ����:m�{�^J:�ɰ+i���l�F^�gkD���%.�8 �V�?6�h�2c\�1�C��D���,cGCQ�r t�X� �-��Qx�����D�+�B�8�!�`��Oy69y7����6�2ElցzT����^Po�aib��Dr�V�X��-ȝU�qg�:����yi������* @#��;�{�6DX��Q���������`�ʳ����lp){l"�c���/��k�p��V<q��J�1b�W�eu�d<��P�c���@�<`��iE%��y? E���r��ٽ�I�c�kIk�Y��O���WT����T�~h��`��0��� �i�����O�4I�M�<�A2g�@5o7�P ��-����y��5]�ˢ�0��Uܑh����A_�Ȱ���7�2H>� e䥄 4�&�� J�{�J1��E قP��D.ЛmK����:t�4 9�KF�y�Mf��`Y��b�i$��$-��'��r�#m��lp���i2�=���kſ����|�_�N5,��Q�ЊW�B��O�P�P$�P�8����P8���;Y� J��r��s�|��U,���N�I���I� =��o$���W�ĩ�/�}YI���W�5��._�G�O/��$��g���"gl�=h������E����=�0��� s�S��B��U��OV/�;%�L��(���u��7�S��w\�1�����X{�G��ȖRV�Oc�E����Mq܋��O8^c\F��%������@��@����Ci����b��L.����0�2�$��-�֙�tf9fZ�ݻ]�ym�Gq�������jS�pC5?(�0�1�2i)t"�k�'�Ue�����gP�t@2�r8}�P�ė�lW�W�[=tE�S��"�����f�tY��Q��d",�������Ȃ�}/2����MUN~��е��hG+l�!���s�m8��)*�4#���[����d�YA�m^*>�����z}/�����gs�÷� izu^ �����`��sc�����_��}����Q���Ve�:�f'xKN$���~V�5x�Ύ�+Zj3:[5)cc���m[j��GB-�)l.Jm�����9�Fם�`W�(�S���AMy9BW3��%���@�bf�J�u�B5x}N�:��W��C=Թye N<��a9��ֲϓ��^����Tn3x�Mk1@�vcOvp(��ͱh>Ek��ے�O����a��m�����V�Aō����THl! �4fx��e���?}��eK >:} i|��L���ͭ��?�e X����G�� #�� "&uN%�����yQ�=�C1��`wt7�P\�_�7�� �.4����JM��@�"�����9�� �ɨ�6�Z��hV#�sɃ����F�����A�ߓ�=���=sە �Nv�w��B5�",'z�� �dJ�o U%��G�ƞUK���ʶ7m��>�(�M~$��s�j9�����LJ�[¥�M�{�B�N�H3͈��~����n(��%�i���:�w}� ����)�i+��E��0䗈扬�s�h�d��Lgg�%��K�1e~�<� �� ��J���2�2 �N�1�vH_�������.���S_<�������`���-�z��NTt;������o���O>�>�����H�p���{��{ek�&p�5�z��[P���욅������۟nn:���2�ټ����W]�4���in��Ӂ�šk-S�{eIl/]\�P"�V���-;Pt39�_�\G��� Ί�]N���f|UG�_�4d��i�0߃��1��@����T��V�H�\�/��,S^L"� `����{zV�6�+ƺ�W�Hg)^��h���?�AQL4�� '�/�O4�C��Uǹt��8K�}b��#:S?0�V߷��P��0�J<�����.Wj`\�.v�9�E-���m!#D'�nh��h�����mϾ��ܟ�LD��5�n�9t��nֳ�S�v[���F��5H[H*ˆX;E*����=��;yt�K�2�}��0 �NrR����:��F����������c��g��K���!u$�r�12�$��a�1m��Y���o { kW�[l.v����gD�����fp�3�r��=�Է���H��W��I�g��Cy�IL���)��V-�&h�(+ ��.���!m��������� �-��C�7L�ع��^m6"�G?ǀ@��|�k_nE�S�6N�������<E3+��-h"��l.�����CJ�@�m�-�>��P���0l>���D���4���z}���M�/˳z9U��!�a,�){-���_�_e֦�U� (��� ��S�n�� ��4$M��W����{F�YR�~��gb.�|��iags�㘑��vDp��� އ"�������5S#��7r�J��1�%�Ol>�C�$��{��=�qr/��Mj"FEJ��3��rg�,K7! �oՒC��u\>��n��L-�qO�i����_Տ�!�6sV�δ0��__G�:p2 {T7u�J�m$PL��c ��';���0�Q�0?|U������"�L_~��c �\b�2L�D�-���h���i�3[�h�����zt�����&����Zb��*���42g�ئ� �MGuq��A�X���vSMD3�[���<';j��yr�������Hgni:[�e��M�-���˰�$�De��Ws&<k��f���vRH���љ`9��t�A�&�\^�*�:�4:ki^��\�g��N�k��&�����{�� ٧CBh�\ą�\_����� k��<��� �����S)��멝9��8�1�ǯV�i|b�> s����g��9� �݆K��06�߰??�-�FA���{x�� ����4���{��s|�L˩� ����8��#k���+��(Qi�'{����<�EB����v�MuJc���-/�!~c!=��ST`+d���$�G)9G�.h^�Hl4���F>}��`�b���e�C�.Zm�_�F>�
Behavioral task
behavioral1
Sample
crack1.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
crack1.exe
Resource
win10v2004-20230220-en
General
-
Target
crack1.exe
-
Size
12.7MB
-
MD5
f8e1807b535ba0de2341531d3d1ddfa0
-
SHA1
86a68a4647ac27eaea4cea65b49f2b9aa6edf51f
-
SHA256
3cfb801aec4c94aa04f67808f6f66507b331c6bdaa526f82469ea5960987ab87
-
SHA512
f48154c84f6add19d42aa17e500700884e55d2e5093759a35789f27dd32ca0588010223d21327a210e3bbc016b659da54db4409accd8ec2c4257734e8a9dcd38
-
SSDEEP
393216:nVyPpEyMo//+JXHs79AEF9vVqHPeKSBKMMFlJg3:nVup39//7RJFFVqzfDJg3
Malware Config
Signatures
-
Processes:
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource crack1.exe
Files
-
crack1.exe.exe windows x86
38c6262acdcb4b92d2fd4d2e16a1258f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetVersionExW
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
wtsapi32
WTSSendMessageW
user32
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW
Exports
Exports
Sections
.text Size: - Virtual size: 2.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 687KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 103KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 13.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 12.7MB - Virtual size: 12.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ