xone[.]crack[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

xone.crack.rar
Size

1.7MB
MD5

2296fb98f59c1838a2d0be321d48d75a
SHA1

dfd35f27d572c07d55bef988dc2e039d47315f47
SHA256

841f53fc09a19fc5edd5e18ef724432e14abadbd3aa040c248b2daeb84c98ab5
SHA512

1bd577a3340281bed1c1cde6ee65eae31f11994e67fa7a594fecef6d31e36589ff495d46a8daff41ae15f185fbefd88c49d8042ca8ed0d536f4bd868bef8ebf6
SSDEEP

49152:UWm6d5sOY8JFCXBqKkcKdJKG900cMfx3J48HTWronskPZ:06rsECXmcysGGUfJ6QT1R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/xone.crack.exe

resource
unpack001/xone.crack.exe

Files

xone.crack.rar
.rar
injectorPH.dll
timesubscription 365.c
xone.crack.exe
.exe windows:6 windows x64 arch:x64

0732d7690b2d96c7523b65bfa244b932

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

DecryptMessage
AcceptSecurityContext
EncryptMessage
ApplyControlToken
DeleteSecurityContext
FreeContextBuffer
QueryContextAttributesW
InitializeSecurityContextW
AcquireCredentialsHandleA
LsaFreeReturnBuffer
LsaGetLogonSessionData
FreeCredentialsHandle
LsaEnumerateLogonSessions

kernel32

GetSystemInfo
GetFileInformationByHandle
GetModuleHandleA
GetCurrentThread
TryAcquireSRWLockExclusive
GetStdHandle
GetConsoleMode
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
SetLastError
QueryPerformanceFrequency
FormatMessageW
GetCurrentProcess
GetEnvironmentVariableW
GetTempPathW
CreateFileW
SetFileInformationByHandle
GetFullPathNameW
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileW
FindClose
CreateThread
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
GetCurrentProcessId
CreateMutexA
WaitForSingleObjectEx
LoadLibraryA
ReleaseMutex
RtlVirtualUnwind
AcquireSRWLockShared
ReleaseSRWLockShared
DuplicateHandle
CopyFileExW
SetHandleInformation
OpenProcess
ReadProcessMemory
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
LocalFree
VirtualQueryEx
GetDriveTypeW
SetFileCompletionNotificationModes
GetDiskFreeSpaceExW
DeviceIoControl
GlobalMemoryStatusEx
GetQueuedCompletionStatusEx
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
Sleep
GetSystemDirectoryA
GetEnvironmentVariableA
WideCharToMultiByte
VerSetConditionMask
VerifyVersionInfoW
MoveFileExA
CreateFileA
GetFileSizeEx
ReadFile
FlushFileBuffers
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
SystemTimeToFileTime
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
CreateIoCompletionPort
CancelIoEx
PostQueuedCompletionStatus
SleepConditionVariableSRW
SwitchToThread
GetModuleHandleW
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
SetThreadStackGuarantee
AddVectoredExceptionHandler
DeleteFileW
GetFileInformationByHandleEx
FreeLibrary
GetProcAddress
LoadLibraryExW
GetComputerNameExW
GetLogicalDrives
GetTickCount64
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetUserPreferredUILanguages
ReleaseSRWLockExclusive
GetLastError
WakeConditionVariable
AcquireSRWLockExclusive
WakeAllConditionVariable
CloseHandle
IsDebuggerPresent
GetVolumeInformationW

advapi32

SystemFunction036
GetTokenInformation
IsValidSid
GetLengthSid
CopySid
LookupAccountSidW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
GetUserNameW
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
OpenProcessToken

ws2_32

WSACloseEvent
recv
shutdown
getpeername
getsockopt
ioctlsocket
WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
WSAEnumNetworkEvents
WSASocketW
WSAIoctl
WSASend
setsockopt
WSAEventSelect
recvfrom
WSAGetLastError
closesocket
send
getsockname
WSACreateEvent
WSAResetEvent
WSASetLastError
WSAWaitForMultipleEvents
htons
socket
ntohs
listen
htonl
accept
select
__WSAFDIsSet
bind
connect
WSARecv
WSAGetOverlappedResult

crypt32

CryptDecodeObjectEx
PFXImportCertStore
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertCloseStore
CertDuplicateStore
CertDuplicateCertificateContext
CertFreeCertificateChain
CertDuplicateCertificateChain
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertOpenStore
CryptStringToBinaryA
CryptUnprotectData
CertFindCertificateInStore
CertFindExtension

oleaut32

SysAllocString
SafeArrayGetUBound
SafeArrayGetLBound
SysFreeString
VariantClear
SafeArrayUnaccessData
SysAllocStringLen
SafeArrayAccessData

pdh

PdhCollectQueryData
PdhOpenQueryA
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhAddEnglishCounterW
PdhCloseQuery

iphlpapi

GetIfTable2
GetIfEntry2
FreeMibTable
GetAdaptersAddresses

netapi32

NetUserGetLocalGroups
NetUserGetInfo
NetApiBufferFree
NetUserEnum

user32

GetMonitorInfoW
EnumDisplayMonitors
EnumDisplaySettingsExW

gdi32

DeleteDC
CreateDCW
CreateCompatibleDC
DeleteObject
SelectObject
SetStretchBltMode
StretchBlt
GetDIBits
GetObjectW
GetDeviceCaps
CreateCompatibleBitmap

ole32

CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoTaskMemFree

bcrypt

BCryptGenRandom

shell32

CommandLineToArgvW
SHGetKnownFolderPath

ntdll

NtReadFile
NtWriteFile
RtlNtStatusToDosError
NtCreateFile
RtlGetVersion
NtQueryInformationProcess
NtQuerySystemInformation

powrprof

CallNtPowerInformation

psapi

GetModuleFileNameExW
GetPerformanceInfo

vcruntime140

memset
__CxxFrameHandler3
memmove
memcmp
strchr
strrchr
strstr
memchr
__C_specific_handler
__current_exception
__current_exception_context
memcpy

api-ms-win-crt-string-l1-1-0

strcmp
_strdup
strncpy
strcpy
wcslen
isupper
strpbrk
tolower
strncmp
strlen
strspn
strcspn

api-ms-win-crt-heap-l1-1-0

calloc
malloc
realloc
free
_msize
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_cexit
_initialize_onexit_table
__p___argc
__sys_errlist
_exit
exit
_register_onexit_function
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_c_exit
__sys_nerr
_set_app_type
_seh_filter_exe
_endthreadex
_register_thread_local_exe_atexit_callback
_errno
_wassert
abort
_crt_atexit
terminate
_configure_narrow_argv
_beginthreadex
_initterm_e
__p___argv

api-ms-win-crt-convert-l1-1-0

strtoll
strtol
atoi
strtoul
wcstombs

api-ms-win-crt-stdio-l1-1-0

_open
_lseeki64
fopen
fflush
fgets
feof
_read
__stdio_common_vsscanf
ftell
_set_fmode
__p__commode
fclose
__acrt_iob_func
fread
fseek
_close
fputs
_write
fwrite
fputc
__stdio_common_vsprintf

api-ms-win-crt-time-l1-1-0

_time64
strftime
_gmtime64
_localtime64_s

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-filesystem-l1-1-0

_access
_unlink
_stat64
_fstat64

api-ms-win-crt-math-l1-1-0

_dclass
log
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0732d7690b2d96c7523b65bfa244b932

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

advapi32

ws2_32

crypt32

oleaut32

pdh

iphlpapi

netapi32

user32

gdi32

ole32

bcrypt

shell32

ntdll

powrprof

psapi

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 26KB - Virtual size: 30KB

.pdata Size: 90KB - Virtual size: 89KB

.reloc Size: 29KB - Virtual size: 29KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 26KB - Virtual size: 30KB

.pdata
Size: 90KB - Virtual size: 89KB

.reloc
Size: 29KB - Virtual size: 29KB