crark55[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

crark55.rar
Size

515KB
MD5

1575e523533033fbf5030910e434a0c7
SHA1

c05d3e840c127bb4710bf0abf6a09635157b5bcf
SHA256

d961c385fb9c6ee30ce18c8192ba96e1f1fa9bd8fc1362acca143df1f7360f6d
SHA512

5e1c1ce4c8501aac81cf651586940b699ddc2791d416603ee185c01ca309e503ec393e0ccf56e9f6727d65a375464078ff4c3eb0d2568e0c314c2d9dca5b4a86
SSDEEP

12288:1ABj25tTKbisPDIq9mH4SUX9x62fZMjbnks+M9HetZyCVv:1l5tTK2ploD6cZMjbnP+0HeXyCVv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cRARk.exe

Files

crark55.rar
.rar
cRARk.exe
.exe windows:6 windows x64 arch:x64

1784ce550202c85cb3e0af01647dbfc5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetPriorityClass
Sleep
WideCharToMultiByte
GetLastError
FormatMessageW
LocalFree
GetCurrentDirectoryW
SetConsoleCtrlHandler
SetLastError
GetLongPathNameW
GetShortPathNameW
MoveFileW
CloseHandle
CreateFileW
FlushFileBuffers
ReadFile
SetFilePointer
SetEndOfFile
CreateDirectoryW
SetFileAttributesW
GetFileAttributesW
GetDriveTypeW
GetDiskFreeSpaceExW
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
GetPriorityClass
FreeLibrary
LoadLibraryW
GetProcAddress
GetCurrentProcessId
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetSystemTime
MultiByteToWideChar
CompareStringW
GetCPInfo
IsDBCSLeadByte
RtlVirtualUnwind
HeapSize
GetFileSizeEx
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetStringTypeW
SetFilePointerEx
GetCurrentProcess
SetErrorMode
ReadConsoleW
WriteConsoleW
GetStdHandle
WriteFile
GetConsoleMode
GetFileType
GetModuleFileNameW
SetStdHandle
GetConsoleOutputCP
EnumSystemLocalesW
GetUserDefaultLCID
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
GetModuleHandleW
LoadLibraryExA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FormatMessageA
LoadLibraryA
GetThreadLocale
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
ExitProcess
GetModuleHandleExW
GetTimeZoneInformation
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
HeapReAlloc
LCMapStringW
GetLocaleInfoW
IsValidLocale
RtlUnwind

user32

CharLowerW
ExitWindowsEx
CharUpperW
OemToCharBuffA
CharToOemBuffW
CharToOemBuffA
CharToOemA
MessageBeep

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

Sections

.text
Size: 674KB - Virtual size: 674KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_DATA1
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trace
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cRARk.html
.html .ps1 polyglot
crackme.def
crark.rus.txt
.ps1
driver-timeout.reg
english.def
file_id.diz
french.def
german.def
greek.def
.ps1
hebrew.def
rarcrypt30-cl.dll
rarcrypt50-cl.dll
readme
readme.rus.txt
russian.def
spanish.def
turkish.def
ukranian.def
.ps1
versions.txt

Sharing

General

Malware Config

Signatures

Files

1784ce550202c85cb3e0af01647dbfc5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 674KB - Virtual size: 674KB

.rdata Size: 141KB - Virtual size: 141KB

.data Size: 18KB - Virtual size: 548KB

.pdata Size: 15KB - Virtual size: 14KB

_DATA1 Size: 10KB - Virtual size: 10KB

_RDATA Size: 5KB - Virtual size: 4KB

.trace Size: 6KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 674KB - Virtual size: 674KB

.rdata
Size: 141KB - Virtual size: 141KB

.data
Size: 18KB - Virtual size: 548KB

.pdata
Size: 15KB - Virtual size: 14KB

_DATA1
Size: 10KB - Virtual size: 10KB

_RDATA
Size: 5KB - Virtual size: 4KB

.trace
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 4KB