CrackME[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

CrackME.exe
Size

226KB
MD5

32c921ea06f6a611612c3a88c7e18dba
SHA1

abe2084e4db94cca6c9985dbc74dd69f055437fb
SHA256

8c86544a525f4c5015b7d1e9ac83b70b424a34f527886c185f50b4369d090be3
SHA512

440e72e3c30dc71a24cb596b70ca726f15945acf82591444d861bab3e074d51fd61d1f8325a8d25e87c6cf64231292fceeab7a01f8f22051f63c4a4d436740e1
SSDEEP

6144:EHoBs+HqbsqVnPTo+7lJs92xUG9ZbneOYK3e4:SXbFPxzs92xrrSOYK3p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CrackME.exe

Files

CrackME.exe
.exe windows:6 windows x86 arch:x86

806aa1bd208da3301a2c69a4aed6b12b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3d9

Direct3DCreate9

kernel32

SleepEx
DebugBreak
IsDebuggerPresent
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
UnhandledExceptionFilter
Process32Next
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
Sleep
CloseHandle
CreateFileA
CreateToolhelp32Snapshot
GetModuleHandleA
Process32First
SetUnhandledExceptionFilter

user32

GetCapture
ScreenToClient
ClientToScreen
ReleaseCapture
UpdateWindow
SetCursorPos
TrackMouseEvent
GetForegroundWindow
SetCapture
SetCursor
LoadCursorA
GetClientRect
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
FindWindowA
DispatchMessageA
RegisterClassExA
PostQuitMessage
UnregisterClassA
PeekMessageA
TranslateMessage
CreateWindowExA
DefWindowProcA
MessageBoxA
ShowWindow
GetWindowRect
SetWindowPos
DestroyWindow
IsChild

msvcp140

_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
_Query_perf_frequency
_Query_perf_counter
_Thrd_detach

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

vcruntime140

memmove
memcpy
memchr
__std_exception_destroy
__std_exception_copy
__current_exception_context
memset
_except_handler4_common
strstr
__std_terminate
__CxxFrameHandler3
_CxxThrowException
__current_exception

api-ms-win-crt-runtime-l1-1-0

_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
_exit
exit
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_cexit
_beginthreadex
_controlfp_s
system
terminate
_crt_atexit
_set_app_type
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-string-l1-1-0

strncpy
_stricmp

api-ms-win-crt-stdio-l1-1-0

__p__commode
__acrt_iob_func
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
ftell
fflush
fseek
fclose
_set_fmode

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
_callnewh
free

api-ms-win-crt-math-l1-1-0

ceil
_libm_sse2_sqrt_precise
_libm_sse2_acos_precise
_CIfmod
_libm_sse2_cos_precise
_libm_sse2_sin_precise
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

806aa1bd208da3301a2c69a4aed6b12b

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

kernel32

user32

msvcp140

imm32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 191KB - Virtual size: 190KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 191KB - Virtual size: 190KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 5KB