analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Crack.exe

Full analysis: https://app.any.run/tasks/74271fa5-8338-49f6-9af3-75641a5aa865
Verdict: Malicious activity
Analysis date: October 05, 2022, 07:36:29
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

D11703A98E17FD05A0157B88572481A0

SHA1:

23C73D7B569B50847022383F90789D3F35E72F50

SHA256:

732CEA9B7E280D864E7134D27B8B8384D44C09100D6557AEDFC17841838E3F3E

SSDEEP:

49152:72RUvjn/TCGDQiMDpU/Sb8HDWSrbmnidPtrDEKhPlGRr4B0aQ7Kitf:iyn/+GDhOcSb8HDhrK8rwGlGRr4k

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads the machine GUID from the registry

      • Crack.exe (PID: 3148)

    • Reads Internet Settings

      • Crack.exe (PID: 3148)

  • INFO

    • Checks supported languages

      • Crack.exe (PID: 3148)

    • Creates a file in a temporary directory

      • Crack.exe (PID: 3148)

    • Reads the computer name

      • Crack.exe (PID: 3148)

    • Creates files in the user directory

      • Crack.exe (PID: 3148)

    • Process checks LSA protection

      • Crack.exe (PID: 3148)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (3.6)
.exe | Generic Win/DOS Executable (1.6)
.exe | DOS Executable Generic (1.5)

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 2015-May-26 07:26:46
Detected languages:
  • English - United States
Debug artifacts:
  • none
CompanyName: Adobe Systems Incorporated
FileDescription: Bootstrapper Application
FileVersion: 9.0.0.100
InternalName: Bootstrapper
LegalCopyright: Copyright 2009-2015 Adobe Systems Incorporated. All rights reserved.
OriginalFilename: Bootstrapper.exe
ProductName: Bootstrapper Application
ProductVersion: 9.0.0.100

DOS Header

e_magic: MZ
e_cblp: 144
e_cp: 3
e_crlc: -
e_cparhdr: 4
e_minalloc: -
e_maxalloc: 65535
e_ss: -
e_sp: 184
e_csum: -
e_ip: -
e_cs: -
e_ovno: -
e_oemid: -
e_oeminfo: -
e_lfanew: 280

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
NumberofSections: 5
TimeDateStamp: 2015-May-26 07:26:46
PointerToSymbolTable: -
NumberOfSymbols: -
SizeOfOptionalHeader: 224
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
4096
1797012
1797120
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.60369
.rdata
1802240
429636
430080
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
4.89554
.data
2232320
72876
37888
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
4.94255
.rsrc
2306048
54992
55296
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
6.13046
.reloc
2363392
145520
145920
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
6.50465

Resources

Title
Entropy
Size
Codepage
Language
Type
1
7.95711
17808
UNKNOWN
English - United States
RT_ICON
2
4.84949
9640
UNKNOWN
English - United States
RT_ICON
3
5.22542
4264
UNKNOWN
English - United States
RT_ICON
4
5.27518
1128
UNKNOWN
English - United States
RT_ICON
5
3.17318
1128
UNKNOWN
English - United States
RT_ICON
6
3.17318
1128
UNKNOWN
English - United States
RT_ICON
7
3.02695
308
UNKNOWN
English - United States
RT_CURSOR
8
2.74274
180
UNKNOWN
English - United States
RT_CURSOR
9
2.34038
308
UNKNOWN
English - United States
RT_CURSOR
10
2.34004
308
UNKNOWN
English - United States
RT_CURSOR

Imports

ADVAPI32.dll
COMCTL32.dll
GDI32.dll
IMM32.dll
KERNEL32.dll
MSIMG32.dll
OLEACC.dll
OLEAUT32.dll
SHELL32.dll
SHLWAPI.dll
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
33
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start crack.exe

Process information

PID
CMD
Path
Indicators
Parent process
3148"C:\Users\admin\AppData\Local\Temp\Crack.exe" C:\Users\admin\AppData\Local\Temp\Crack.exe
Explorer.EXE
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Bootstrapper Application
Exit code:
0
Version:
9.0.0.100
Total events
332
Read events
332
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
3148Crack.exeC:\Users\admin\AppData\Local\Microsoft\Windows\WindowsUpdate.logtext
MD5:CF091F7B9F33A6586B37C5270BC42BCB
SHA256:0829244A5EAEF242AC8913798C3A1E5EFDB61816E627A8803478C78306EECB1B
3148Crack.exeC:\Users\admin\AppData\Local\Temp\PDApp.logtext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
8
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3148
Crack.exe
54.208.106.222:443
na1r.services.adobe.com
AMAZON-AES
US
unknown
54.208.106.222:443
na1r.services.adobe.com
AMAZON-AES
US
unknown

DNS requests

Domain
IP
Reputation
na1r.services.adobe.com
  • 54.208.106.222
  • 54.174.187.14
  • 54.209.22.103
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Crack.exe