Windows Analysis Report
SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe

Overview

General Information

Sample name: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe
Analysis ID: 1532745
MD5: d9e95ae1bc04e66f7333eaf9079ae849
SHA1: dfaffbd0736b93665e702b24737b64647d70f03f
SHA256: 2fc46917a56f67b597fd3e56792a5e3a0a563c8bb9f4410adf209e0670be1f68
Tags: exe
Infos:

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

.NET source code contains potential unpacker
.NET source code contains very large strings
AI detected suspicious sample
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Detected potential crypto function
Potential time zone aware malware
Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

AV Detection
barindex
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 94.5% probability
Uses 32bit PE files
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: XIEnumerator`1Int32KeyValuePair`2Dictionary`2<Module>IsValidUUIDSystem.IOCosturacostura.metadataFromArgbmscorlibSystem.Collections.GenericReadThreadLoadAddisAttachedInterlockedcostura.costura.pdb.compressedcostura.costura.dll.compressedcostura.system.diagnostics.diagnosticsource.dll.compressedcostura.colorful.console.dll.compressedcostura.newtonsoft.json.dll.compresseduuidsourceCompressionModeget_MessageExchangenullCacheIDisposableFileColorful.Consoleset_Titleget_NamefullNameGetNamerequestedAssemblyNameIsValidMinecraftUsernameusernameDateTimeReadLinePrintLineget_NewLineCombinecultureDisposeParseValidateWriteCompilerGeneratedAttributeGuidAttributeDebuggableAttributeComVisibleAttributeAssemblyTitleAttributeAssemblyTrademarkAttributeTargetFrameworkAttributeAssemblyFileVersionAttributeAssemblyConfigurationAttributeAssemblyDescriptionAttributeCompilationRelaxationsAttributeAssemblyProductAttributeAssemblyCopyrightAttributeAssemblyCompanyAttributeRuntimeCompatibilityAttributeByteget_ValueTryGetValueadd_AssemblyResolveRemoveCrackedLunarAccountTool.exeSetBufferSizeSetWindowSizeSystem.ThreadingSystem.Runtime.VersioningCultureToStringSystem.DrawingAttachIsMatchMathGetFolderPathlunarAcccountsPathget_LargestWindowWidthget_LengthEndsWithnullCacheLockCrackedLunarAccountToolColorfulReadStreamLoadStreamGetManifestResourceStreamDeflateStreamMemoryStreamstreamProgramget_Itemset_ItemSystemTrimJTokenMinMainAppDomainget_CurrentDomainFodyVersionSystem.IO.CompressiondestinationSystem.GlobalizationSystem.Reflectionset_PositionExceptionNewtonsoft.JsonLoadJsonSaveJsonStringComparisonjsonCopyToget_CultureInfoConsoleKeyInfoinfoSleepNewtonsoft.Json.LinqClearAssemblyLoaderSpecialFolderuserFoldersenderAccountManagerResolveEventHandlerEnterverToLowerColorcolorIEnumeratorGetEnumerator.ctor.cctorMonitorSystem.DiagnosticsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesReadFromEmbeddedResourcesDebuggingModesGetAssembliesresourceNamessymbolNamesassemblyNamesget_FlagsAssemblyNameFlagsResolveEventArgsargsEqualsSystem.Text.RegularExpressionsSystem.CollectionsCrackedLunarAccountTool.HelpersConsoleHelpersRemoveCrackedAccountsViewInstalledAccountsRemoveAllAccountsRemovePremiumAccountsExistsConcatJObjectget_LargestWindowHeightop_Implicitop_ExplicitExitToLowerInvariantEnvironmentget_CurrentPrintCreateAccountCreateAccountPromptMoveNextReadAllTextWriteAllTexttextRemoveAccountsMenuPrintMenuget_NowRegexJArrayCrackedLunarAccountTool_ProcessedByFodyget_KeyReadKeyContainsKeyResolveAssemblyReadExistingAssemblyGetExecutingAssemblyop_EqualityIsNullOrEmpty7Cracked Lunar Account Tool INFO)Exiting the program. source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.00000000038AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3619383327.0000000004A50000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe
Source: Binary string: C:\Users\Whatify\Downloads\CrackedLunarAccountTool\src\CrackedLunarAccountTool\obj\Release\CrackedLunarAccountTool.pdb source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.00000000038AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3619383327.0000000004A50000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: costura.costura.pdb.compressed source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe
Source: Binary string: C:\projects\colorful-console\src\Colorful.Console\obj\Debug\net461\Colorful.Console.pdb source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618547656.0000000002430000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.0000000003611000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\projects\colorful-console\src\Colorful.Console\obj\Debug\net461\Colorful.Console.pdbSHA256GtFR source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618547656.0000000002430000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.0000000003611000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: costura.costura.pdb.compressed|||Costura.pdb|6F8FE76A0D5297A4FA7D4F7054093411D51F71B1|2636 source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618289933.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.00000000038AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3619383327.0000000004A50000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.00000000038AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3619383327.0000000004A50000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.00000000038AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3619383327.0000000004A50000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.00000000038AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3619383327.0000000004A50000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.00000000038AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3619383327.0000000004A50000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618289933.00000000008E3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertA9
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.00000000038AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3619383327.0000000004A50000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.00000000038AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3619383327.0000000004A50000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.00000000038AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3619383327.0000000004A50000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.00000000038AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3619383327.0000000004A50000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.00000000038AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3619383327.0000000004A50000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.00000000038AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3619383327.0000000004A50000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3619383327.0000000004A50000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: http://james.newtonking.com/projects/json
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.00000000038AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3619383327.0000000004A50000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618289933.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.00000000038AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3619383327.0000000004A50000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.00000000038AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3619383327.0000000004A50000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0O
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.00000000038AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3619383327.0000000004A50000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0X
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.00000000038AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3619383327.0000000004A50000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: http://www.digicert.com/CPS0
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.00000000038AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3619383327.0000000004A50000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.00000000038AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3619383327.0000000004A50000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: https://www.newtonsoft.com/json
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3619383327.0000000004A50000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.00000000038AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3619383327.0000000004A50000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson

System Summary
barindex
.NET source code contains very large strings
Source: 0.2.SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe.3615570.3.raw.unpack, DefaultFonts.cs Long String: Length: 12223
Source: 0.2.SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe.363d590.5.raw.unpack, DefaultFonts.cs Long String: Length: 12223
Source: 0.2.SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe.262d53c.1.raw.unpack, DefaultFonts.cs Long String: Length: 12223
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Code function: 0_2_00868591 0_2_00868591
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618547656.0000000002430000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameColorful.Console.dllB vs SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameColorful.Console.dllB vs SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameColorful.Console.dllB vs SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000000.2353942809.00000000000FC000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameCrackedLunarAccountTool.exeP vs SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.00000000038AB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618289933.000000000089E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.0000000003611000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameColorful.Console.dllB vs SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3619383327.0000000004A50000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Binary or memory string: OriginalFilenameCrackedLunarAccountTool.exeP vs SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe
Uses 32bit PE files
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: classification engine Classification label: mal56.evad.winEXE@2/1@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Mutant created: NULL
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2812:120:WilError_03
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe "C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: XIEnumerator`1Int32KeyValuePair`2Dictionary`2<Module>IsValidUUIDSystem.IOCosturacostura.metadataFromArgbmscorlibSystem.Collections.GenericReadThreadLoadAddisAttachedInterlockedcostura.costura.pdb.compressedcostura.costura.dll.compressedcostura.system.diagnostics.diagnosticsource.dll.compressedcostura.colorful.console.dll.compressedcostura.newtonsoft.json.dll.compresseduuidsourceCompressionModeget_MessageExchangenullCacheIDisposableFileColorful.Consoleset_Titleget_NamefullNameGetNamerequestedAssemblyNameIsValidMinecraftUsernameusernameDateTimeReadLinePrintLineget_NewLineCombinecultureDisposeParseValidateWriteCompilerGeneratedAttributeGuidAttributeDebuggableAttributeComVisibleAttributeAssemblyTitleAttributeAssemblyTrademarkAttributeTargetFrameworkAttributeAssemblyFileVersionAttributeAssemblyConfigurationAttributeAssemblyDescriptionAttributeCompilationRelaxationsAttributeAssemblyProductAttributeAssemblyCopyrightAttributeAssemblyCompanyAttributeRuntimeCompatibilityAttributeByteget_ValueTryGetValueadd_AssemblyResolveRemoveCrackedLunarAccountTool.exeSetBufferSizeSetWindowSizeSystem.ThreadingSystem.Runtime.VersioningCultureToStringSystem.DrawingAttachIsMatchMathGetFolderPathlunarAcccountsPathget_LargestWindowWidthget_LengthEndsWithnullCacheLockCrackedLunarAccountToolColorfulReadStreamLoadStreamGetManifestResourceStreamDeflateStreamMemoryStreamstreamProgramget_Itemset_ItemSystemTrimJTokenMinMainAppDomainget_CurrentDomainFodyVersionSystem.IO.CompressiondestinationSystem.GlobalizationSystem.Reflectionset_PositionExceptionNewtonsoft.JsonLoadJsonSaveJsonStringComparisonjsonCopyToget_CultureInfoConsoleKeyInfoinfoSleepNewtonsoft.Json.LinqClearAssemblyLoaderSpecialFolderuserFoldersenderAccountManagerResolveEventHandlerEnterverToLowerColorcolorIEnumeratorGetEnumerator.ctor.cctorMonitorSystem.DiagnosticsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesReadFromEmbeddedResourcesDebuggingModesGetAssembliesresourceNamessymbolNamesassemblyNamesget_FlagsAssemblyNameFlagsResolveEventArgsargsEqualsSystem.Text.RegularExpressionsSystem.CollectionsCrackedLunarAccountTool.HelpersConsoleHelpersRemoveCrackedAccountsViewInstalledAccountsRemoveAllAccountsRemovePremiumAccountsExistsConcatJObjectget_LargestWindowHeightop_Implicitop_ExplicitExitToLowerInvariantEnvironmentget_CurrentPrintCreateAccountCreateAccountPromptMoveNextReadAllTextWriteAllTexttextRemoveAccountsMenuPrintMenuget_NowRegexJArrayCrackedLunarAccountTool_ProcessedByFodyget_KeyReadKeyContainsKeyResolveAssemblyReadExistingAssemblyGetExecutingAssemblyop_EqualityIsNullOrEmpty7Cracked Lunar Account Tool INFO)Exiting the program. source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.00000000038AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3619383327.0000000004A50000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe
Source: Binary string: C:\Users\Whatify\Downloads\CrackedLunarAccountTool\src\CrackedLunarAccountTool\obj\Release\CrackedLunarAccountTool.pdb source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.00000000038AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3619383327.0000000004A50000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: costura.costura.pdb.compressed source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe
Source: Binary string: C:\projects\colorful-console\src\Colorful.Console\obj\Debug\net461\Colorful.Console.pdb source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618547656.0000000002430000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.0000000003611000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\projects\colorful-console\src\Colorful.Console\obj\Debug\net461\Colorful.Console.pdbSHA256GtFR source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618547656.0000000002430000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.000000000363D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, 00000000.00000002.3618819478.0000000003611000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: costura.costura.pdb.compressed|||Costura.pdb|6F8FE76A0D5297A4FA7D4F7054093411D51F71B1|2636 source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe

Data Obfuscation
barindex
.NET source code contains potential unpacker
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, AssemblyLoader.cs .Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[])
Source: 0.2.SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe.4a50000.8.raw.unpack, DynamicUtils.cs .Net Code: CreateSharpArgumentInfoArray
Source: 0.2.SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe.4a50000.8.raw.unpack, LateBoundReflectionDelegateFactory.cs .Net Code: CreateDefaultConstructor
Source: 0.2.SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe.38ab830.6.raw.unpack, DynamicUtils.cs .Net Code: CreateSharpArgumentInfoArray
Source: 0.2.SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe.38ab830.6.raw.unpack, LateBoundReflectionDelegateFactory.cs .Net Code: CreateDefaultConstructor
Yara detected Costura Assembly Loader
Source: Yara match File source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe, type: SAMPLE
Source: Yara match File source: 0.0.SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe.90000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000000.2353903090.0000000000092000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.3618763518.0000000002611000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe PID: 4904, type: MEMORYSTR
Source: SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Static PE information: section name: .text entropy: 7.973854794324544
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Memory allocated: 860000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Memory allocated: 2610000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Memory allocated: 9D0000 memory reserve | memory write watch Jump to behavior
Potential time zone aware malware
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe System information queried: CurrentTimeZoneInformation Jump to behavior
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Memory allocated: page read and write | page guard Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1532745 Sample: SecuriteInfo.com.HackTool.W... Startdate: 13/10/2024 Architecture: WINDOWS Score: 56 10 .NET source code contains potential unpacker 2->10 12 .NET source code contains very large strings 2->12 14 AI detected suspicious sample 2->14 16 Yara detected Costura Assembly Loader 2->16 6 SecuriteInfo.com.HackTool.Win32.Crack.28815.11045.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       
No contacted IP infos