» crack.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)

crack.exe

The executable crack.exe has been detected as malware by 5 anti-virus scanners. This is a setup program which is used to install the application. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘NetworkNotifyer’. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

crack.exe

MD5:

d1b2dbcfd1e0110b5fe2f71183094aea

SHA-1:

7f2931c60d3c975293b3f12580cf6135e1d7743e

SHA-256:

c640a6534ab4152590b65196c0d51c4f84edd1080f24d93e4cb48930c6f6fbee

Scanner detections:

5 / 68

Status:

Malware

Analysis date:

12/28/2024 12:56:59 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.DownLoader21.49927

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Zbot.202

11.5.0.6191

F-Secure

Variant.Midie.10051

5.15.96

Kaspersky

Trojan.Win32.Inject

15.0.0.562

Norman

Gen:Variant.Midie.10051

19.05.2016 05:17:13

File size:

1.1 MB (1,106,662 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\crack.exe

File PE Metadata

Compilation timestamp:

5/11/2016 5:43:31 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.1

CTPH (ssdeep):

24576:/s9mZ8yHPBX1FO/SL4bVDef9A6HDIzXRXhlm49IZLba7/w7+jaE7XAH9:/OmWyHJX1FO/SLddDIr7U56jb+9

Entry address:

0x5C30

Entry point:

55, 8B, EC, 6A, FF, 68, 00, 90, 40, 00, 68, 6A, 5E, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, 90, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, F8, F8, 40, 00, 59, 83, 0D, E0, ED, 40, 00, FF, 83, 0D, F0, ED, 40, 00, FF, FF, 15, FC, F8, 40, 00, 8B, 0D, AC, ED, 40, 00, 89, 08, FF, 15, 00, F9, 40, 00, 8B, 0D, A8, ED, 40, 00, 89, 08, A1, 04, F9, 40, 00, 8B, 00, A3, D4, ED, 40, 00, E8, B8, 01, 00, 00, 39, 1D, 58, D5, 40, 00, 75, 0C, 68, 54, 5E, 40, 00, FF, 15, 38, F9... 
[+]

Entropy:

7.9168

Developed / compiled with:

Microsoft Visual C++

Code size:

36 KB (36,864 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

NetworkNotifyer

Command:

C:\users\{user}\downloads\crack.exe

The file crack.exe has been seen being distributed by the following URL.

http://20705631895140.allbanka.ru/16461558080518/abbyy-pdf-transformer-with-crack-free-download-hoot/.../?load=1

Remove crack.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.