Multi-License Discount Quote

Change Region

English
Threat Database Cracks PUP.Crack.PC

PUP.Crack.PC

By CagedTech in Cracks, Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Crack.PC
Signature status: Hash Mismatch

Known Samples

MD5: d0c23073f7387333d10965c1f01e6a65
SHA1: 0026a4438e64570daaf577f88d08ba01f2411bc6
SHA256: DFB0AD0A1BB5F71B8E20223AD4267997C0638C4470033411B5501A270964F600
File Size: 8.59 MB, 8593872 bytes
MD5: 51478c80e6488f874794f511fddb432a
SHA1: e6661c85134dee014c725018de2cad89098b8e87
SHA256: 73C77287CE8C3EF02D741F95FA4E1B66DCBC5D6E0D136682A2FDB2988CC430CB
File Size: 7.32 MB, 7318480 bytes
MD5: 558895f062ec98577b2e329a62eec9d4
SHA1: d4092c62e5f4f90e3e49a556cf3fb022367e1c12
SHA256: 27A6797B6A93D328D12D0AC2D1987B724245EE9DB10A44D4EBC9BF0A169C83FB
File Size: 9.37 MB, 9374680 bytes
MD5: 5ef7e72c9536abad44fc5b1432d723d2
SHA1: af5cd48004fff7780f98639f3c4e3b8b23db36c1
SHA256: 1B36A51B91693822AB5DF1F135F52496D58327BB16825E573AA3631D09C32F5D
File Size: 7.34 MB, 7340032 bytes
MD5: c8cd91b515513107b5f6d80ecda71bae
SHA1: f0ee733743668f61fcd323177cde088f82c7608e
SHA256: EE68130EDE05B88E42555956EE298D379A8FA752FCF973A3DF0CA045B7903376
File Size: 8.59 MB, 8593872 bytes
Show More
MD5: d59c4387b19229fee2a1aeb7ae7a008c
SHA1: ea0303834ab1ab9c233875bdcb769cb6cb2a5236
SHA256: 8C7F868041D649D46238B31FF80DD1CC2961305D05D61B5FD1618707A112CA9E
File Size: 8.60 MB, 8596944 bytes
MD5: 492f5837e9d30cfba3240f174b0892f0
SHA1: 16f6015d1a659db66f6fe6cf8df49e82e4e47d2c
SHA256: F55E208BA7CF1C46E0C1138CF63010945CA41A59CC1FB1A919B9DB7B7BDC9BEE
File Size: 8.96 MB, 8958928 bytes
MD5: 49e285b47473636c0f4761782f9ed5c1
SHA1: 0cdb1b570a5f89c60c4091743810309b013dcc08
SHA256: 3FFD38EE6FEE1486A894DEF37512FF3D54CD15A025C20C703ABFC4F84A789635
File Size: 9.37 MB, 9373600 bytes
MD5: c0dc5450b0d04798fc05f223bdb6f760
SHA1: 956ea9a3c0b7adc08e269818545e58156abd9019
SHA256: E43D2947A0AE66A40910AD10D720B9A89FB2F6E0A245ABA0245CEFB9CDFAF6E7
File Size: 8.59 MB, 8593872 bytes
MD5: 4ee9dc9163955327115b5159463220a5
SHA1: ee9ac5bec9649f52a6e20d1572c43d32ef5e6ec1
SHA256: 88BDDC32147F187B7D05A740752935891D96A89C069D298C66903AD45BE4A21B
File Size: 7.89 MB, 7891928 bytes
MD5: 19ab67fc54116475a31713d7ae3f832a
SHA1: 3a1f3bf637237e71e7e50583bcbeedf9e9e4f126
SHA256: 1C510BC5CBF521E35215260853B5C94DC05BADECF51C4878EFDFC3BDC66DCEEE
File Size: 9.37 MB, 9373600 bytes
MD5: 328147a30fc6f0ba4af313b70f4f966b
SHA1: 300e4ee0d62bb52261c253363c25f0ff761b5923
SHA256: 5517BA17266A10A4FF4FA7F103F23AEEB71D2D1D63CF2AAEE9546C43A581BB3D
File Size: 8.41 MB, 8409768 bytes
MD5: d0d737763161c6ab64cdd635b9541b0e
SHA1: e6bd593e10c76ba6e43bdbb294d5910bfe04e8db
SHA256: 2325BF952D16D3CA38931F741CB252FD8CCDCE0B50C82902407ED1A82DBA0E1B
File Size: 8.31 MB, 8311520 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File has exports table
  • File has TLS information
  • File is 64-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • Adobe Systems Inc.
  • Adobe Systems Incorporated.
File Description
  • Acrobat Distiller
  • Acrobat Licensing Service
File Version
  • 23.8.20555.0
  • 23.8.20458.0
  • 23.8.20421.0
  • 23.6.20380.0
  • 23.3.20269.0
  • 23.3.20215.0
  • 23.1.20174.0
  • 22.3.20322.0
  • 22.3.20282.0
  • 22.3.20263.0
Show More
  • 22.2.20212.0
  • 21.11.20039.0
Internal Name
  • Acrobat Distiller
  • AcroTray
Legal Copyright
  • Copyright Adobe Systems Inc. 1984-2021
  • Copyright Adobe Systems Inc. 1984-2022
  • Copyright Adobe Systems Inc. 1984-2023
  • Copyright © Adobe Systems Inc. 1992-2023
Original Filename
  • acrodist.exe
  • AcroTray.exe
Product Name
  • AcroTray - Adobe Acrobat Distiller helper application.
  • Adobe Acrobat
Product Version
  • 23.8.20555.0
  • 23.8.20458.0
  • 23.8.20421.0
  • 23.6.20380.0
  • 23.3.20269.0
  • 23.3.20215.0
  • 23.1.20174.0
  • 22.3.20322.0
  • 22.3.20282.0
  • 22.3.20263.0
Show More
  • 22.2.20212.0
  • 21.11.20039.0

Digital Signatures

Signer Root Status
Adobe Inc. DigiCert EV Code Signing CA (SHA2) Hash Mismatch
Adobe Inc. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch

File Traits

  • CryptUnprotectData
  • dll
  • x64

Block Information

Total Blocks: 21,600
Potentially Malicious Blocks: 12,436
Whitelisted Blocks: 9,164
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x x 0 0 x x 0 0 x x x 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x 0 0 x x 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 1 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 1 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 1 0 x 0 x 0 0 0 0 0 x 0 x 0 0 x 0 x 0 x 0 0 x 0 0 x x 0 x x x 0 0 0 x 0 0 x 0 0 x 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 x x x 0 x x 0 0 0 0 x 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 1 0 x x 0 0 0 0 0 x x 0 x x x 0 0 0 x x x 0 x x 0 x 0 0 0 0 x x x 0 0 0 x x x 0 x x x 0 x x x 0 0 0 x x x x 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 1 0 0 0 1 0 0 1 0 0 0 x x x 0 0 x 0 0 x 0 0 0 x 0 0 0 0 x 0 x 0 0 x x 0 0 0 x 0 0 0 x x 0 0 0 0 x x 0 0 x 0 x 0 x 0 0 0 0 x 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 x 0 x x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 x x 0 0 x 0 x x x x 0 x 0 0 x 1 0 0 0 x 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x 0 x x x x x x 0 x x x x x x x 0 0 x x x 0 x x x x x 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x x 0 0 0 0 0 x 0 x x x x x x x 0 x x x x x x x x 0 x x x x x x 0 0 0 x x 0 0 x x x x 0 0 x x x 0 0 x x x x 0 x 0 x x x x 0 x 0 x x 0 x 0 0 x 0 x x x x 0 x 0 0 0 0 x x x x x x x 0 x 0 x 0 0 0 x x 0 0 x x x x x x 0 x 0 x x x x x x 0 x x x x x x x x 0 x x 0 x x x x x x x x x x 0 x x 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 x 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 x 0 0 0 0 0 0 x 0 x 0 0 x x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 x 0 x 0 0 0 0 0 x 0 0 x 0 0 0 x x x 0 0 x 0 0 0 0 0 x 1 0 0 0 0 0 0 0 x 0 x x x x x x x x x x 0 0 0 0 0 x x x x 0 0 0 0 x x x 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 x 0 0 0 x 0 x x x 0 0 0 0 0 x 0 0 x 0 x x 0 x x 0 x 0 x 0 0 0 0 x 0 x 0 0 0 0 x x x x x x x x x 0 x 0 x 0 x x x 0 x 0 0 0 x 0 x 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 x 0 0 x 0 x x x 0 0 x 0 0 x x x 0 0 0 0 0 0 0 0 0 x x 0 x 0 x x 0 0 x x 0 0 x x x 0 0 x 0 x x 0 0 x x 0 0 0 0 0 x x 0 0 x 0 x x x x x 0 0 0 x x x 0 0 0 0 0 0 x x 0 x 0 0 0 1 0 0 0 x 0 x 0 x 0 0 0 x 0 x x x x x x x 0 x x x 0 x 0 0 0 0 0 0 0 x x x x x x x x 0 x 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x x 0 0 0 x 0 0 x x x 0 0 x x 0 x 0 0 x 0 0 0 1 x x x 0 x x x 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 x 0 0 0 x x x x
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Crack.PC

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\users\user\appdata\local\temp\distngllog.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ngl Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\adobe\adobe acrobat\dc\adobeviewer::launched  RegNtPreCreateKey
HKLM\software\adobe\adobe acrobat\dc\adobeviewer::launched  RegNtPreCreateKey
HKCU\software\adobe\adobe acrobat\dc\adobeviewer::eulaacceptedforbrowser  RegNtPreCreateKey
HKLM\software\adobe\adobe acrobat\dc\adobeviewer::eulaacceptedforbrowser  RegNtPreCreateKey
HKCU\software\adobe\adobe acrobat\dc\aventitlement::sappentitlementstatus 低䅖啌E RegNtPreCreateKey
HKCU\software\adobe\adobe acrobat\dc\aventitlement::suseremail RegNtPreCreateKey
HKCU\software\adobe\adobe acrobat\dc\aventitlement::suserguid RegNtPreCreateKey
HKCU\software\adobe\adobe acrobat\dc\aventitlement::sdeviceid RegNtPreCreateKey
HKCU\software\adobe\adobe acrobat\dc\aventitlement::sproductversion 12.0 RegNtPreCreateKey
HKCU\software\adobe\adobe acrobat\dc\aventitlement::sproductname 摁扯⁥捁潲慢t RegNtPreCreateKey
Show More
HKCU\software\adobe\adobe acrobat\dc\aventitlement::sproductguid ACROBAT_GUID_NGL_DUMMY RegNtPreCreateKey
HKCU\software\adobe\adobe acrobat\dc\aventitlement::sproductguid ACRO_RESIDUE RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\ddfb16cd4931c973a2037d3fc83a4d7d775d05e4::blob RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\ddfb16cd4931c973a2037d3fc83a4d7d775d05e4::blob RegNtPreCreateKey
HKCU\software\adobe\adobe acrobat\dc\aventitlement::bisdatavalidforngl  RegNtPreCreateKey
HKCU\software\adobe\adobe acrobat\dc\aventitlement::ientitlementlevel  RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreateResourceReserve
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcQueryInformationMessage
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
Show More
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCompleteWnfStateSubscription
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationObject
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtTraceEvent
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnsubscribeWnfStateChange
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetComputerNameEx
  • GetUserNameEx
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
Network Winhttp
  • WinHttpConnect
  • WinHttpOpen
  • WinHttpOpenRequest

Trending

Most Viewed

Loading...