If you find yourself installing and running cracks and keygens that you’re downloading over Limeware, stop what you’re doing. First, stop using cracks and pirated software. Secondly, nothing truly is for free.

Limewire users have been seeing various keygens offered over their P2P connections. Over the past few days, there have been multiple releases of AVG LICENSE KEY CRACK BY [SSG].ZIP, HALO KEYGEN BY [ZWT].ZIP, REALTEK AUDIO DRIVER CRACKED BY -=ROGUE=-.ZIP, and NERO 9 NO PATENT CRACK BY ZWT.ZIP. And surprise, surprise, all of these files come with a little treat inside, crack.exe. We’ve seen this sort of keygen package bundled with some severe malware in the past, and we continue to see downloaders and adware installed by this stuff.

Taking a quick look, we find that this dropper will disable the Windows Security Center and Firewall. It will then scan through the system32 directory, attempting to find a random dll name string to borrow from, and then select some digits from the system time to create its dropped dll name string, always ending with “32.dll”. For our ThreatExpert report, the malicious downloader file name created was “glu3232.dll”, and we can identify pieces of the code used to create a random portion of the name here:

and the concatenation of that semi-randomized string with “32.dll” here:

This entry was posted in Online Fraud. Bookmark the permalink.

2 Responses to Crack.exe

  1. BRADLEY says:

    even though my antivirus cant find this file i used ad watch to see registry changes it is allways changing in registry and using your internet! i found the file locked, then used the repair console function on os setup cd to remove the file glu3232.dll in dos since locked files dont lock in dos after that the internet was clear.

  2. BRADLEY says:

    ALSO FYI: i intentionally ran this file on a dummy pc to find its weakness, hey guys gotta have a hobby.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>