January 24, 2023
How to tell if a crack is legit
- You need to download an EXE/COM file from the torrent. Ones with SCR files are BS (unless if it's a pirated screensaver)
- If the file is small enough, upload it to VirusTotal. If it's a big name, it will say
File distributed by X. (pro tip: you can upload in bulk to VT by zipping it up, let it upload and scan, and go to the Relations tab) - Then what you can do is download Strings and extract to where the file was.
- Then download UPX, and extract
upx.exenext to Strings - Open a CMD in to that folder (you can click the address bar and type
cmd) - Run these commands:
upx -d "<setup.exe>"strings "<setup.exe" | findstr UPXstrings "<setup.exe>" | findstr httpstrings "<setup.exe>" | findstr BTCstrings "<setup.exe>" | findstr AESstrings "<setup.exe>" | findstr "ProductName"- where
<setup.exe>is the name of the file. - The first command will attempt to extract the binary if it's compressed with UPX. This can raise suspicion if it was successful, since many malware will pack itself.
- The 2nd command will check if it is indeed packed with UPX. If it failed and there is a
UPX!string, it's most likely malware (or at least, a corrupted download) - The 3rd command will check if it contains
http. If you see any weird URL, it's likely either ransomware or a stealer. However you can open them in incognito, and if you see an error like Method not allowed, it's likely a C2 server. - The 4th command will check if it contains
BTC, which is common across ransomware. - The 5th command will check if it contains
AES, which is also common across ransomware. But this can also raise a bunch of false positives. - The 6th command will check if it contains the product name, where
ProductNameshould be replaced with the actual product name.