How to tell if a crack is legit

Guide

1. You need to download an EXE/COM file from the torrent. Ones with SCR files are BS (unless if it's a pirated screensaver)
2. If the file is small enough, upload it to VirusTotal. If it's a big name, it will say File distributed by X. (pro tip: you can upload in bulk to VT by zipping it up, let it upload and scan, and go to the Relations tab)
3. Then what you can do is download Strings and extract to where the file was.
4. Then download UPX, and extract upx.exe next to Strings
5. Open a CMD in to that folder (you can click the address bar and type cmd)
6. Run these commands:
7. upx -d "<setup.exe>"
8. strings "<setup.exe" | findstr UPX
9. strings "<setup.exe>" | findstr http
10. strings "<setup.exe>" | findstr BTC
11. strings "<setup.exe>" | findstr AES
12. strings "<setup.exe>" | findstr "ProductName"
13. where <setup.exe> is the name of the file.
14. The first command will attempt to extract the binary if it's compressed with UPX. This can raise suspicion if it was successful, since many malware will pack itself.
15. The 2nd command will check if it is indeed packed with UPX. If it failed and there is a UPX! string, it's most likely malware (or at least, a corrupted download)
16. The 3rd command will check if it contains http. If you see any weird URL, it's likely either ransomware or a stealer. However you can open them in incognito, and if you see an error like Method not allowed, it's likely a C2 server.
17. The 4th command will check if it contains BTC, which is common across ransomware.
18. The 5th command will check if it contains AES, which is also common across ransomware. But this can also raise a bunch of false positives.
19. The 6th command will check if it contains the product name, where ProductName should be replaced with the actual product name.