Multi-License Discount Quote

Change Region

English
Threat Database Cracks PUP.Crack.KB

PUP.Crack.KB

By CagedTech in Cracks, Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Crack.KB
Signature status: Hash Mismatch

Known Samples

MD5: 5a7d4c08f60c8673a40ed59f2735b58d
SHA1: bb7cb89109bba6160115efee8d0bbc4cecbb08c0
SHA256: 7EE2C000166735FD9ECCBAA0ABEDDBA984633B35D3C678838B9E71BD388CF008
File Size: 958.65 KB, 958648 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File is 64-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name MAXON Computer GmbH
File Description Cinema 4D
File Version 1.0.0.1
Internal Name Cinema 4D
Legal Copyright MAXON Computer GmbH. All rights reserved.
Original Filename Cinema 4D.exe
Product Name Cinema 4D
Product Version 1.0.0.1

Digital Signatures

Signer Root Status
Maxon Computer GmbH Maxon Computer GmbH Hash Mismatch

File Traits

  • fptable
  • x64

Block Information

Total Blocks: 1,426
Potentially Malicious Blocks: 13
Whitelisted Blocks: 1,412
Unknown Blocks: 1

Visual Map

0 0 0 ? x x x x x x x x 0 x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 2 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\program files\maxon cinema 4d 2024\c4dpy.exe.local Synchronize,Write Attributes
c:\program files\maxon cinema 4d 2024\c4dpy.exe.local\wintrust.dll Generic Write,Read Attributes
c:\program files\maxon cinema 4d 2024\cinema 4d team render client.exe.local Synchronize,Write Attributes
c:\program files\maxon cinema 4d 2024\cinema 4d team render client.exe.local\wintrust.dll Generic Write,Read Attributes
c:\program files\maxon cinema 4d 2024\cinema 4d team render server.exe.local Synchronize,Write Attributes
c:\program files\maxon cinema 4d 2024\cinema 4d team render server.exe.local\wintrust.dll Generic Write,Read Attributes
c:\program files\maxon cinema 4d 2024\cinema 4d.exe.local Synchronize,Write Attributes
c:\program files\maxon cinema 4d 2024\cinema 4d.exe.local\wintrust.dll Generic Write,Read Attributes
c:\program files\maxon cinema 4d 2024\commandline.exe.local Synchronize,Write Attributes
c:\program files\maxon cinema 4d 2024\commandline.exe.local\wintrust.dll Generic Write,Read Attributes
Show More
c:\program files\maxon cinema 4d 2025\c4dpy.exe.local Synchronize,Write Attributes
c:\program files\maxon cinema 4d 2025\c4dpy.exe.local\wintrust.dll Generic Write,Read Attributes
c:\program files\maxon cinema 4d 2025\cinema 4d team render client.exe.local Synchronize,Write Attributes
c:\program files\maxon cinema 4d 2025\cinema 4d team render client.exe.local\wintrust.dll Generic Write,Read Attributes
c:\program files\maxon cinema 4d 2025\cinema 4d team render server.exe.local Synchronize,Write Attributes
c:\program files\maxon cinema 4d 2025\cinema 4d team render server.exe.local\wintrust.dll Generic Write,Read Attributes
c:\program files\maxon cinema 4d 2025\cinema 4d.exe.local Synchronize,Write Attributes
c:\program files\maxon cinema 4d 2025\cinema 4d.exe.local\wintrust.dll Generic Write,Read Attributes
c:\program files\maxon cinema 4d 2025\commandline.exe.local Synchronize,Write Attributes
c:\program files\maxon cinema 4d 2025\commandline.exe.local\wintrust.dll Generic Write,Read Attributes
c:\program files\maxon cinema 4d 2026\c4dpy.exe.local Synchronize,Write Attributes
c:\program files\maxon cinema 4d 2026\c4dpy.exe.local\wintrust.dll Generic Write,Read Attributes
c:\program files\maxon cinema 4d 2026\cinema 4d team render client.exe.local Synchronize,Write Attributes
c:\program files\maxon cinema 4d 2026\cinema 4d team render client.exe.local\wintrust.dll Generic Write,Read Attributes
c:\programdata\maxon\rlm\maxon.lic Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\environment::redshift_license C:\ProgramData\Maxon\RLM\Maxon.lic RegNtPreCreateKey
HKLM\system\controlset001\control\session manager\environment::redshift_license C:\ProgramData\Maxon\RLM\Maxon.lic RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\image file execution options::devoverrideenable  RegNtPreCreateKey
HKLM\system\controlset001\control\ci\policy::bootupgradedsystem  RegNtPreCreateKey
HKLM\system\controlset001\control\ci\policy::upgradedsystem  RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 恢ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ໌ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ᾜǜ RegNtPreCreateKey
Show More
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 浊ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ᮣǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 栞ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ᜰǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 옰ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 㩲ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ⑅ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ຼǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 䕛ǜ RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheckByType
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcAcceptConnectPort
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePort
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
Show More
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCompareSigningLevels
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer
  • ntdll.dll!NtDelayExecution
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCachedSigningLevel
  • ntdll.dll!NtImpersonateAnonymousToken
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationObject
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSetTimerEx
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTerminateProcess
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Service Control
  • OpenSCManager
  • OpenService
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
  • WriteConsole
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Other Suspicious
  • AdjustTokenPrivileges
Process Terminate
  • TerminateProcess

Shell Command Execution

taskkill /F /IM "MxNotify.exe"
WriteConsole: ERROR: The proce
taskkill /F /IM "Maxon.exe"
WriteConsole: ERROR: The proce
attrib -H -S "C:\Program Files\Maxon Cinema 4D 2024\c4dpy.exe.local" /D /S
Show More
WriteConsole: Path not found -
WriteConsole: Cinema 4D 2024
rmdir /S /Q "C:\Program Files\Maxon Cinema 4D 2024\c4dpy.exe.local"
attrib -H -S "C:\Program Files\Maxon Cinema 4D 2024\Cinema 4D Team Render Client.exe.local" /D /S
WriteConsole: Path not found -
WriteConsole: Cinema 4D 2024
rmdir /S /Q "C:\Program Files\Maxon Cinema 4D 2024\Cinema 4D Team Render Client.exe.local"
attrib -H -S "C:\Program Files\Maxon Cinema 4D 2024\Cinema 4D Team Render Server.exe.local" /D /S
WriteConsole: Path not found -
WriteConsole: Cinema 4D 2024
rmdir /S /Q "C:\Program Files\Maxon Cinema 4D 2024\Cinema 4D Team Render Server.exe.local"
attrib -H -S "C:\Program Files\Maxon Cinema 4D 2024\Cinema 4D.exe.local" /D /S
WriteConsole: Path not found -
WriteConsole: Cinema 4D 2024
rmdir /S /Q "C:\Program Files\Maxon Cinema 4D 2024\Cinema 4D.exe.local"
attrib -H -S "C:\Program Files\Maxon Cinema 4D 2024\Commandline.exe.local" /D /S
WriteConsole: Path not found -
WriteConsole: Cinema 4D 2024
rmdir /S /Q "C:\Program Files\Maxon Cinema 4D 2024\Commandline.exe.local"
attrib -H -S "C:\Program Files\Maxon Cinema 4D 2025\c4dpy.exe.local" /D /S
WriteConsole: Path not found -
WriteConsole: Cinema 4D 2025
rmdir /S /Q "C:\Program Files\Maxon Cinema 4D 2025\c4dpy.exe.local"
attrib -H -S "C:\Program Files\Maxon Cinema 4D 2025\Cinema 4D Team Render Client.exe.local" /D /S
WriteConsole: Path not found -
WriteConsole: Cinema 4D 2025
rmdir /S /Q "C:\Program Files\Maxon Cinema 4D 2025\Cinema 4D Team Render Client.exe.local"
attrib -H -S "C:\Program Files\Maxon Cinema 4D 2025\Cinema 4D Team Render Server.exe.local" /D /S
WriteConsole: Path not found -
WriteConsole: Cinema 4D 2025
rmdir /S /Q "C:\Program Files\Maxon Cinema 4D 2025\Cinema 4D Team Render Server.exe.local"
attrib -H -S "C:\Program Files\Maxon Cinema 4D 2025\Cinema 4D.exe.local" /D /S
WriteConsole: Path not found -
WriteConsole: Cinema 4D 2025
rmdir /S /Q "C:\Program Files\Maxon Cinema 4D 2025\Cinema 4D.exe.local"
attrib -H -S "C:\Program Files\Maxon Cinema 4D 2025\Commandline.exe.local" /D /S
WriteConsole: Path not found -
WriteConsole: Cinema 4D 2025
rmdir /S /Q "C:\Program Files\Maxon Cinema 4D 2025\Commandline.exe.local"
attrib -H -S "C:\Program Files\Maxon Cinema 4D 2026\c4dpy.exe.local" /D /S
WriteConsole: Path not found -
WriteConsole: Cinema 4D 2026
rmdir /S /Q "C:\Program Files\Maxon Cinema 4D 2026\c4dpy.exe.local"
attrib -H -S "C:\Program Files\Maxon Cinema 4D 2026\Cinema 4D Team Render Client.exe.local" /D /S
WriteConsole: Path not found -
WriteConsole: Cinema 4D 2026
rmdir /S /Q "C:\Program Files\Maxon Cinema 4D 2026\Cinema 4D Team Render Client.exe.local"
attrib -H -S "C:\Program Files\Maxon Cinema 4D 2026\Cinema 4D Team Render Server.exe.local" /D /S

Trending

Most Viewed

Loading...