GecisKodu CrackMe

malware analysis crackme
GecisKodu.exe is a ‘Crack-Me’ written in Turkish. It poses no threat to the system.
Filename
GecisKodu.exe
MD5
a97be81ad69ea8656da07042b82a7339
Sample
None
Video
None

DETAILS

The purpose of this program is for the user to enter a correct key to solve the puzzle. In the cyber world this type of program is called a ‘Crack Me’. It is intended for users to practice reverse engineering or cracking software. 


Incorrect
input results in the following text:
Original: Yavas ol, once dusun sonra hareket et !!!
Translation: Be slow, think once and then move on !!!

Correct
input results in:
Original: Tebrikler, dogru kodu girdiniz yolunuz acik olsun …
Translation: Congratulations, you have entered the correct code …

Solving
the puzzle requires the following key:
Key: Fl4g_HSVI_1126


DETECTION

Due to the benign nature of this file, detection is unnecessary. However, if your organization classifies this type of activity under ‘potentially unwanted programs’, the following YARA signature will detect it:

rule GecisKodu{
strings:
$str1 = {54 65 62 72 69 6B 6C 65 72 2C 20 64 6F 67 72 75 20 6B 6F 64 75 20 67 69 72 64 69 6E 69 7A 20 79 6F 6C 75 6E 75 7A 20 61 63 69 6B 20 6F 6C 73 75 6E 20 2E 2E 2E}
condition:
all of them
}


CONCLUSION

GecisKodu.exe could be classified under ‘potentially unwanted programs’ due to its cracking affiliation, however, it poses no security risk to systems.