Ring Ø Labs DOES NOT advocate using any of the malware, techniques, or information presented here for harm and doing so may violate the law. These topics are for mitigation and educational purposes only. Read more about us here

Monday, July 24, 2017

GecisKodu CrackMe

GecisKodu.exe is a ‘Crack-Me’ written in Turkish. It poses no threat to the system.








RING Ø LABS
Malware Report


DETAILS

The purpose of this program is for the user to enter a correct key to solve the puzzle. In the cyber world this type of program is called a ‘Crack Me’. It is intended for users to practice reverse engineering or cracking software.

Incorrect input results in the following text:
Original: Yavas ol, once dusun sonra hareket et !!!
Translation: Be slow, think once and then move on !!!


Correct input results in:
Original: Tebrikler, dogru kodu girdiniz yolunuz acik olsun …
Translation: Congratulations, you have entered the correct code …


Solving the puzzle requires the following key:
Key: Fl4g_HSVI_1126



DETECTION


Due to the benign nature of this file, detection is unnecessary. However, if your organization classifies this type of activity under ‘potentially unwanted programs’, the following YARA signature will detect it:


rule GecisKodu{
strings:
$str1 = {54 65 62 72 69 6B 6C 65 72 2C 20 64 6F 67 72 75 20 6B 6F 64 75 20 67 69 72 64 69 6E 69 7A 20 79 6F 6C 75 6E 75 7A 20 61 63 69 6B 20 6F 6C 73 75 6E 20 2E 2E 2E}
condition:
all of them
}


CONCLUSION

GecisKodu.exe could be classified under ‘potentially unwanted programs’ due to its cracking affiliation, however, it poses no security risk to systems.


FILE DETAILS

Filename
GecisKodu.exe
Packer
None
Hash
a97be81ad69ea8656da07042b82a7339
Status
BENIGN
Sample
Sample Unavailable