01001101 01000001 01001100 01010111 01000001 01010010 01000101

x86 Assembly

push    ebp
mov     ebp, esp
sub     esp, 0x28
call    GetModuleHandleA
xor     eax, eax
push    0x6C6C642E
call    LoadLibraryA
mov     [ebp-0x4], eax

Binary

4D 5A 90 00 03 00 00 00
04 00 00 00 FF FF 00 00
B8 00 00 00 00 00 00 00
40 00 00 00 00 00 00 00
50 45 00 00 4C 01 03 00
E8 00 00 00 00 83 C4 04

C++ Malware

#include <windows.h>

void inject(HANDLE hProc) {
    LPVOID addr = VirtualAllocEx(
        hProc, NULL, 0x1000,
        MEM_COMMIT, PAGE_RWX
    );
    WriteProcessMemory(hProc,
        addr, shellcode, len, NULL);
}

CRACKED

Malware Analysis Research Platform

Hacking Minds, Not Just Malware.
CRACKMALWARE.

A research platform for malware analysis, reverse engineering, and technical documentation. For verified analysts only.

Explore Research Become an Analyst

CVE Intelligence

Latest malware-related vulnerabilities

Live Feed

Updated hourly

CVE-2026-2558
Medium
A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/net_handler.go. This manipulation of the argument url causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVE-2026-2557
Medium
A vulnerability was detected in cskefu up to 8.0.1. Impacted is the function Upload of the file com/cskefu/cc/controller/resource/MediaController.java of the component File Upload. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-2556
Medium
A security vulnerability has been detected in cskefu up to 8.0.1. This issue affects some unknown processing of the file com/cskefu/cc/controller/resource/MediaController.java of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-15577
High
An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older.

Featured Research

Top analyses from verified analysts

laz

Malvertising Through “Audio Tools”: A Technical Analysis of a Stealer Campaign Delivered via Fake Voice Software

This article documents a real-world investigation into a malware distribution campaign masquerading as legitimate audio-enhancement software. The campaign leverages social engineering on Discord, professionally designed websites, and Electron-based loaders to deploy a modular information stealer. The analysis covers initial contact, infrastructure abuse, static and behavioral indicators, configuration artifacts, command-and-control (C2) logic, and underground commercialization. All sensitive actor identifiers have been intentionally redacted to comply with responsible disclosure and publication standards.

226 5

View All Research

What is Crackmalware?

Deep Analysis

Publish detailed technical malware analyses with code, disassembly, and behavioral data.

Verified Analysts

Only verified researchers can publish. Quality over quantity, always.

Reputation System

Build your reputation through peer review, likes, and quality contributions.

Hacking Minds, Not Just Malware. CRACKMALWARE.