5
Sometime you have been told to whitelist the file to run the crack, it is false positive. Why some AV is detecting such virus "is containing virus"?
I know some of the crack is a fake file to crash you computer or stealing some private information, but most of them is able to making the software running in full version.
I tried to run the crack in sandbox and or use some online service like FireAMP to analyze what file, registry are created but usually there is nothing suspicious.
I think I shouldn't upload any crack sample here, but I bet if you know the answer of this question you should know where to download some sample, by the way here some of the VirusTotal scan report: Link1, Link2, Link3
Edit: I can see there is someone is voting to close this question for reason "primarily opinion-based", but this is totally not primarily opinion-based. After looking at the suggested answer, the reason is "make their target not work as intended".
2+1 for the answer, a good reason "make their target not work as intended." is equal to malware. – Bilo – 2016-07-04T17:58:23.883
10And as a beautiful testament to theft, some of them do actually contain exploits, because, well criminals like exploiting criminals because there's often no legal consequences. – Fiasco Labs – 2016-07-04T18:11:50.233
@FiascoLabs yep. I figured I didn't need to explain that, though, since OP said they knew that. – TheWanderer – 2016-07-04T18:12:37.467
Agreed with the post, with the mention that many cracked games actually perform better from a performance perspective due to the current excessive spamcode contained in the original files. Securom was a total failure and original games did not work for legit buyers and nowdays the current protection drastically affects the performance of games. Perhaps the developers should make quality products instead of investing in something that works against legit users. – Overmind – 2016-07-05T08:05:32.313
4I don't think this answer is correct. That same logic would apply to firewalls and antivirus software as well, and they are not detected as malware. (After all, antivirus software makes malware not work as intended.) Also, that's just not the definition of malware -- malware is software that does harm to the users or owners of a system. – David Schwartz – 2016-07-05T08:27:40.430
@DavidSchwartz In an objective sense, crack software does harm the system. It literally breaks functionality in the program or operating system so that the validation component no longer works. It may be good for whoever doesn't want to pay $500 for PhotoShop, but it isn't good for Adobe. I don't agree with the firewall point. That doesn't actually change anything. It just blocks traffic. And I guess AV could be thought of as malware with the definition my tired brain decided on, but it isn't, since it has the user and the overall performance of the host in mind. – TheWanderer – 2016-07-05T11:21:14.637
The firewall prevents whatever program's traffic it blocks from working as intended. But, in any event, that isn't the definition of malware. Malware isn't software that does harm to programs -- antivirus does that and it's not malware -- malware is software that harms users and owners. It includes ransomware, spyware, viruses, worms, trojans, and so on. (You can confirm this with literally dozens of sources by punching "malware" into your favorite search engine.) – David Schwartz – 2016-07-05T11:23:37.457
@DavidSchwartz OK. I'll take that. But I think the answer still stands with that definition. Because, if the program no longer works as it should, because of an untrusted, unsigned program, it has a high potential of causing harm to the user. Even if it doesn't end up doing so, I don't think the AV can tell. – TheWanderer – 2016-07-05T11:25:59.180
@Zacharee1 Yes, that's the point. Not triggering on such programs is all downside and no upside. – David Schwartz – 2016-07-05T11:26:34.223