Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2013-Jun-28 14:45:44 |
Detected languages |
English - United States
|
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains another PE executable:
|
Info | Cryptographic algorithms detected in the binary: | Uses known Mersenne Twister constants |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Malicious | The PE is possibly a dropper. |
Resource ARCHIVE is possibly compressed or encrypted.
Resource DECOMPRESSOR detected as a PE Executable. Resources amount for 99.2041% of the executable. |
Malicious | VirusTotal score: 36/67 (Scanned on 2023-03-25 11:25:53) |
AVG:
FileRepMalware
AhnLab-V3: Trojan/Win.Generic.C4968360 Antiy-AVL: HackTool[Hoax]/Win32.CheatEngine.a Avast: FileRepMalware CrowdStrike: win/grayware_confidence_90% (W) Cylance: unsafe Cynet: Malicious (score: 100) Cyren: W32/ABRisk.UKZE-5406 ESET-NOD32: a variant of Win32/HackTool.CheatEngine.AF potentially unsafe Elastic: malicious (high confidence) FireEye: Generic.mg.dfd4a16a38802b6e Fortinet: Riskware/CheatEngine GData: Win32.Riskware.Hacktool.D Google: Detected Ikarus: PUA.HackTool.Cheatengine K7AntiVirus: Unwanted-Program ( 004ba1a41 ) K7GW: Unwanted-Program ( 004ba1a41 ) Kaspersky: HEUR:Trojan-Dropper.Win32.Convagent.gen Kingsoft: Win32.Troj.Undef.(kcloud) Lionic: Trojan.Win64.Cobalt.tpMn Malwarebytes: Virut.Virus.FileInfector.DDS McAfee: PUP-IIH McAfee-GW-Edition: BehavesLike.Win32.Generic.vc Microsoft: Program:Win32/Uwamson.A!ml Rising: Trojan.Generic@AI.100 (RDML:5MZuA4NfJfg7xT/cO74umA) Sangfor: Hacktool.Win32.Cheatengine.Vc64 SentinelOne: Static AI - Malicious PE Sophos: Mal/Generic-S (PUA) Symantec: ML.Attribute.HighConfidence Trapmine: malicious.high.ml.score TrendMicro: TROJ_GEN.F0CBC0UCK23 TrendMicro-HouseCall: TROJ_GEN.F0CBC0UCK23 Webroot: W32.Hacktool.Gen Xcitium: Malware@#1ffdzhoj5oofp Yandex: HackTool.CheatEngine!h2lP7QG9eRI Zillya: Tool.CheatEngine.Win32.19608 |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2013-Jun-28 14:45:44 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 9.0 |
SizeOfCode | 0x8e00 |
SizeOfInitializedData | 0x68f400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000015EB (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0xa000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x69d000 |
SizeOfHeaders | 0x400 |
Checksum | 0x11163 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
SHLWAPI.dll |
PathAddBackslashA
PathStripPathA PathRemoveFileSpecA |
---|---|
KERNEL32.dll |
GetModuleFileNameA
FindResourceA GetModuleHandleA SizeofResource LoadResource GetTempPathA CreateDirectoryA DeleteFileA CreateFileA WriteFile CloseHandle CreateProcessA WaitForSingleObject RemoveDirectoryA FlushFileBuffers GetTempFileNameA GetCurrentThreadId GetCommandLineA GetStartupInfoA TerminateProcess GetCurrentProcess UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent GetModuleHandleW Sleep GetProcAddress ExitProcess GetStdHandle FreeEnvironmentStringsA GetEnvironmentStrings FreeEnvironmentStringsW WideCharToMultiByte GetLastError GetEnvironmentStringsW SetHandleCount GetFileType DeleteCriticalSection TlsGetValue TlsAlloc TlsSetValue TlsFree InterlockedIncrement SetLastError InterlockedDecrement HeapCreate VirtualFree HeapFree QueryPerformanceCounter GetTickCount GetCurrentProcessId GetSystemTimeAsFileTime SetFilePointer GetConsoleCP GetConsoleMode EnterCriticalSection LeaveCriticalSection GetCPInfo GetACP GetOEMCP IsValidCodePage LoadLibraryA InitializeCriticalSectionAndSpinCount HeapAlloc VirtualAlloc HeapReAlloc RtlUnwind SetStdHandle WriteConsoleA GetConsoleOutputCP WriteConsoleW MultiByteToWideChar LCMapStringA LCMapStringW GetStringTypeA GetStringTypeW GetLocaleInfoA HeapSize |
USER32.dll |
MessageBoxA
|
ADVAPI32.dll |
ConvertStringSecurityDescriptorToSecurityDescriptorA
|
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x40db60 |
SEHandlerTable | 0x40b550 |
SEHandlerCount | 3 |
XOR Key | 0xd73b8ed3 |
---|---|
Unmarked objects | 0 |
C++ objects (VS2008 build 21022) | 31 |
ASM objects (VS2008 build 21022) | 16 |
C objects (VS2008 build 21022) | 96 |
Imports (VS2012 build 50727 / VS2005 build 50727) | 9 |
Total imports | 99 |
138 (VS2008 build 21022) | 2 |
Linker (VS2008 build 21022) | 1 |
Resource objects (VS2008 build 21022) | 1 |