dfd4a16a38802b6e92c874c7246e67ce

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2013-Jun-28 14:45:44
Detected languages English - United States

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Suspicious Strings found in the binary may indicate undesirable behavior: Contains another PE executable:
  • This program cannot be run in DOS mode.
 Miscellaneous malware strings:
  • virus
Info Cryptographic algorithms detected in the binary: Uses known Mersenne Twister constants
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
 Possibly launches other programs:
  • CreateProcessA
 Can create temporary files:
  • GetTempPathA
  • CreateFileA
Malicious The PE is possibly a dropper. Resource ARCHIVE is possibly compressed or encrypted.
Resource DECOMPRESSOR detected as a PE Executable.
Resources amount for 99.2041% of the executable.
Malicious VirusTotal score: 36/67 (Scanned on 2023-03-25 11:25:53) AVG: FileRepMalware
AhnLab-V3: Trojan/Win.Generic.C4968360
Antiy-AVL: HackTool[Hoax]/Win32.CheatEngine.a
Avast: FileRepMalware
CrowdStrike: win/grayware_confidence_90% (W)
Cylance: unsafe
Cynet: Malicious (score: 100)
Cyren: W32/ABRisk.UKZE-5406
ESET-NOD32: a variant of Win32/HackTool.CheatEngine.AF potentially unsafe
Elastic: malicious (high confidence)
FireEye: Generic.mg.dfd4a16a38802b6e
Fortinet: Riskware/CheatEngine
GData: Win32.Riskware.Hacktool.D
Google: Detected
Ikarus: PUA.HackTool.Cheatengine
K7AntiVirus: Unwanted-Program ( 004ba1a41 )
K7GW: Unwanted-Program ( 004ba1a41 )
Kaspersky: HEUR:Trojan-Dropper.Win32.Convagent.gen
Kingsoft: Win32.Troj.Undef.(kcloud)
Lionic: Trojan.Win64.Cobalt.tpMn
Malwarebytes: Virut.Virus.FileInfector.DDS
McAfee: PUP-IIH
McAfee-GW-Edition: BehavesLike.Win32.Generic.vc
Microsoft: Program:Win32/Uwamson.A!ml
Rising: Trojan.Generic@AI.100 (RDML:5MZuA4NfJfg7xT/cO74umA)
Sangfor: Hacktool.Win32.Cheatengine.Vc64
SentinelOne: Static AI - Malicious PE
Sophos: Mal/Generic-S (PUA)
Symantec: ML.Attribute.HighConfidence
Trapmine: malicious.high.ml.score
TrendMicro: TROJ_GEN.F0CBC0UCK23
TrendMicro-HouseCall: TROJ_GEN.F0CBC0UCK23
Webroot: W32.Hacktool.Gen
Xcitium: Malware@#1ffdzhoj5oofp
Yandex: HackTool.CheatEngine!h2lP7QG9eRI
Zillya: Tool.CheatEngine.Win32.19608

Hashes

MD5 dfd4a16a38802b6e92c874c7246e67ce
SHA1 a0a779eeab5db4fcb4ee77f41a7fcf7a4b516a60
SHA256 59679cd77ce29b0ea0a83e8c1dbae8baec21949060b6c78b4bb83fc37479ef1d
SHA3 3c2bf58ff438d93f07b596846e0a57d69bbb8a9ed8ce97cdb586867a150915cf
SSDeep 196608:5puheFNKdOWhctc3bbyruC22667C32kn/WkB:5puYFNohcW3bOaC2266eP/HB
Imports Hash 8d92fa1956a6a631c642190121740197

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2013-Jun-28 14:45:44
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 9.0
SizeOfCode 0x8e00
SizeOfInitializedData 0x68f400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000015EB (Section: .text)
BaseOfCode 0x1000
BaseOfData 0xa000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x69d000
SizeOfHeaders 0x400
Checksum 0x11163
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 40b6c3ad804db9bc09242ade61fb6ea3
SHA1 19c269f7859f50a7ec90df4637ebd448d9256893
SHA256 bfc577c4b1e79be13461642e8f12bae2d8a8b172ec4ddc285e46c6eee2e8d14b
SHA3 b4d3ea20bb6bba895183f6ae88b849f90e8913fff3e30c0292295c72565f1e00
VirtualSize 0x8d54
VirtualAddress 0x1000
SizeOfRawData 0x8e00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.56215

.rdata

MD5 33d023d2d6213e1f615883e5e3160e76
SHA1 42495099f48591f1a8efbba21c576c97f0f82aff
SHA256 36c989b74abd069ce8b310806e897d309f7040e4c58dd32d8af1b73d9ba87b2c
SHA3 38b506b37ac219d3dca849823a8de2ccd3bbaa02d179778dd6ea54937cdb8b3d
VirtualSize 0x2114
VirtualAddress 0xa000
SizeOfRawData 0x2200
PointerToRawData 0x9200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.44357

.data

MD5 3254d8738887635ac7c58c51f4e91adf
SHA1 358ba73f2f73183dc0bb1e36bcd5531cb4afb52a
SHA256 b7c82c609946c4510f84c3fc78fdb5005cb52d289aebb5cccf25d72ec0c243d9
SHA3 8a9f4a20d88b19dbc56d5a8d10c90d519831cd4e636c1c777f1d5581d44abb40
VirtualSize 0x2adc
VirtualAddress 0xd000
SizeOfRawData 0x1000
PointerToRawData 0xb400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.1026

.rsrc

MD5 894f61cab2fc0d497bfd7f2b2dd149d6
SHA1 88b1a44d0e51b9a9787808108d6fd0b26c1a1ccb
SHA256 25d6a221419f17b689b2b9eb85c91a2582ec29adae638df0cabcca985baec837
SHA3 e5e4ddee6ba54cf787c05e0ab96eb21a4d36e3c213f69326409ce6b30c73f956
VirtualSize 0x68b090
VirtualAddress 0x10000
SizeOfRawData 0x68b200
PointerToRawData 0xc400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.95548

.reloc

MD5 65aac020a14aa9271485b36b38ac2718
SHA1 5623197bb662e9e89cfc1745ab5e5ee18b7cf2df
SHA256 1d3b7708419789a013f22609c85194943b07e823ee6a865a3f9f9ce43fe30597
SHA3 66c06a8e28937246e4054bbd03026b02fb5e70aa366a87d29dec4855bd7a27b7
VirtualSize 0xeea
VirtualAddress 0x69c000
SizeOfRawData 0x1000
PointerToRawData 0x697600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.32883

Imports

SHLWAPI.dll PathAddBackslashA
PathStripPathA
PathRemoveFileSpecA
KERNEL32.dll GetModuleFileNameA
FindResourceA
GetModuleHandleA
SizeofResource
LoadResource
GetTempPathA
CreateDirectoryA
DeleteFileA
CreateFileA
WriteFile
CloseHandle
CreateProcessA
WaitForSingleObject
RemoveDirectoryA
FlushFileBuffers
GetTempFileNameA
GetCurrentThreadId
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
USER32.dll MessageBoxA
ADVAPI32.dll ConvertStringSecurityDescriptorToSecurityDescriptorA

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x348e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.48403
MD5 a18dffee6a436892558022576be4d14a
SHA1 b10e593f34af21b72db57e9472167bbfc90768aa
SHA256 d70334dcf864e7173455e54e1e235f45fcc5c4a4ee5d2dab6ba59e4300bf9bfc
SHA3 6110f37ce46b39695f213e64157f8b158e76bd2df9aa02ce1440b3a601cf6c95

ARCHIVE

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x625e9a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.99372
MD5 1a2205adf01f243f41c1e5a0dac6bcfa
SHA1 93fc2c8c254e8b6b38372d6ceb5d5fe68648cef2
SHA256 986d6f8eed035821494248163f9f7a1ae680544c179ebdc532aee11179580985
SHA3 4bffc8871d6abf942bd88950b3b5da4f2769d0ec5de37ba83d775f58bf6f5bbb

DECOMPRESSOR

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2f600
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.11488
Detected Filetype PE Executable
MD5 a65c29111a4cf5a7fdd5a9d79f77bcab
SHA1 c0c59b1f792c975558c33a3b7cf0d94adc636660
SHA256 dab3003436b6861ae220cc5fdcb97970fc05afdf114c2f91e46eed627ce3d6af
SHA3 e4e1436cfab72b94daf67a44913cfa7f114e226acae1792f1f262cf82e87e372

101

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x1016
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0.0621945
Detected Filetype Icon file
MD5 94265e286ef417e47d82c323add69d14
SHA1 3d2fcd9b902fcc2b0a8b0b4765f8a02d810910fa
SHA256 bec71e027a43bc9ac79cb2ebef12a864a063c11891041283cb1563a26cd3be7f
SHA3 5e0be4e3561a084f2c4e3604bf3c243379bb830968ee8e5a20a8b289cb35d260

1 (#2)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x165
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.77792
MD5 b9b507d6297b2d514477db4ae0d55ea6
SHA1 e8c4b4e815c1788b3bab96fc44560d7282282fe1
SHA256 ec5d04c8ef3fe0e571c8e604bf146b393108cee11f1ad3d665b7501ec20d37d0
SHA3 85e8c59b71094f3ffe0990fe28a56df78d58756dc3a423284dff50f92ed7fa6f

Version Info

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x40db60
SEHandlerTable 0x40b550
SEHandlerCount 3

RICH Header

XOR Key 0xd73b8ed3
Unmarked objects 0
C++ objects (VS2008 build 21022) 31
ASM objects (VS2008 build 21022) 16
C objects (VS2008 build 21022) 96
Imports (VS2012 build 50727 / VS2005 build 50727) 9
Total imports 99
138 (VS2008 build 21022) 2
Linker (VS2008 build 21022) 1
Resource objects (VS2008 build 21022) 1

Errors

<-- -->