7f790f63573759d70880b5ef49397d3f

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2009-Jan-12 11:44:17
Detected languages English - United States

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ 8
Microsoft Visual C++ 8.0
MSVC++ v.8 (procedure 1 recognized - h)
Suspicious Strings found in the binary may indicate undesirable behavior: Contains another PE executable:
  • This program cannot be run in DOS mode.
Contains domain names:
  • hacks.de
  • mp-hacks.de
  • www.mp-hacks.de
Suspicious The PE is possibly packed. Unusual section name found: .modu
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Functions which can be used for anti-debugging purposes:
  • CreateToolhelp32Snapshot
Code injection capabilities:
  • WriteProcessMemory
  • CreateRemoteThread
  • VirtualAllocEx
  • OpenProcess
  • VirtualAlloc
Memory manipulation functions often used by packers:
  • VirtualProtectEx
  • VirtualAllocEx
  • VirtualAlloc
Manipulates other processes:
  • Process32Next
  • WriteProcessMemory
  • Process32First
  • OpenProcess
Malicious VirusTotal score: 35/71 (Scanned on 2020-06-27 07:56:16) FireEye: Generic.mg.7f790f63573759d7
Cylance: Unsafe
Zillya: Adware.BrowseFox.Win32.139956
SUPERAntiSpyware: Trojan.Agent/Gen-PWS
Sangfor: Malware
CrowdStrike: win/malicious_confidence_90% (W)
Alibaba: HackTool:Win32/Mmorpg.f200a48a
K7GW: Unwanted-Program ( 004ba41e1 )
K7AntiVirus: Unwanted-Program ( 004ba41e1 )
Invincea: heuristic
F-Prot: W32/Heuristic-KPP!Eldorado
Symantec: Trojan.Gen.2
APEX: Malicious
AegisLab: Riskware.Win32.Game.1!c
Sophos: Cheathappens (PUA)
Comodo: Malware@#3uirww886ef3s
VIPRE: Trojan.Win32.Generic!BT
TrendMicro: HKTL_GAMEHACK
Trapmine: malicious.high.ml.score
SentinelOne: DFI - Malicious PE
Jiangmin: Trojan.Generic.foya
Fortinet: Riskware/GameHack
Endgame: malicious (high confidence)
Cynet: Malicious (score: 100)
AhnLab-V3: Spyware/Win32.Gampass.C1115832
McAfee: RDN/PWS-Mmorpg.gen
MAX: malware (ai score=100)
VBA32: Trojan.Agent.12115
Malwarebytes: HackTool.Agent.AIM
ESET-NOD32: a variant of Win32/GameHack.BB potentially unsafe
TrendMicro-HouseCall: HKTL_GAMEHACK
Rising: Malware.Heuristic!ET#99% (CLOUD)
Yandex: Riskware.GameHack!TJ5BfqSNE7o
GData: Win32.Application.Agent.7VTR6Q
BitDefenderTheta: Gen:NN.ZexaF.34130.ruW@ayfHkmni

Hashes

MD5 7f790f63573759d70880b5ef49397d3f
SHA1 b20a5ec9943779b7834bbb4be834f0d0c1daf8d0
SHA256 7004127f9fddc7bc6f2ed76a579e2d2e4a6e190451f3a6c7d7433957b8c64286
SHA3 966a19f8e71499fec91ba44f18f6859c84260062f8a25614b249758d1d86261f
SSDeep 3072:DfVnFLFAMjGr4RjtWNcjm/gGvQyINWsHbGTh1iQHX1FVZMdPt/qg3Idht:XBAdoA+jmfcGSQtZ05qX7
Imports Hash a6e6f9cdd81c0d4c0d6ee4f96278eb59

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2009-Jan-12 11:44:17
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 8.0
SizeOfCode 0x14000
SizeOfInitializedData 0x8000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00005CA4 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x15000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x49000
SizeOfHeaders 0x1000
Checksum 0x24665
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 3ef564074d2d4912b38191f0d6476acc
SHA1 b1bbe174201acd7d2481b679df5bc50140404686
SHA256 dc2c7135f98698d5e9f428ffa22effe49fd44f043389b804598ac7ce5e7f9dc0
SHA3 1ac54530be7d589d24f542dfccc9209927565421c810f3fac0446d730319383c
VirtualSize 0x14000
VirtualAddress 0x1000
SizeOfRawData 0x14000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.52621

.rdata

MD5 fec1429dd199529938b8c5bb5ee55df6
SHA1 caa7e3aec567d872aa1e6abe16524ca1efc93b59
SHA256 3993cebc10d216524d9411e5889e2060ba403eb0d34480222d123348a3c4b644
SHA3 9c91372bf8fd788525ccb4d19bb4fce136b77a65ef038590d3b24bdac3299cfc
VirtualSize 0x5000
VirtualAddress 0x15000
SizeOfRawData 0x5000
PointerToRawData 0x15000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.65159

.data

MD5 6f1534964d3b620d5e9cf63951856797
SHA1 fbe771c164fac5d18a599b3e80d9496f93c3ba0e
SHA256 db78c5ad0de491bbab57ca263f7d9fd4b41a22685835d5dcd87c23526f4b500a
SHA3 144b815f848f6b5c5c6bf241328dbda3d441d7ba1ead0d558ab134315b108977
VirtualSize 0x4000
VirtualAddress 0x1a000
SizeOfRawData 0x2000
PointerToRawData 0x1a000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.13837

.rsrc

MD5 f18fdd6190f843e769fb92c0557a86cc
SHA1 4e97d0ddb294a92ae0fe4e31737a0732030d0bd6
SHA256 54cd0d5d561c21d86c12317ebc26388f941733fd7ea1191bc119e193da4109f0
SHA3 81974742462aff2f8ec598f70b24a12bd66e6c38ccc0de2ddb9aac1c2ce8583b
VirtualSize 0x1000
VirtualAddress 0x1e000
SizeOfRawData 0x1000
PointerToRawData 0x1c000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.05647

.modu

MD5 db673c492f4accd33ff39594148f2f67
SHA1 ab38ca30f6c8493d1152fd70eefda7528510fc3d
SHA256 05b3d9235212e906c7258baa8c77812cd25ec2f011be00ddf0e84b73c9504d4d
SHA3 878b3ece83aba0f6422395ea564a109af0e2ddc269165406ef9425335bdd4866
VirtualSize 0x2a000
VirtualAddress 0x1f000
SizeOfRawData 0x2a000
PointerToRawData 0x1d000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.30552

Imports

KERNEL32.dll GetFileSize
LoadLibraryA
CloseHandle
VirtualFreeEx
Process32Next
ReadFile
GetProcAddress
GetCompressedFileSizeA
WriteProcessMemory
CreateRemoteThread
CreateToolhelp32Snapshot
Process32First
GetFileAttributesA
VirtualProtectEx
VirtualAllocEx
WaitForSingleObject
OpenProcess
GetModuleFileNameA
Module32First
Module32Next
CreateFileA
GetModuleHandleA
GlobalFree
WriteFile
GlobalAlloc
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
RtlUnwind
RaiseException
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x56
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.65542
MD5 bd62b6f553a2d1d012cc53fc325221d2
SHA1 c5353cec27b30fb35e414dd5f3d0e9205aaf1c07
SHA256 388f75e900f0c15fd66249d7b2e7edf6e14eeefb859e6f766b75058e44f27af6
SHA3 b59854a353caba5e0be1002399bcb847b4dd99e37cff0c7967dd0d42c1eab089

Version Info

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x41a5a8
SEHandlerTable 0x417ca0
SEHandlerCount 39

RICH Header

Errors