CheatEngine75.exe
First submission 2024-09-03 00:20:02
Last sumbission 2024-09-03 00:30:02
File details
File type: | PE32 executable (GUI) Intel 80386, for MS Windows |
Mime type: | application/x-dosexec |
File size: | 3150.53 KB (3226144 bytes) |
Compile time: | 2020-11-15 10:48:30 |
MD5: | 609fea742d34dc1d53f0eeb4873b1a0a |
SHA1: | 3232c52da3cb8f47a870162a35cdd75fcae60aea |
SHA256: | e2e15826b69778e381f25ac8f2b109a377b23f7cf79b5f482e81f4d28c30f95e |
Import Hash : | 5a594319a0d69dbc452e748bcf05892e |
Sections 10 | .text .itext .data .bss .idata .didata .edata .tls .rdata .rsrc |
Directories 5 | import export resource tls security |
File features detected
Anti VM
XOR
OSINT Enrichments
Virus Total: | 37/79 VT report date: 2024-09-03 00:18:19 |
Malware Type 3 | adware trojan downloader |
Threat Type 2 | offercore bundler |
URLs, FQDN and IP indicators 2
PE Sections 2 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x1000 | 0xb361c | 735232 | 595ad8ee618b5410e614c2425157fa1a449ec611 | ad6e46e3a3acdb533eb6a077f6d065af | |
.itext | 0xb5000 | 0x1688 | 6144 | 83d77b6dc9d041cc5db064da4cae1e287a80b9e6 | d40fc822339d01f2abcc5493ac101c94 | |
.data | 0xb7000 | 0x37a4 | 14336 | 38d782fd98f596f5bf4963b930f946cf7fc96162 | 4c195d5591f6d61265df08a3733de3a2 | |
.bss | 0xbb000 | 0x6de8 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
.idata | 0xc2000 | 0xf36 | 4096 | 42030ea2f06f38d5495913b418e993992e512417 | a73d686f1e8b9bb06ec767721135e397 | |
.didata | 0xc3000 | 0x1a4 | 512 | 051c6d0acda9716869fbc453e27230d2b36d9e8f | 41b8ce23dd243d14beebc71771885c89 | |
.edata | 0xc4000 | 0x9a | 512 | 8aab4ebcf9c4a3faf3fc872d96709460d6bf6378 | 37c1a5c63717831863e018c0f51dabb7 | |
.tls | 0xc5000 | 0x18 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
.rdata | 0xc6000 | 0x5d | 512 | 735078338d2c5f1b3f162ce296611076a9ddcf02 | 8f2f090acd9622c88a6a852e72f94e96 | |
.rsrc | 0xc7000 | 0x4800 | 18432 | 80f4607fd5b746b68dd46b627c42484c7705361e | 1d7abcba64850925541eff3ccead3f16 |
PE Resources 6
Name | Language | Sublanguage | Offset | Size | Data |
---|---|---|---|---|---|
RT_ICON | LANG_DUTCH | SUBLANG_DUTCH | 0xc7e40 | 2216 | |
RT_STRING | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0xca3ac | 676 | |
RT_RCDATA | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0xca924 | 44 | |
RT_GROUP_ICON | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0xca950 | 62 | |
RT_VERSION | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0xca990 | 1412 | |
RT_MANIFEST | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0xcaf14 | 1830 |
Meta infos 9
LegalCopyright: | \xa9 EngineGame |
OriginalFileName: | |
FileVersion: | 7.5.0 |
CompanyName: | |
ProductVersion: | 7.5.0 |
FileDescription: | EngineGame Installer |
Translation: | 0x0000 0x04b0 |
Comments: | This installation was built with Inno Setup. |
ProductName: | EngineGame |
Packers detected 2
Borland Delphi 3.0 (???) |
Borland Delphi 4.0 |
Anti debug functions 3
GetLastError |
RaiseException |
UnhandledExceptionFilter |
File signature
MD5 | SHA1 | Block size | Virtual Address |
---|---|---|---|
e2b0532fc9915122a9be125b34ac3510 | 8aeb1314a2e2a3d7c8de96053428d694e1773da0 | 5496 | 3220648 |
Strings analysis - File found
Library |
botva2.dll |
USERENV.dll |
ntmarta.dll |
comres.dll |
propsys.dll |
KERNEL32.dll |
OLEAUT32.dll |
cryptbase.dll |
UxTheme.dll |
OLEACC.dll |
profapi.dll |
VERSION.dll |
dwmapi.dll |
apphelp.dll |
ntdll.dll |
clbcatq.dll |
SHELL32.dll |
SETUPAPI.dll |
NETAPI32.dll |
USER32.dll |
COMCTL32.dll |
ADVAPI32.dll |
GDI32.dll |
Strings analysis - Possible IPs found 1
0.9.7.151 |
Strings analysis - Possible URLs found 10
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0 |
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0# |
http://ocsp.comodoca.com0 |
https://sectigo.com/CPS0 |
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y |
http://crl.comodoca.com/AAACertificateServices.crl04 |
http://ocsp.sectigo.com0 |
http://schemas.microsoft.com/SMI/2005/WindowsSettings |
https://jrsoftware.org/ishelp/index.php?topic=setupcmdline |
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0# |
Import functions
PE Exports 3 suspicious
Function | Address |
---|---|
TMethodImplementationIntercept | 0x454060 |
__dbk_fcall_wrapper | 0x40d0a0 |
dbkFCallWrapperAddr | 0x4be63c |
Name | Latest seen | MD5 |
---|---|---|
FamilyTreeMadeSimpleSetup.exe | 2022-08-26 07:53:05 | 15d662c8c08546225a2cc7aa985e6b99 |
AdblockInstaller.exe | 2022-11-11 10:57:12 | 19b20fc498d366730c470bacab083fe7 |
install1.exe | 2022-11-21 21:21:05 | e3c9d895497ffded48073eee0295bea4 |
iron.exe | 2023-03-24 14:14:21 | f726e687e1118e70c4aad980fd750c71 |
SrbijaSetupHokej.exe | 2024-05-23 18:53:02 | 528b9a26fd19839aeba788171c568311 |
GTA_V.exe | 2024-05-31 17:32:03 | adf5adfae118dabb87818f625502d0d8 |