CheatEngine75.exe

First submission 2024-09-03 00:20:02 Last sumbission 2024-09-03 00:30:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 3150.53 KB (3226144 bytes)
Compile time: 2020-11-15 10:48:30
MD5: 609fea742d34dc1d53f0eeb4873b1a0a
SHA1: 3232c52da3cb8f47a870162a35cdd75fcae60aea
SHA256: e2e15826b69778e381f25ac8f2b109a377b23f7cf79b5f482e81f4d28c30f95e
Import Hash : 5a594319a0d69dbc452e748bcf05892e
Sections 10 .text .itext .data .bss .idata .didata .edata .tls .rdata .rsrc
Directories 5 import export resource tls security

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 37/79 VT report date: 2024-09-03 00:18:19
Malware Type 3 adware trojan downloader
Threat Type 2 offercore bundler

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXps://downloadsparrow.com/cl/CheatEngine75.exe VirusTotal Report downloadsparrow.com VirusTotal Report 2024-09-03 00:30:03
hXXp://downloadsparrow.com/cl/CheatEngine75.exe VirusTotal Report downloadsparrow.com VirusTotal Report 2024-09-03 00:20:02

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0xb361c 735232 595ad8ee618b5410e614c2425157fa1a449ec611 ad6e46e3a3acdb533eb6a077f6d065af
.itext 0xb5000 0x1688 6144 83d77b6dc9d041cc5db064da4cae1e287a80b9e6 d40fc822339d01f2abcc5493ac101c94
.data 0xb7000 0x37a4 14336 38d782fd98f596f5bf4963b930f946cf7fc96162 4c195d5591f6d61265df08a3733de3a2
.bss 0xbb000 0x6de8 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0xc2000 0xf36 4096 42030ea2f06f38d5495913b418e993992e512417 a73d686f1e8b9bb06ec767721135e397
.didata 0xc3000 0x1a4 512 051c6d0acda9716869fbc453e27230d2b36d9e8f 41b8ce23dd243d14beebc71771885c89
.edata 0xc4000 0x9a 512 8aab4ebcf9c4a3faf3fc872d96709460d6bf6378 37c1a5c63717831863e018c0f51dabb7
.tls 0xc5000 0x18 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rdata 0xc6000 0x5d 512 735078338d2c5f1b3f162ce296611076a9ddcf02 8f2f090acd9622c88a6a852e72f94e96
.rsrc 0xc7000 0x4800 18432 80f4607fd5b746b68dd46b627c42484c7705361e 1d7abcba64850925541eff3ccead3f16

PE Resources 6

Name Language Sublanguage Offset Size Data
RT_ICON LANG_DUTCH SUBLANG_DUTCH 0xc7e40 2216
RT_STRING LANG_NEUTRAL SUBLANG_NEUTRAL 0xca3ac 676
RT_RCDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0xca924 44
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0xca950 62
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0xca990 1412
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0xcaf14 1830

Meta infos 9

LegalCopyright: \xa9 EngineGame
OriginalFileName:
FileVersion: 7.5.0
CompanyName:
ProductVersion: 7.5.0
FileDescription: EngineGame Installer
Translation: 0x0000 0x04b0
Comments: This installation was built with Inno Setup.
ProductName: EngineGame

Packers detected 2

Borland Delphi 3.0 (???)
Borland Delphi 4.0

Anti debug functions 3

GetLastError
RaiseException
UnhandledExceptionFilter

File signature

MD5 SHA1 Block size Virtual Address
e2b0532fc9915122a9be125b34ac3510 8aeb1314a2e2a3d7c8de96053428d694e1773da0 5496 3220648

Strings analysis - File found

Library
botva2.dll
USERENV.dll
ntmarta.dll
comres.dll
propsys.dll
KERNEL32.dll
OLEAUT32.dll
cryptbase.dll
UxTheme.dll
OLEACC.dll
profapi.dll
VERSION.dll
dwmapi.dll
apphelp.dll
ntdll.dll
clbcatq.dll
SHELL32.dll
SETUPAPI.dll
NETAPI32.dll
USER32.dll
COMCTL32.dll
ADVAPI32.dll
GDI32.dll

Strings analysis - Possible IPs found 1

0.9.7.151

Strings analysis - Possible URLs found 10

http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
http://ocsp.comodoca.com0
https://sectigo.com/CPS0
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
http://crl.comodoca.com/AAACertificateServices.crl04
http://ocsp.sectigo.com0
http://schemas.microsoft.com/SMI/2005/WindowsSettings
https://jrsoftware.org/ishelp/index.php?topic=setupcmdline
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#

Import functions

PE Exports 3 suspicious

Function Address
TMethodImplementationIntercept 0x454060
__dbk_fcall_wrapper 0x40d0a0
dbkFCallWrapperAddr 0x4be63c
Name Latest seen MD5
FamilyTreeMadeSimpleSetup.exe 2022-08-26 07:53:05 15d662c8c08546225a2cc7aa985e6b99
AdblockInstaller.exe 2022-11-11 10:57:12 19b20fc498d366730c470bacab083fe7
install1.exe 2022-11-21 21:21:05 e3c9d895497ffded48073eee0295bea4
iron.exe 2023-03-24 14:14:21 f726e687e1118e70c4aad980fd750c71
SrbijaSetupHokej.exe 2024-05-23 18:53:02 528b9a26fd19839aeba788171c568311
GTA_V.exe 2024-05-31 17:32:03 adf5adfae118dabb87818f625502d0d8