auto win.exe

Trainer

Junior

This is a setup program which is used to install the application. The file has been seen being downloaded from fs06n3.sendspace.com and multiple other hosts.
Publisher:
Junior

Product:
Trainer

Version:
1.0.0.0

MD5:
bf259966485f5e8e1b147285e8f8af30

SHA-1:
36e85d91faa2dea13599535c9b24fee7c0438eda

SHA-256:
497da15748e0029a62e13b4d72cc94bf22a91af53cf18f55c04aef892c7a5ce6

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/23/2024 9:24:38 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
HackTool.Win32.CheatEngine
4.0.3.151218

ESET NOD32
Win32/HackTool.CheatEngine.AF potentially unsafe application
7.0.302.0

File size:
4.4 MB (4,616,192 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Junior 2015

Original file name:
Trainer.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\auto win.exe

File PE Metadata
Compilation timestamp:
11/15/2015 5:30:57 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
98304:EnXwVv4gPOZX+bgPl/f6t/eYG5pImQ1/lS/pu6FyfsUuT:d4+OZXwKn2QpI9som

Entry address:
0x4456AE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8837

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
4.3 MB (4,470,784 bytes)

The file auto win.exe has been seen being distributed by the following 8 URLs.

https://fs06n3.sendspace.com/dl/c0154a4361b09a800b56ff9dc46aeb54/565b4d254d52b58a/.../Auto Win.exe

https://fs06n4.sendspace.com/dl/9b4de54f4155c7c4ba1a5b61e1be6a31/57bcd8170a701ea4/.../Auto Win.exe

https://fs06n2.sendspace.com/dl/6f01b7c3ad8782f48d2f658066fe6323/57be468e3ec9eb9e/.../Auto Win.exe

https://fs06n1.sendspace.com/dl/1d56c57287ff08a646ed82287f34891b/56647ba309c69ab5/.../Auto Win.exe

Scan auto win.exe - Powered by Reason Core Security