booleen.exe

The executable booleen.exe has been detected as malware by 23 anti-virus scanners. The file has been seen being downloaded from dc729.4shared.com and multiple other hosts.
Version:
1.7.0.0

MD5:
8ba5f0972c9e10ed83cccf8fdb60bcdc

SHA-1:
5783841d94480662b25b4d4bff4c5aeacd537bc3

SHA-256:
8b488e1a3e145cb2f9d75149ddc41a72ec5c9cba4e29daf1d64946e8c1cbb6d3

Scanner detections:
23 / 68

Status:
Malware

Analysis date:
11/27/2024 4:48:11 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
SPR/CheatEngine.AB.460
7.11.133.118

Baidu Antivirus
HackTool.Win32.CheatEngine
4.0.3.14322

Bitdefender
Trojan.Generic.8116900
1.0.20.1040

Bkav FE
W32.Clodecf.Trojan
1.3.0.4924

Comodo Security
UnclassifiedMalware
14998

Emsisoft Anti-Malware
Trojan.Win32.CheatEngine.AMN
8.14.07.27.04

ESET NOD32
Win32/HackTool.CheatEngine.AB
8.9464

Fortinet FortiGate
Riskware/CheatEngine
3/22/2014

F-Prot
W32/HackTool.DON
v6.4.7.1.166

F-Secure
Trojan.Generic.8116900
11.2014-27-07_1

G Data
Trojan.Generic.8116900
14.7.22

K7 AntiVirus
Hacktool
13.176.11256

Malwarebytes
HackTool.GamesCheat.Gen
v2014.03.22.09

McAfee
Artemis!8BA5F0972C9E
5600.7184

MicroWorld eScan
Trojan.Generic.8116900
15.0.0.624

Norman
CheatEngine.QU
11.20140322

nProtect
Trojan.Generic.8116900
13.01.21.02

Panda Antivirus
Suspicious file
14.07.27.04

Reason Heuristics
Threat.Win.Reputation.IMP
14.7.27.15

Sophos
CheatEngine
4.97

SUPERAntiSpyware
Trojan.Agent/Gen-CheatEngine
10712

Trend Micro House Call
TROJ_GEN.R47H1A2
7.2.208

VIPRE Antivirus
Trojan.Win32.Delf.abt
26798

File size:
809.8 KB (829,235 bytes)

Product version:
1.2

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:xRbu/jtigh+M9lbfx3yABdvStQiH4u3cS6T2w:fOsghzh/WS6fcSC

Entry address:
0x75B10

Entry point:
55, 8B, EC, 83, C4, F0, B8, A8, 58, 47, 00, E8, 9C, 08, F9, FF, A1, 64, B4, 47, 00, 8B, 00, E8, 04, 29, FE, FF, A1, 64, B4, 47, 00, 8B, 00, C6, 40, 5B, 00, 8B, 0D, 78, B3, 47, 00, A1, 64, B4, 47, 00, 8B, 00, 8B, 15, 40, 56, 47, 00, E8, F9, 28, FE, FF, A1, 64, B4, 47, 00, 8B, 00, E8, 6D, 29, FE, FF, E8, A4, E6, F8, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.8427

Developed / compiled with:
Microsoft Visual C++

Code size:
467 KB (478,208 bytes)

The file booleen.exe has been seen being distributed by the following 2 URLs.

http://dc729.4shared.com/download/.../__online.exe

Remove booleen.exe - Powered by Reason Core Security