cheatengine64.exe

Cheat Engine 6.4

Cheat Engine

The application cheatengine64.exe, “Cheat Engine 6.4 Setup ” by Cheat Engine has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from download753.mediafire.com and multiple other hosts.
Publisher:
Cheat Engine   (signed by Cheat Engine)

Product:
Cheat Engine 6.4

Description:
Cheat Engine 6.4 Setup

Version:
6.4.0.1

MD5:
4106630ed73fe192770a3c7975c0e1d1

SHA-1:
7490032cbd22fee161cbbe2f5fd763e1a7b12bcf

SHA-256:
a0cdd071c2a85d817ee6cd7691d8ad9deecf9d20e0a44a3201106aecf008da28

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/25/2024 5:14:55 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/OpenCandy (variant)
8.9979

Reason Heuristics
PUP.CheatEngine.Bundler.Installer.Meta (L)
16.5.22.15

File size:
8.6 MB (9,053,048 bytes)

Product version:
6.4.0.1

Copyright:
Cheat Engine

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\cheatengine64.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
5/14/2014 7:14:16 AM

Valid to:
8/22/2015 6:08:43 AM

Subject:
E=dark_byte@hotmail.com, CN=Cheat Engine, O=Cheat Engine, L=Eindhoven, C=NL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121773089910CF0E7EA1D8A1E403D5344A8

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:T4jCIv/1u1/EG/TJHoCULn795UsOGGkAO01vU6g:T6zq/TJHoCUb7UsOGC1vY

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD...
 
[+]

Entropy:
7.9996

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file cheatengine64.exe has been seen being distributed by the following 28 URLs.

http://download753.mediafire.com/8x14jqalz18g/.../Cheat Engine V6.4.exe

http://download753.mediafire.com/qnb3pb2w5l9g/.../Cheat Engine V6.4.exe

http://gsf-cf.softonic.com//749/003/.../file?id_file=86912&channel=WEB_SD&instance=softonic_br&type=PROGRAM&fdh=no&SD_used=1&Expires=1405993756&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=LjGDbHknWeGR0Jm4ke2Jmxx8D0BbjSgmRROLfZvSn7cSTcd7Y1mMpbbtlrmByE0Kk7UQvgMwIiuFQ-U8AaB9kGZJascDcH902bwpODwupngY0RyyhsQtTroJyGlXV-pDkqLwzbNOSC0Qyinl6bCWt4NvpfXUEJppHsRmbN50T04_&filename=CheatEngine64.exe

http://bstv.biz/index.php?/files/file/.../&do=download&r=25&confirm=1&t=1&csrfKey=889485891fbb6983e954858ac31ab58e

http://letmebit.com/download/redirect/5B420DCC89FD0D8FB217AA710FECB3AC/.../CheatEngine64.exe

http://download2017.mediafire.com/gb0v729pyzig/.../Cheat Engine V6.4.exe

http://download2092.mediafire.com/p6cg84nd86qg/.../Cheat Engine V6.4.exe

http://download753.mediafire.com/2ukwwj1mddyg/.../Cheat Engine V6.4.exe

Remove cheatengine64.exe - Powered by Reason Core Security