icheat v3.0 (32 bit).exe

The executable icheat v3.0 (32 bit).exe has been detected as malware by 17 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.f2s.co.il and multiple other hosts.
MD5:
7d13aeba9cc93a1c27f7403ba7f53b07

SHA-1:
f4afb9be30efceec6f9811e730202bde2c7e4d82

SHA-256:
0bf625f354523f1fe3be22b40af9c78f9cdd6767d505d8a8144986ff76b467a5

Scanner detections:
17 / 68

Status:
Malware

Analysis date:
11/4/2024 5:06:06 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.HackTool
7.1.1

Avira AntiVirus
SPR/Hacktool.aod
8.3.1.6

avast!
Win32:Malware-gen
2014.9-150612

Baidu Antivirus
HackTool.Win32.CheatEngine
4.0.3.15612

ESET NOD32
Win32/HackTool.CheatEngine.AF potentially unsafe (variant)
9.11748

Fortinet FortiGate
Riskware/Generic.AC.1569906
6/12/2015

F-Prot
W32/CheatEngine.B.gen
v6.4.7.1.166

IKARUS anti.virus
Win32.Ramnit
t3scan.1.9.5.0

Malwarebytes
Hacktool.CheatEngine
v2015.06.12.04

McAfee
Artemis!7D13AEBA9CC9
5600.6736

Panda Antivirus
Trj/CI.A
15.06.12.04

Sophos
Generic PUA PE
4.98

Total Defense
Heur/TrojanHorse.ZCFN!suspicious
37.1.62.1

Trend Micro House Call
TROJ_GEN.R002C0OF515
7.2.163

Trend Micro
TROJ_GEN.R002C0OF515
10.465.12

VIPRE Antivirus
Trojan.Win32.Generic
40910

ViRobot
Trojan.Win32.S.Agent.3746304.A[h]
2014.3.20.0

File size:
3.6 MB (3,746,304 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\icheat v3.0 (32 bit).exe

File PE Metadata
Compilation timestamp:
4/29/2012 6:56:00 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:ToaIC9AMgJ0yo8qS6SuNZMp58erEymJSAvM8+/rbnqE+Gm/1nSMwyYIpgGSew:THWqQuNip58eA3v09DbnqNnlwyUGZ

Entry address:
0x15AD

Entry point:
E8, 1A, 1B, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 56, 8B, 75, 0C, 56, E8, AA, 27, 00, 00, 89, 45, 0C, 8B, 46, 0C, 59, A8, 82, 75, 17, E8, 6A, 03, 00, 00, C7, 00, 09, 00, 00, 00, 83, 4E, 0C, 20, 83, C8, FF, E9, 2F, 01, 00, 00, A8, 40, 74, 0D, E8, 4F, 03, 00, 00, C7, 00, 22, 00, 00, 00, EB, E3, 53, 33, DB, A8, 01, 74, 16, 89, 5E, 04, A8, 10, 0F, 84, 87, 00, 00, 00, 8B, 4E, 08, 83, E0, FE, 89, 0E, 89, 46, 0C, 8B, 46, 0C, 83, E0, EF, 83, C8, 02, 89, 46, 0C, 89, 5E, 04, 89, 5D, FC, A9, 0C, 01, 00...
 
[+]

Entropy:
7.9708  (probably packed)

Code size:
35.5 KB (36,352 bytes)

The file icheat v3.0 (32 bit).exe has been seen being distributed by the following 31 URLs.

http://www.f2s.co.il/download.php?akey=5222127761&pid=hgktefb3cl1i7c0brqt53g4d50

http://www.f2s.co.il/download.php?akey=5222127761&pid=kruhh60i8pcs348k1g4ab5j8j1

https://zima29f.storage.yandex.net/rdisk/c4fe62fcc746f9f0e04d66ac36ca3ab1a05300f58d375b09cd8c6f3775c22088/58505666/.../x-msdownload&fsize=3746304&hid=90399bd85bd7f07b9d256b59c953479b&media_type=executable&tknv=v2&rtoken=tbVwKFV6Lzpk&force_default=no&ycrid=na-9c8b106942bec30f08eaa39ce7d8d632-downloader1h

http://down.upf.co.il/downloadnew/file/.../386f67a0a8bf20914ee813b39505a0eb?ip=212.179.42.241

http://www.f2s.co.il/download.php?akey=5222127761&pid=mc8cjfkdf8c7ckmih6o7h862h1

http://down.upf.co.il/downloadnew/file/.../b82f00f4336a32e0fb784e53fb138b9d?ip=109.64.184.147

https://downloader.disk.yandex.com/disk/3f94efa9ffd55fb9b518a70341ab679c1df2263bf65a877576299f0ee38fcaef/57fc6498/.../x-msdownload&fsize=3746304&hid=90399bd85bd7f07b9d256b59c953479b&media_type=executable&tknv=v2

http://www.f2s.co.il/download.php?akey=5222127761&pid=gqvca80i2mltddnrk5duvins82

http://www.f2s.co.il/download.php?akey=5222127761&pid=k6e8on583rgfnujbuch16kivr3

https://downloader.disk.yandex.com/disk/dc4fa723c21adc2f8b9abf6b00d59c66ad45d2ac5b8f4c7a6743aa175d74e7ca/57479c10/.../x-msdownload&fsize=3746304&hid=90399bd85bd7f07b9d256b59c953479b&media_type=executable&tknv=v2

https://downloader.disk.yandex.com/disk/82d292f22756bcc5ff33eb684e62d3b420eb0c2252277b9ce3d73287c4975c79/570a6f9a/.../x-msdownload&fsize=3746304&hid=90399bd85bd7f07b9d256b59c953479b&media_type=executable&tknv=v2

http://www.f2s.co.il/download.php?akey=5222127761&pid=u0ma4jc0tutflg6mm11kgptbu1

http://down.upf.co.il/downloadnew/file/.../8f41e62f8bca1c66ba178f407c2fc35a?ip=79.182.16.140

http://www.f2s.co.il/download.php?akey=5222127761&pid=tts5845frhhkev2io2q6igmhh5

http://www.f2s.co.il/download.php?akey=5222127761&pid=4p1vmqd6sas3v4iu6aq0g3mkh4

http://www.f2s.co.il/download.php?akey=5222127761&pid=d7o65sqsodd84ikc1ar4nudth3

Latest 30 of 31 download URLs

Remove icheat v3.0 (32 bit).exe - Powered by Reason Core Security