» cheatengine62.exe
Overview
Analysis
File Details
Downloads (2)

cheatengine62.exe

Cheat Engine 6.2

Dark Byte

The application cheatengine62.exe, “Cheat Engine 6.2 Setup ” has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.

File name:

cheatengine62.exe

Publisher:

Dark Byte

Product:

Cheat Engine 6.2

Description:

Cheat Engine 6.2 Setup

MD5:

5e3e0b8143f0961ebf315487cb2328d9

SHA-1:

a1c67580695a090269c5f1aa116b37e2d005ef7b

SHA-256:

09d6e83d506c6c47b00b936aa6d8bc07cda83e704be82bafdb78739b1ed9ef7d

Scanner detections:

7 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/26/2024 1:42:06 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Trojan.Win32.Agent

4.0.3.1416

Bkav FE

W32.Clod3f0.Trojan

1.3.0.4613

ESET NOD32

Win32/OpenCandy

8.9307

IKARUS anti.virus

HackTool.Linux.CEngi

t3scan.2.2.29

K7 AntiVirus

Trojan

13.175.10881

McAfee

Artemis!5E3E0B8143F0

5600.7259

NANO AntiVirus

Trojan.Win32.CheatEngine.xrokk

0.28.0.57029

File size:

6.8 MB (7,159,153 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\cheatengine62.exe

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:QlFFXPfwNANfP+3cpfujfAPtc0dNaAZiksWIW6+C7k0VrvDl0odrrf2g14WBeCMt:c1gq+s54u5d4AZi9WINkEl1dugWmtWB

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file cheatengine62.exe has been seen being distributed by the following 2 URLs.

http://members.upc.nl/cheatengine2/.../CheatEngine62.exe

http://dl.cdn.chip.eu/downloads/.../CheatEngine62.exe

Remove cheatengine62.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.