home

cheattool__7934_il508847.exe

The application cheattool__7934_il508847.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from touch.kaspersky.com.
MD5:
0d5d76244923692e76971d36e1e3a6ca

SHA-1:
6a17b0977bb258170d952835ee9cdac0b7acf149

SHA-256:
093e2ca7ce93986199255ea8bb029f69b32e7ae648d1ca2af94669da9cdf394c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/18/2024 5:10:29 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Amonetize (M)
16.12.4.11

File size:
447 KB (457,722 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\cheattool__7934_il508847.exe

File PE Metadata
Compilation timestamp:
10/21/2014 1:33:52 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:0kNHl7eV+PebCoSrbQ45P6cJUlzANzrIgULW:xZl7S+PeWoSrv6hlzAprIgOW

Entry address:
0x1037B3

Entry point:
E9, 91, CE, 05, 00, 8D, 64, 24, 04, 0F, 85, 9C, E5, FF, FF, 81, C7, BA, F7, D4, 65, 66, 0F, A3, D0, F8, 8B, 7A, 24, F9, 66, 0F, A3, FE, 01, C7, E8, 15, AA, FE, FF, 88, 54, 24, 04, 89, 44, 24, 30, 66, 0F, B6, C2, 58, F6, D4, 66, 0F, B6, C1, 89, 5C, 24, 28, 9F, 9F, 58, 8D, 45, FC, E9, CE, A9, FE, FF, 75, 5E, C0, 27, FD, E4, E4, 9C, 49, AA, 07, 8D, 34, A1, 97, 5E, 77, 94, 76, 7D, 25, E8, 42, A1, FD, 00, BD, 52, 77, D9, 2F, B6, 3B, 05, 8D, 70, 6D, A2, 42, 85, 29, 86, D5, D5, 8D, A4, F0, A2, AE, 43, 1E, 97, E2...
 
[+]

Entropy:
7.9059

Packer / compiler:
Xtreme-Protector v1.05

Code size:
161 KB (164,864 bytes)

The file cheattool__7934_il508847.exe has been seen being distributed by the following URL.

http://touch.kaspersky.com/url_redirect/.../1414473395

Remove cheattool__7934_il508847.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.