total war rome ii trainer +9 for reloaded update #2 mrantifun.exe

Cheat Engine

The executable total war rome ii trainer +9 for reloaded update #2 mrantifun.exe has been detected as malware by 3 anti-virus scanners. This file is typically installed with the program Cheat Engine 6.3 by Dark Byte.
Publisher:
Cheat Engine  (signed and verified)

Description:
Cheat Engine

Version:
6.3.0.3293

MD5:
d2aa9bb0e3220378c1022e8c951b73ee

SHA-1:
b20b0bd8e5cdd280c5dc922ffd896df50d208cb7

SHA-256:
bf25b6c415673b3797572b7e57688278f72dbd69836aca38dced83b6e3045aae

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
3/1/2014 12:25:36 PM UTC  (one month ago)

Scan engine
Detection
Engine version

ESET NOD32
Win32/HackTool.CheatEngine.AB (variant)
7.9190

K7 Gateway Antivirus
Trojan
13.174.10560

Kingsoft AntiVirus
Win32.HackTool.Undef.(kcloud)
331020.49267

File size:
6.4 MB (6,751,928 bytes)

Product version:
6.3

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\user\appdata\local\temp\random.tmp\extracted\total war rome ii trainer +9 for reloaded update #2 mrantifun.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
3/25/2013 3:26:07 AM

Valid to:
7/22/2014 1:08:43 PM

Subject:
E=dark_byte@hotmail.com, CN=Cheat Engine, O=Cheat Engine, L=Eindhoven, S=Noord Brabant, C=NL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121ECFEBA3F53102B741B7E1AEDB2501C7C

File PE Metadata
Compilation timestamp:
1/1/1970 1:00:00 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.62

CTPH (ssdeep):
196608:LJLx4DB64hex9ezvOm31hRe3r0vPBKqhBSw:LJF4V648wv7lhc70vPBK4D

Entry address:
0x41E810

Entry point:
C6, 05, 30, 09, 82, 00, 00, E8, B4, FF, FF, FF, B8, 40, 3D, A4, 00, E8, 3A, 46, BF, FF, C3, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, FF, FF, FF, 00, 00, 00, 00, FF, FF, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
4.1 MB (4,315,200 bytes)

The file total war rome ii trainer +9 for reloaded update #2 mrantifun.exe has been discovered within the following program.

Cheat Engine 6.3  by Dark Byte
Publisher's description - “Cheat Engine is an open source tool designed to help you with modifying single player games running under window so you can make them harder or easier depending on your preference(e.”
www.cheatengine.org
About 1% of users remove it
 
Powered by Should I Remove It?

8 / 68      (PUP)
CheatEngine63.exe  (83fb2100da00c4a15bf803d5d2712360ec024328)

8 / 68      (PUP)
CheatEngine62.exe  (5042d797d7fa03425d3ad7e333f5435626ca6534)

0 / 68
dbk64.sys  (87488cbef6debfc99bb77f3510a8dc7ec5796636)

0 / 68
lua5.1-32.dll  (7188d2a38aa33464b96e8157fb2d05af4dc4ac60)

0 / 68
xmplayer.exe  (faddaf0d9e1fa1843f1a010a5d8531de2d53fba8)

2 / 68      (inconclusive)
1989691_setup.exe  (a285b6ab3a4b305d62bd64167ddcf20cbc334a1e)

8 / 68      (PUP)
cheatengine63clean.exe  (ef1fbe19951edbd8d598d3836f375033c87b085b)

0 / 68
cheatengine-x86_64.exe (by Cheat Engine)  (240f0c622e6c060ddf37de05d3f86ddd85906006)

0 / 68
lua5.1-64.dll  (b98539c910d2a8614a0600b54f3d8be28fb4808c)

0 / 68
speedhack-i386.dll  (f3477f50a088579c7d132e7846848b4196b4f488)

1 / 68      (inconclusive)
rox trgames.exe (by Cheat Engine)  (89a69d68aa87720630357b689b3db6ff2c160c18)

1 / 68      (inconclusive)
dbk32.sys  (fd389b6958b587e15b57f29ad687a7b105ae73af)

1 / 68      (inconclusive)
cheat-engine.exe  (573a43817f0310abe662f7dfc97a78ed348bc1ea)

0 / 68
speedhack-x86_64.dll  (35059d1a04780eb7672e1583d3f85ca1d21eb29b)

0 / 68
ceregreset.exe  (aa36c6bf501a8db0ba2b057853650c656f0dfa71)

0 / 68
cheat engine.exe  (e5cb2b82e5a66a210b0b872ff875182f70bcb229)

Detection Incidence by Country