× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bd4ea87c198ce33331aa3cb34d32b79054ec75471655b86ba855a3bf9eab67e4
File name: CoD_Bo2_1.3.3.7_Hook_100%_Undetected_Cheat.exe
Detection ratio: 1 / 47
Analysis date: 2013-06-08 16:04:50 UTC ( 4 years ago ) View latest
Antivirus Result Update
TotalDefense Win32/Tnega.ARWO 20130607
Yandex 20130608
AhnLab-V3 20130608
AntiVir 20130608
Antiy-AVL 20130608
Avast 20130608
AVG 20130608
BitDefender 20130608
ByteHero 20130606
CAT-QuickHeal 20130607
ClamAV 20130608
Commtouch 20130608
Comodo 20130608
DrWeb 20130608
Emsisoft 20130608
eSafe 20130606
ESET-NOD32 20130608
F-Prot 20130608
F-Secure 20130608
Fortinet 20130608
GData 20130608
Ikarus 20130608
Jiangmin 20130608
K7AntiVirus 20130607
K7GW 20130607
Kaspersky 20130608
Kingsoft 20130506
Malwarebytes 20130608
McAfee 20130608
McAfee-GW-Edition 20130608
Microsoft 20130608
eScan 20130608
NANO-Antivirus 20130608
Norman 20130608
nProtect 20130608
Panda 20130608
PCTools 20130521
Rising 20130607
Sophos 20130608
SUPERAntiSpyware 20130608
Symantec 20130608
TheHacker 20130608
TrendMicro 20130608
TrendMicro-HouseCall 20130608
VBA32 20130608
VIPRE 20130608
ViRobot 20130608
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher 1.3.3.7 Hook
File version 1.3.3.7
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-06-25 12:39:01
Entry Point 0x00005E10
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
LCMapStringW
ReadFile
SetHandleCount
GetExitCodeProcess
LCMapStringA
HeapDestroy
HeapAlloc
IsBadWritePtr
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
HeapCompact
GetCurrentProcess
GetEnvironmentStrings
GetCurrentDirectoryA
CreateDirectoryA
DeleteFileA
CreateFileA
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetFileType
GetModuleHandleA
GetTempPathA
WideCharToMultiByte
GetStringTypeA
SetFilePointer
FindFirstFileA
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetTempFileNameA
FindNextFileA
RemoveDirectoryA
GetACP
HeapReAlloc
GetStringTypeW
SetEnvironmentVariableA
GetOEMCP
TerminateProcess
CreateProcessA
GetEnvironmentVariableA
HeapCreate
VirtualFree
FindClose
Sleep
IsBadReadPtr
IsBadCodePtr
ExitProcess
GetVersion
VirtualAlloc
SetCurrentDirectoryA
wsprintfA
GetMessageA
DispatchMessageA
LoadStringA
MessageBoxA
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
Number of PE resources by type
RT_ICON 9
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileVersionNumber
1.3.3.7

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
49152

MIMEType
application/octet-stream

FileVersion
1.3.3.7

TimeStamp
2008:06:25 13:39:01+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
1.3.3.7 Hook

CodeSize
40960

FileSubtype
0

ProductVersionNumber
1.3.3.7

EntryPoint
0x5e10

ObjectFileType
Executable application

File identification
MD5 611b4b83cadad794e8118b62f17cc76a
SHA1 759f39640d2447a14492bbd7bc3a9c01dd1d7af6
SHA256 bd4ea87c198ce33331aa3cb34d32b79054ec75471655b86ba855a3bf9eab67e4
ssdeep
24576:MDC8A6cjhDBPmDSzQ32nBHM4r8a5iRZYb2P7UE4EjjSZ5kqXVoTy9fgQysqv5:scjhdc6pnBH3r8HPNPw/EvYIwfiLx

File size 1.4 MB ( 1500475 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (48.1%)
Win32 Executable MS Visual C++ (generic) (34.9%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Generic Win/DOS Executable (2.2%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-06-08 15:53:35 UTC ( 4 years ago )
Last submission 2013-06-08 16:04:50 UTC ( 4 years ago )
File names file-5568181_exe
CoD_Bo2_1.3.3.7_Hook_100%_Undetected_Cheat.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Created mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications