File name:

Call_of_Duty_4_Modern_Warfare_Trainer.EXE

Full analysis: https://app.any.run/tasks/9eff7863-2b79-4234-92a1-586b816f3b5e
Verdict: Malicious activity
Analysis date: January 24, 2024, 15:38:13
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

2F5B39EFDB73F85924917019BAF328AC

SHA1:

0AB19D697271DC247F374999A641C82A18FCA49A

SHA256:

22362DFF745CD7FF29B90E508A38A4E46E2DE42F0A622A0C7672209562F69C5B

SSDEEP:

98304:sBOPLV39U5io0fu+YPSvQPZFuB12RvyI0zl+kCp5dkmcIINs3eCKMluaYPnzpFJc:vnC8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exe (PID: 876)
      • Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exe (PID: 1388)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exe (PID: 876)
      • Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exe (PID: 1388)

    • Process drops legitimate windows executable

      • Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exe (PID: 1388)

    • Reads the Internet Settings

      • Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exe (PID: 1880)

  • INFO

    • Reads the computer name

      • Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exe (PID: 876)
      • Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exe (PID: 1880)
      • xmplayer.exe (PID: 980)

    • Checks supported languages

      • Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exe (PID: 876)
      • xmplayer.exe (PID: 980)
      • Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exe (PID: 1388)
      • Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exe (PID: 1880)

    • Create files in a temporary directory

      • Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exe (PID: 1388)
      • Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exe (PID: 876)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2011:02:26 15:09:20+01:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 26112
InitializedDataSize: 3788288
UninitializedDataSize: -
EntryPoint: 0x157a
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
5
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start call_of_duty_4_modern_warfare_trainer.exe.exe call_of_duty_4_modern_warfare_trainer.exe.exe call_of_duty_4_modern_warfare_trainer.exe.exe xmplayer.exe no specs call_of_duty_4_modern_warfare_trainer.exe.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
876"C:\Users\admin\AppData\Local\Temp\Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exe" C:\Users\admin\AppData\Local\Temp\Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\call_of_duty_4_modern_warfare_trainer.exe.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
980"C:\Users\admin\AppData\Local\Temp\cetrainers\CET94BC.tmp\extracted\xmplayer.exe" CEA9A41F3CD_4B47_495D_AC2C0AB6FCFF0994C:\Users\admin\AppData\Local\Temp\cetrainers\CET94BC.tmp\extracted\xmplayer.exeCall_of_Duty_4_Modern_Warfare_Trainer.EXE.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\cetrainers\cet94bc.tmp\extracted\xmplayer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1388"C:\Users\admin\AppData\Local\Temp\cetrainers\CET94BC.tmp\Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exe"C:\Users\admin\AppData\Local\Temp\cetrainers\CET94BC.tmp\Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exe
Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\cetrainers\cet94bc.tmp\call_of_duty_4_modern_warfare_trainer.exe.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1880C:\Users\admin\AppData\Local\Temp\cetrainers\CET94BC.tmp\extracted\Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exe "C:\Users\admin\AppData\Local\Temp\cetrainers\CET94BC.tmp\extracted\CET_TRAINER.CETRAINER"C:\Users\admin\AppData\Local\Temp\cetrainers\CET94BC.tmp\extracted\Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exe
Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exe
User:
admin
Company:
Cheat Engine
Integrity Level:
HIGH
Description:
Cheat Engine
Exit code:
0
Version:
6.1.0.1561
Modules
Images
c:\users\admin\appdata\local\temp\cetrainers\cet94bc.tmp\extracted\call_of_duty_4_modern_warfare_trainer.exe.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
2640"C:\Users\admin\AppData\Local\Temp\Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exe" C:\Users\admin\AppData\Local\Temp\Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\call_of_duty_4_modern_warfare_trainer.exe.exe
c:\windows\system32\ntdll.dll
Total events
840
Read events
832
Write events
8
Delete events
0

Modification events

(PID) Process:(1880) Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(1880) Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(1880) Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(1880) Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
5
Suspicious files
2
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
876Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exeC:\Users\admin\AppData\Local\Temp\cetrainers\CET94BC.tmp\Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exeexecutable
MD5:7037A98950FA4011691B8121DA1A20E1
SHA256:49F55634873319D06DD9A32F2C0B63EBD6CBDFFDBCBAD7162B7C31F50D3C7DA1
1388Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exeC:\Users\admin\AppData\Local\Temp\cetrainers\CET94BC.tmp\extracted\CET_TRAINER.CETRAINERbinary
MD5:D41116254C9DD33FDB93CD72B3850FEC
SHA256:B0801237CD04D6DB3218C7C06EFB4E162926B1CA0E1EE34ED58584518E1E591F
1388Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exeC:\Users\admin\AppData\Local\Temp\cetrainers\CET94BC.tmp\extracted\defines.luatext
MD5:31065ECA47AA65A75033DDDD13E90755
SHA256:317025F2CB7F93FFEFB5C87FECF445E4FCAADFBD00EE9AC3E65B803C2B980534
1388Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exeC:\Users\admin\AppData\Local\Temp\cetrainers\CET94BC.tmp\extracted\win32\dbghelp.dllexecutable
MD5:4003E34416EBD25E4C115D49DC15E1A7
SHA256:C06430B8CB025BE506BE50A756488E1BCC3827C4F45158D93E4E3EEB98CE1E4F
1388Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exeC:\Users\admin\AppData\Local\Temp\cetrainers\CET94BC.tmp\extracted\Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exeexecutable
MD5:AB9983B19AE94F47CC870E1914955370
SHA256:CE481709C585D0EFEEBABCE7DA99ED338D0FAA80556EAC6FD150FD44ED1F0B48
1388Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exeC:\Users\admin\AppData\Local\Temp\cetrainers\CET94BC.tmp\extracted\lua5.1-32.dllexecutable
MD5:859BE12AD1E4ACE1418FF3A069B35115
SHA256:9A99EA10ACD1378CCC4F23A91B00B9969D640419779B17711B21F2100D2DB48C
876Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exeC:\Users\admin\AppData\Local\Temp\cetrainers\CET94BC.tmp\CET_Archive.datbinary
MD5:E487AE4A89B26F25B3416A29B38C49CE
SHA256:F23AC19BBB6E7AABEC98CF64D51C76913FE4B96EE6C83D96838BCFF0FFA09016
1388Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exeC:\Users\admin\AppData\Local\Temp\cetrainers\CET94BC.tmp\extracted\xmplayer.exeexecutable
MD5:5FBD54A57710AA8FC3F0DC1C17120637
SHA256:04CC2FEB0F6B3E5FCE5FEAA2E543724EA7B6305E4BF39D3AFBD6A4206AAE21E1
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
Process
Message
Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exe
sizeof fxstate = 512
Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exe
Offset of LBR_Count=760
Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exe
Deleting C:\Users\admin\AppData\Local\Temp\Cheat Engine\{7FE7045B-2278-4869-A2A1-D642DA7E8386}
Call_of_Duty_4_Modern_Warfare_Trainer.EXE.exe
deleted the scanresults
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Call_of_Duty_4_Modern_Warfare_Trainer.EXE