File name:

Modern Warefare 2 Aimbot Steam Edition.exe

Full analysis: https://app.any.run/tasks/e82b0c7e-f849-42ff-a982-c9cb60fc971b
Verdict: Malicious activity
Analysis date: May 23, 2024, 21:57:53
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, RAR self-extracting archive
MD5:

3D4ADDF8A84693F878D22187867A14D7

SHA1:

F7D86103E85F6B6823227CADB36D5E3A3DE2AD4E

SHA256:

873E78F1513F4F9A9B3D87D23B5F7BA08FB82B021EE8AB0AB49CDF821FF6EE0A

SSDEEP:

98304:K/RaBdMOEhG1G3tIz9PuxGM3Trrq2EHq6OiDraZK4T1aPjqh7V8qjlnxmA75MO6l:lmR0nVPLFp9b

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 1120)

  • SUSPICIOUS

    • Reads the Internet Settings

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 1120)
      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 2012)

    • Reads Microsoft Outlook installation path

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 1120)
      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 2012)

    • Reads security settings of Internet Explorer

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 1120)
      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 2012)

    • Reads Internet Explorer settings

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 1120)
      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 2012)

    • Executable content was dropped or overwritten

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 1120)

    • Process drops legitimate windows executable

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 1120)

  • INFO

    • Checks supported languages

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 1120)
      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 2012)

    • Reads the computer name

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 1120)
      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 2012)

    • Checks proxy server information

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 1120)
      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 2012)

    • Reads the machine GUID from the registry

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 1120)
      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 2012)

    • Creates files in the program directory

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 1120)
      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 2012)

    • Creates files or folders in the user directory

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 1120)

    • Manual execution by a user

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 660)
      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 2012)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2010:03:15 06:27:50+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 67584
InitializedDataSize: 174592
UninitializedDataSize: -
EntryPoint: 0xa7b1
OSVersion: 5
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
4
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start modern warefare 2 aimbot steam edition.exe modern warefare 2 aimbot steam edition.exe no specs modern warefare 2 aimbot steam edition.exe modern warefare 2 aimbot steam edition.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
660"C:\Users\admin\Desktop\Modern Warefare 2 Aimbot Steam Edition.exe" C:\Users\admin\Desktop\Modern Warefare 2 Aimbot Steam Edition.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\modern warefare 2 aimbot steam edition.exe
c:\windows\system32\ntdll.dll
1120"C:\Users\admin\Desktop\Modern Warefare 2 Aimbot Steam Edition.exe" C:\Users\admin\Desktop\Modern Warefare 2 Aimbot Steam Edition.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\modern warefare 2 aimbot steam edition.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2012"C:\Users\admin\Desktop\Modern Warefare 2 Aimbot Steam Edition.exe" C:\Users\admin\Desktop\Modern Warefare 2 Aimbot Steam Edition.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\modern warefare 2 aimbot steam edition.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3984"C:\Users\admin\Desktop\Modern Warefare 2 Aimbot Steam Edition.exe" C:\Users\admin\Desktop\Modern Warefare 2 Aimbot Steam Edition.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\modern warefare 2 aimbot steam edition.exe
c:\windows\system32\ntdll.dll
Total events
4 780
Read events
4 726
Write events
30
Delete events
24

Modification events

(PID) Process:(1120) Modern Warefare 2 Aimbot Steam Edition.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(1120) Modern Warefare 2 Aimbot Steam Edition.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyServer
Value:
(PID) Process:(1120) Modern Warefare 2 Aimbot Steam Edition.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyOverride
Value:
(PID) Process:(1120) Modern Warefare 2 Aimbot Steam Edition.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoConfigURL
Value:
(PID) Process:(1120) Modern Warefare 2 Aimbot Steam Edition.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoDetect
Value:
(PID) Process:(1120) Modern Warefare 2 Aimbot Steam Edition.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005D010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1120) Modern Warefare 2 Aimbot Steam Edition.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(1120) Modern Warefare 2 Aimbot Steam Edition.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(1120) Modern Warefare 2 Aimbot Steam Edition.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(1120) Modern Warefare 2 Aimbot Steam Edition.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
18
Suspicious files
2
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
1120Modern Warefare 2 Aimbot Steam Edition.exeC:\Program Files\MW2 Aimbot\Modern Warefare 2 Aimbot(Steam Edition)\avutil-50.dllexecutable
MD5:EA1F42949B42D9B0A17CC98829B5D641
SHA256:547FD4286ADE3DAA74E0A04A3BE26776D3F3BD7E52ADEE82CF4B29946E094D1E
1120Modern Warefare 2 Aimbot Steam Edition.exeC:\Program Files\MW2 Aimbot\Modern Warefare 2 Aimbot(Steam Edition)\CSERHelper.dllexecutable
MD5:173C217E677C4B0C4F8A6D54BA13BF9B
SHA256:1DF7F26931AC31569AB0F5A0F4F687776501891276884377426CAEB9C04ADD8C
1120Modern Warefare 2 Aimbot Steam Edition.exeC:\Program Files\MW2 Aimbot\Modern Warefare 2 Aimbot(Steam Edition)\Aimbot Injector.exeexecutable
MD5:44B5A256D414DB633C3B73E39A165489
SHA256:816C74E4560B9D09E14459E105BE4EA3F980C289DD7BF5A5C49B4484FFDD93CB
1120Modern Warefare 2 Aimbot Steam Edition.exeC:\Program Files\MW2 Aimbot\Modern Warefare 2 Aimbot(Steam Edition)\GameOverlayRenderer.dllexecutable
MD5:1C2797F421C6569B31CF85E182F4F730
SHA256:67952FA750B1B55C48D1FC77D6EC2C350FF9F2D7D966F49E44E6A91C58F26817
1120Modern Warefare 2 Aimbot Steam Edition.exeC:\Program Files\MW2 Aimbot\Modern Warefare 2 Aimbot(Steam Edition)\mss32_s.dllexecutable
MD5:1B461C2917663D325FBD51E6C3687963
SHA256:9BCC83AAD942DB4956362C9C536B8CA761EFBD852EACE4D3225F8E8611576AB0
1120Modern Warefare 2 Aimbot Steam Edition.exeC:\Program Files\MW2 Aimbot\Modern Warefare 2 Aimbot(Steam Edition)\dbghelp.dllexecutable
MD5:A7532E66EA2F168A0970E829D8986423
SHA256:908B92E80C41D2782C6806C2B05F2FBB4C34A9F95D603C16C188384A9E4EF989
1120Modern Warefare 2 Aimbot Steam Edition.exeC:\Program Files\MW2 Aimbot\Modern Warefare 2 Aimbot(Steam Edition)\GameOverlayUI.exe.logtext
MD5:B11B697EE4FF5B743ADD91F4E48C8A93
SHA256:CCD28A236FC1952F31B9203465AB10F93DF6BA4B3806EE2A672B7EAAB1C3F514
1120Modern Warefare 2 Aimbot Steam Edition.exeC:\Program Files\MW2 Aimbot\Modern Warefare 2 Aimbot(Steam Edition)\GameOverlayUI.exeexecutable
MD5:CA5239BA97E13AB68D0D088435F64C44
SHA256:C3CE7803B1DEEDE777E16F3F02853688ACFE1CD64AA5491B94F443138DF33786
1120Modern Warefare 2 Aimbot Steam Edition.exeC:\Program Files\MW2 Aimbot\Modern Warefare 2 Aimbot(Steam Edition)\GameOverlayRenderer64.dllexecutable
MD5:842DB1956330932ED701E0664AE785AE
SHA256:BA764E8E67817CCCB3FC386A71960AAA29C4D8F98E8E14ED1497EB967C226DE2
1120Modern Warefare 2 Aimbot Steam Edition.exeC:\Program Files\MW2 Aimbot\Modern Warefare 2 Aimbot(Steam Edition)\vstdlib_s64.dllexecutable
MD5:8BB9E293559FD1AC7E103747B70B1E3C
SHA256:E960473212A46A2DEC2E465F32F383117FEF8953C489789DC2BC9A2E0BC9ED5F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
1088
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Modern Warefare 2 Aimbot Steam Edition.exe