File name:

Modern Warefare 2 Aimbot Steam Edition.exe

Full analysis: https://app.any.run/tasks/e82b0c7e-f849-42ff-a982-c9cb60fc971b
Verdict: Malicious activity
Analysis date: May 23, 2024, 21:57:53
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, RAR self-extracting archive
MD5:

3D4ADDF8A84693F878D22187867A14D7

SHA1:

F7D86103E85F6B6823227CADB36D5E3A3DE2AD4E

SHA256:

873E78F1513F4F9A9B3D87D23B5F7BA08FB82B021EE8AB0AB49CDF821FF6EE0A

SSDEEP:

98304:K/RaBdMOEhG1G3tIz9PuxGM3Trrq2EHq6OiDraZK4T1aPjqh7V8qjlnxmA75MO6l:lmR0nVPLFp9b

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 1120)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 1120)
      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 2012)

    • Executable content was dropped or overwritten

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 1120)

    • Reads Microsoft Outlook installation path

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 1120)
      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 2012)

    • Reads Internet Explorer settings

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 1120)
      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 2012)

    • Reads the Internet Settings

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 1120)
      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 2012)

    • Process drops legitimate windows executable

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 1120)

  • INFO

    • Checks supported languages

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 1120)
      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 2012)

    • Checks proxy server information

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 1120)
      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 2012)

    • Reads the computer name

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 1120)
      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 2012)

    • Reads the machine GUID from the registry

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 1120)
      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 2012)

    • Creates files in the program directory

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 1120)
      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 2012)

    • Creates files or folders in the user directory

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 1120)

    • Manual execution by a user

      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 660)
      • Modern Warefare 2 Aimbot Steam Edition.exe (PID: 2012)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2010:03:15 06:27:50+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 67584
InitializedDataSize: 174592
UninitializedDataSize: -
EntryPoint: 0xa7b1
OSVersion: 5
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
4
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start modern warefare 2 aimbot steam edition.exe modern warefare 2 aimbot steam edition.exe no specs modern warefare 2 aimbot steam edition.exe modern warefare 2 aimbot steam edition.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
660"C:\Users\admin\Desktop\Modern Warefare 2 Aimbot Steam Edition.exe" C:\Users\admin\Desktop\Modern Warefare 2 Aimbot Steam Edition.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\modern warefare 2 aimbot steam edition.exe
c:\windows\system32\ntdll.dll
1120"C:\Users\admin\Desktop\Modern Warefare 2 Aimbot Steam Edition.exe" C:\Users\admin\Desktop\Modern Warefare 2 Aimbot Steam Edition.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\modern warefare 2 aimbot steam edition.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2012"C:\Users\admin\Desktop\Modern Warefare 2 Aimbot Steam Edition.exe" C:\Users\admin\Desktop\Modern Warefare 2 Aimbot Steam Edition.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\modern warefare 2 aimbot steam edition.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3984"C:\Users\admin\Desktop\Modern Warefare 2 Aimbot Steam Edition.exe" C:\Users\admin\Desktop\Modern Warefare 2 Aimbot Steam Edition.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\modern warefare 2 aimbot steam edition.exe
c:\windows\system32\ntdll.dll
Total events
4 780
Read events
4 726
Write events
30
Delete events
24

Modification events

(PID) Process:(1120) Modern Warefare 2 Aimbot Steam Edition.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(1120) Modern Warefare 2 Aimbot Steam Edition.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyServer
Value:
(PID) Process:(1120) Modern Warefare 2 Aimbot Steam Edition.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyOverride
Value:
(PID) Process:(1120) Modern Warefare 2 Aimbot Steam Edition.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoConfigURL
Value:
(PID) Process:(1120) Modern Warefare 2 Aimbot Steam Edition.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoDetect
Value:
(PID) Process:(1120) Modern Warefare 2 Aimbot Steam Edition.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005D010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1120) Modern Warefare 2 Aimbot Steam Edition.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(1120) Modern Warefare 2 Aimbot Steam Edition.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(1120) Modern Warefare 2 Aimbot Steam Edition.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(1120) Modern Warefare 2 Aimbot Steam Edition.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
18
Suspicious files
2
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
1120Modern Warefare 2 Aimbot Steam Edition.exeC:\Program Files\MW2 Aimbot\Modern Warefare 2 Aimbot(Steam Edition)\Aimbot Injector.exeexecutable
MD5:44B5A256D414DB633C3B73E39A165489
SHA256:816C74E4560B9D09E14459E105BE4EA3F980C289DD7BF5A5C49B4484FFDD93CB
1120Modern Warefare 2 Aimbot Steam Edition.exeC:\Program Files\MW2 Aimbot\Modern Warefare 2 Aimbot(Steam Edition)\CSERHelper.dllexecutable
MD5:173C217E677C4B0C4F8A6D54BA13BF9B
SHA256:1DF7F26931AC31569AB0F5A0F4F687776501891276884377426CAEB9C04ADD8C
1120Modern Warefare 2 Aimbot Steam Edition.exeC:\Program Files\MW2 Aimbot\Modern Warefare 2 Aimbot(Steam Edition)\Steam.exeexecutable
MD5:E52B9425EB3C7FFFD0B900CEDC9A779E
SHA256:64BB3141866A3E2BAFADDDD80F8B489706F7F8293F5CF99D58E955C87C0A29F1
1120Modern Warefare 2 Aimbot Steam Edition.exeC:\Program Files\MW2 Aimbot\Modern Warefare 2 Aimbot(Steam Edition)\steamclient64.dllexecutable
MD5:7CE30367DB6AF72FC47756A1992FFB52
SHA256:AB7E90B340B87B7DC5FA564F8A7652ECA2CAA3910136881871B39D37D83DEBB9
1120Modern Warefare 2 Aimbot Steam Edition.exeC:\Program Files\MW2 Aimbot\Modern Warefare 2 Aimbot(Steam Edition)\Steam.dllexecutable
MD5:B4775BE4CBB18EEE2C40BEEBB1B7777E
SHA256:C3FB7EC2EF7B6CA8D19720C4B605BCAD70D81A913DB6EFC44EF2F02CEFF217BB
1120Modern Warefare 2 Aimbot Steam Edition.exeC:\Program Files\MW2 Aimbot\Modern Warefare 2 Aimbot(Steam Edition)\vstdlib_s64.dllexecutable
MD5:8BB9E293559FD1AC7E103747B70B1E3C
SHA256:E960473212A46A2DEC2E465F32F383117FEF8953C489789DC2BC9A2E0BC9ED5F
1120Modern Warefare 2 Aimbot Steam Edition.exeC:\Program Files\MW2 Aimbot\Modern Warefare 2 Aimbot(Steam Edition)\GameOverlayUI.exeexecutable
MD5:CA5239BA97E13AB68D0D088435F64C44
SHA256:C3CE7803B1DEEDE777E16F3F02853688ACFE1CD64AA5491B94F443138DF33786
1120Modern Warefare 2 Aimbot Steam Edition.exeC:\Program Files\MW2 Aimbot\Modern Warefare 2 Aimbot(Steam Edition)\SteamUI.dllexecutable
MD5:42BFFBBCB14EE997700BAFF174FC7A44
SHA256:E9C5FCF4D2EF9A66A68322674054880D2DFA2E40AB8D0B989C60BCF50617D4AF
1120Modern Warefare 2 Aimbot Steam Edition.exeC:\Program Files\MW2 Aimbot\Modern Warefare 2 Aimbot(Steam Edition)\tier0_s.dllexecutable
MD5:4BF5166C0893ECF6F7E5EF3270B88E24
SHA256:B56BF5054F500B394E401868B79166F187D81BD374D6CF0809B2722537272329
1120Modern Warefare 2 Aimbot Steam Edition.exeC:\Program Files\MW2 Aimbot\Modern Warefare 2 Aimbot(Steam Edition)\dbghelp.dllexecutable
MD5:A7532E66EA2F168A0970E829D8986423
SHA256:908B92E80C41D2782C6806C2B05F2FBB4C34A9F95D603C16C188384A9E4EF989
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
1088
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Modern Warefare 2 Aimbot Steam Edition.exe