File name:

Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE

Full analysis: https://app.any.run/tasks/712754db-735f-4945-a3bb-d3bfeb3aa871
Verdict: Malicious activity
Analysis date: January 23, 2024, 16:57:04
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

AB09D00838B101E26F461845BBF71DA3

SHA1:

A6841518E733FC1A84293AD9A4EE9B6C69B17E36

SHA256:

9367BB1C5EBE79502A3C8A31AA79FAB0A90D255F5C14D74168FE65526CAC512B

SSDEEP:

98304:GiD8rAhRfMmOoInqsSsb6GSpZ5t06m8pYGog3hp5F+kSNZxjg/i4V/1gh5IowYtC:pBAmq

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe (PID: 2736)
      • Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe (PID: 2592)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe (PID: 2592)

    • Executable content was dropped or overwritten

      • Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe (PID: 2736)
      • Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe (PID: 2592)

  • INFO

    • Checks supported languages

      • Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe (PID: 2736)
      • Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe (PID: 2592)
      • Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe (PID: 1924)

    • Reads the computer name

      • Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe (PID: 2736)
      • Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe (PID: 1924)

    • Create files in a temporary directory

      • Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe (PID: 2592)
      • Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe (PID: 2736)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 EXE PECompact compressed (generic) (47.3)
.exe | Win32 Executable MS Visual C++ (generic) (35.5)
.dll | Win32 Dynamic Link Library (generic) (7.4)
.exe | Win32 Executable (generic) (5.1)
.exe | Generic Win/DOS Executable (2.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2013:06:28 16:45:44+02:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 36352
InitializedDataSize: 11158528
UninitializedDataSize: -
EntryPoint: 0x15eb
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
4
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start kane and lynch  dead men v 1.0.0.129 gog plus 6 trainer.exe.exe kane and lynch  dead men v 1.0.0.129 gog plus 6 trainer.exe.exe kane and lynch  dead men v 1.0.0.129 gog plus 6 trainer.exe.exe kane and lynch  dead men v 1.0.0.129 gog plus 6 trainer.exe.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1924"C:\Users\admin\AppData\Local\Temp\cetrainers\CETADA3.tmp\extracted\Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe" "C:\Users\admin\AppData\Local\Temp\cetrainers\CETADA3.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:C:\Users\admin\AppData\Local\Temp\"C:\Users\admin\AppData\Local\Temp\cetrainers\CETADA3.tmp\extracted\Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe
Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe
User:
admin
Company:
Cheat Engine
Integrity Level:
HIGH
Description:
Cheat Engine
Exit code:
0
Version:
6.7.0.5198
Modules
Images
c:\users\admin\appdata\local\temp\cetrainers\cetada3.tmp\extracted\kane and lynch dead men v 1.0.0.129 gog plus 6 trainer.exe.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1936"C:\Users\admin\AppData\Local\Temp\Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe" C:\Users\admin\AppData\Local\Temp\Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\kane and lynch dead men v 1.0.0.129 gog plus 6 trainer.exe.exe
c:\windows\system32\ntdll.dll
2592"C:\Users\admin\AppData\Local\Temp\cetrainers\CETADA3.tmp\Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe" -ORIGIN:"C:\Users\admin\AppData\Local\Temp\"C:\Users\admin\AppData\Local\Temp\cetrainers\CETADA3.tmp\Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe
Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\cetrainers\cetada3.tmp\kane and lynch dead men v 1.0.0.129 gog plus 6 trainer.exe.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2736"C:\Users\admin\AppData\Local\Temp\Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe" C:\Users\admin\AppData\Local\Temp\Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\kane and lynch dead men v 1.0.0.129 gog plus 6 trainer.exe.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
Total events
265
Read events
262
Write events
3
Delete events
0

Modification events

(PID) Process:(1924) Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\DirectSound\Speaker Configuration
Operation:writeName:Speaker Configuration
Value:
4
Executable files
5
Suspicious files
1
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
2736Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exeC:\Users\admin\AppData\Local\Temp\cetrainers\CETADA3.tmp\CET_Archive.dat
MD5:
SHA256:
2592Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exeC:\Users\admin\AppData\Local\Temp\cetrainers\CETADA3.tmp\extracted\lua53-32.dllexecutable
MD5:9B8D650FFC6FFF2CFE67A7E5C020CCFB
SHA256:59B9F3FA57C1B7FDD3312F864C20EAEE76BA9FCB7BB8D2542060D3533CED12C2
2592Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exeC:\Users\admin\AppData\Local\Temp\cetrainers\CETADA3.tmp\extracted\Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exeexecutable
MD5:CAA9D29F5B5751A94A179328AAF7CC6F
SHA256:76892D1A377BF7A010D77E3C7B26E42369BA12AD066C3DB71F05E361343E9AED
2592Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exeC:\Users\admin\AppData\Local\Temp\cetrainers\CETADA3.tmp\extracted\defines.luatext
MD5:AF18263191D6F3FE55AF8BD455A947BD
SHA256:A71D5867A2C1A25DFE7649549449024128DD5540A492DA76856E150FDBE07FEB
2592Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exeC:\Users\admin\AppData\Local\Temp\cetrainers\CETADA3.tmp\extracted\CET_TRAINER.CETRAINERbinary
MD5:3CE82B1A1B6D736937508738771E4E98
SHA256:2019B7AE5703B23731B3C38331F871F5B71AC93E1BA3183A8FE3DAA0BE3B1C02
2592Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exeC:\Users\admin\AppData\Local\Temp\cetrainers\CETADA3.tmp\extracted\win32\dbghelp.dllexecutable
MD5:9139604740814E53298A5E8428BA29D7
SHA256:150782FCA5E188762A41603E2D5C7AAD6B6419926BCADF350EBF84328E50948F
2592Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exeC:\Users\admin\AppData\Local\Temp\cetrainers\CETADA3.tmp\extracted\libmikmod32.dllexecutable
MD5:DACD337030C240F324A3D655ECD876E2
SHA256:041427D5AE979B938FC2771BF3AE6E2B0CF6A669FC881B44BE1586E46225532B
2736Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exeC:\Users\admin\AppData\Local\Temp\cetrainers\CETADA3.tmp\Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exeexecutable
MD5:A65C29111A4CF5A7FDD5A9D79F77BCAB
SHA256:DAB3003436B6861AE220CC5FDCB97970FC05AFDF114C2F91E46EED627CE3D6AF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
1
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted

DNS requests

No data

Threats

No threats detected
Process
Message
Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe
Offset of LBR_Count=760
Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe
sizeof fxstate = 512
Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe
TSymbolListHandler.create 1
Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe
TSymbolListHandler.create exit
Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe
TSymhandler.create 2
Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe
TSymhandler.create 1
Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe
TSymhandler.create exit
Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe
TSymhandler.create 3
Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe
TSymbolListHandler.create 2
Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE.exe
TSymhandler.create 3
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Kane and Lynch Dead Men V 1.0.0.129 GOG Plus 6 Trainer.EXE