File name: | Core Spoofer 4.0.exe |
Full analysis: | https://app.any.run/tasks/9a33c46e-cd59-4ac1-9a10-4e18dd58b95a |
Verdict: | Malicious activity |
Analysis date: | July 12, 2020, 10:54:03 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | MS-DOS executable |
MD5: | 4CBF802B651C90B4D4DA245A7D0DC2A3 |
SHA1: | BEFAB523AF7AEFF0BA3F59F80380AAAD82CC0B3D |
SHA256: | D42AD0C64669BCD0D3849E4C8152F16C0E95142064E6B12F7CDE03E68D59DEFA |
SSDEEP: | 6144:CN7ldgF8QwkAuh3Cr9Gn9tlRBWNNvRWuO4afqYDei60hFRC95ec2B4Vfa:Cpg1Auh3S9GnTlRBWXSf76C/gQFaS |
.exe | | | DOS Executable Generic (100) |
---|
MachineType: | Intel 386 or later, and compatibles |
---|---|
TimeStamp: | 2020:05:22 03:11:06+02:00 |
PEType: | PE32 |
LinkerVersion: | 48 |
CodeSize: | 22528 |
InitializedDataSize: | 58368 |
UninitializedDataSize: | - |
EntryPoint: | 0x29000 |
OSVersion: | 4 |
ImageVersion: | - |
SubsystemVersion: | 6 |
Subsystem: | Windows command line |
FileVersionNumber: | 1.0.0.0 |
ProductVersionNumber: | 1.0.0.0 |
FileFlagsMask: | 0x003f |
FileFlags: | (none) |
FileOS: | Win32 |
ObjectFileType: | Executable application |
FileSubtype: | - |
LanguageCode: | Neutral |
CharacterSet: | Unicode |
Comments: | Ayeee 2.0 is litty |
CompanyName: | - |
FileDescription: | FimxiSpoofa |
FileVersion: | 1.0.0.0 |
InternalName: | Core Spoofer.exe |
LegalCopyright: | Copyright © 2020 |
LegalTrademarks: | - |
OriginalFileName: | Core Spoofer.exe |
ProductName: | FimxiSpoofa |
ProductVersion: | 1.0.0.0 |
AssemblyVersion: | 2.0.0.0 |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_CUI |
Compilation Date: | 22-May-2020 01:11:06 |
Comments: | Ayeee 2.0 is litty |
CompanyName: | - |
FileDescription: | FimxiSpoofa |
FileVersion: | 1.0.0.0 |
InternalName: | Core Spoofer.exe |
LegalCopyright: | Copyright © 2020 |
LegalTrademarks: | - |
OriginalFilename: | Core Spoofer.exe |
ProductName: | FimxiSpoofa |
ProductVersion: | 1.0.0.0 |
Assembly Version: | 2.0.0.0 |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x4E54 |
Pages in file: | 0xF585 |
Relocations: | 0xA65B |
Size of header: | 0xB7FF |
Min extra paragraphs: | 0x35CF |
Max extra paragraphs: | 0xC042 |
Initial SS value: | 0x6341 |
Initial SP value: | 0x306F |
Checksum: | 0x9CA3 |
Initial IP value: | 0x0D9D |
Initial CS value: | 0xFDDF |
Overlay number: | 0x431D |
OEM identifier: | 0xC4D9 |
OEM information: | 0xE2FE |
Address of NE header: | 0x00000100 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 4 |
Time date stamp: | 22-May-2020 01:11:06 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
0x00029000 | 0x00018000 | 0x00017CA2 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 7.99641 | |
.rsrc | 0x0001A000 | 0x0000E280 | 0x0000E280 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.34208 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 5.00025 | 3361 | UNKNOWN | UNKNOWN | RT_MANIFEST |
32512 | 2.01924 | 20 | UNKNOWN | UNKNOWN | RT_GROUP_ICON |
55899 | 7.2508 | 288 | UNKNOWN | UNKNOWN | RT_RCDATA |
advapi32.dll |
comctl32.dll |
kernel32.dll |
mscoree.dll |
shell32.dll |
user32.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1704 | "C:\Users\admin\AppData\Local\Temp\Core Spoofer 4.0.exe" | C:\Users\admin\AppData\Local\Temp\Core Spoofer 4.0.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Description: FimxiSpoofa Exit code: 3221226540 Version: 1.0.0.0 | ||||
2452 | "C:\Users\admin\AppData\Local\Temp\Core Spoofer 4.0.exe" | C:\Users\admin\AppData\Local\Temp\Core Spoofer 4.0.exe | explorer.exe | |
User: admin Integrity Level: HIGH Description: FimxiSpoofa Version: 1.0.0.0 | ||||
748 | "cmd.exe" | C:\Windows\system32\cmd.exe | — | Core Spoofer 4.0.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2016 | taskkill /f /im UnrealCEFSubProcess.exe | C:\Windows\system32\taskkill.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Terminates Processes Exit code: 128 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2824 | taskkill /f /im CEFProcess.exe | C:\Windows\system32\taskkill.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Terminates Processes Exit code: 128 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3632 | taskkill /f /im EasyAntiCheat.exe | C:\Windows\system32\taskkill.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Terminates Processes Exit code: 128 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1944 | taskkill /f /im BEService.exe | C:\Windows\system32\taskkill.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Terminates Processes Exit code: 128 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
4028 | taskkill /f /im BEServices.exe | C:\Windows\system32\taskkill.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Terminates Processes Exit code: 128 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3356 | taskkill /f /im BattleEye.exe | C:\Windows\system32\taskkill.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Terminates Processes Exit code: 128 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2360 | taskkill /f /im epicgameslauncher.exe | C:\Windows\system32\taskkill.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Terminates Processes Exit code: 128 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2452 | Core Spoofer 4.0.exe | C:\Windows\IME\cleaner1.bat | text | |
MD5:781C8C9D8911CE253CE99A18EDA95A19 | SHA256:5F0DE2628B655B8E56940025EE91CD7918B98AE68F8B92D5C06E078637AED7DC | |||
2452 | Core Spoofer 4.0.exe | C:\Windows\IME\cleaner7.bat | text | |
MD5:554809A8C20A23915E136E652FE67161 | SHA256:04548DA10E1CF28D9313CCC66D3B2246667F977BE3042020B7851F056604D2BF | |||
2452 | Core Spoofer 4.0.exe | C:\Windows\IME\cleaner9.bat | text | |
MD5:5ECE210F821F5758D07E4DF80D705371 | SHA256:A84A3017627C6031CE914B2F56D07DF072A7BDC361B6F7239B6D1D5F36B48FD9 | |||
2452 | Core Spoofer 4.0.exe | C:\Windows\IME\cleaner3.bat | text | |
MD5:B5D3A0A160CE927F3AA86AD5EE31AF0B | SHA256:FFE0AB3CA8BBE6128EA5A34E20AA254D547BA2D8D062B55F72CEE90B5AC664BB | |||
2452 | Core Spoofer 4.0.exe | C:\Windows\IME\cleaner8.bat | text | |
MD5:741E75C6BBE74B8C88DE30CE209F6F3D | SHA256:3FEC761C17FC0C32EFA6F34B1D36A0C29785DF794962F0474C1DAF8FDD6D12CD | |||
2452 | Core Spoofer 4.0.exe | C:\Windows\IME\cleaner5.bat | text | |
MD5:8EF27DECCF2184FACDBBC034916426A8 | SHA256:38A16BD4225365FFCC2F60A6685F317A6341ACB57677A6980F8E392FF2A37FD5 | |||
2452 | Core Spoofer 4.0.exe | C:\Windows\IME\cleaner6.bat | text | |
MD5:4A5F56628C636234D71308056427C174 | SHA256:FEB5C3FE082309F32BF3A50AE262E337EB1856DB5F317C4EADD5E8631E881DF8 | |||
2452 | Core Spoofer 4.0.exe | C:\Windows\IME\cleaner2.bat | text | |
MD5:D4309967513EE17FA9A1EC8654C0BF88 | SHA256:55DFFBC897E2B03A22084E9A5D7802A58B314CDF1BC780B92806738C3FDDDBBD | |||
2452 | Core Spoofer 4.0.exe | C:\Windows\IME\cleaner4.bat | text | |
MD5:76805F01CC8B36688162F3FF615B3854 | SHA256:44A9F3AE95338AE20C9215E69EBAD57E8EFACE197B2B3F522257246974EC0B2D |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2452 | Core Spoofer 4.0.exe | 162.159.129.233:443 | cdn.discordapp.com | Cloudflare Inc | — | shared |
Domain | IP | Reputation |
---|---|---|
cdn.discordapp.com |
| shared |
desktop.ini |
| unknown |