File name:

CALARADO CHEAT ON FORTNITE.exe

Full analysis: https://app.any.run/tasks/c451f561-5a36-481c-9f33-a93b310a9267
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: April 01, 2019, 12:25:25
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
stealer
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5:

F4143B60ED97587F280F43962890ABE7

SHA1:

1B07B77242284443878C4BF122C502461C56192A

SHA256:

E78686C2DD3C06159D407FB23E8C19C61EDC575E556944FF2871D37683166E6E

SSDEEP:

98304:VEY/ZL7SbmWWgOsdE4nv6etBgkt7AJhQgyMyX3:VEYBL7umWWyCe9RAJnpW

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Stealing of credential data

      • CALARADO CHEAT ON FORTNITE.exe (PID: 764)

    • Actions looks like stealing of personal data

      • CALARADO CHEAT ON FORTNITE.exe (PID: 764)

  • SUSPICIOUS

    • Reads the cookies of Google Chrome

      • CALARADO CHEAT ON FORTNITE.exe (PID: 764)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.3)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 0000:00:00 00:00:00
PEType: PE32
LinkerVersion: 3
CodeSize: 3299328
InitializedDataSize: 247808
UninitializedDataSize: -
EntryPoint: 0xf3410
OSVersion: 4
ImageVersion: 1
SubsystemVersion: 4
Subsystem: Windows GUI

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 01-Jan-1970 00:00:00
Detected languages:
  • English - United States

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0004
Size of header: 0x0000
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x008B
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x00000080

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 7
Time date stamp: 01-Jan-1970 00:00:00
Pointer to Symbol Table: 0x00658800
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_DEBUG_STRIPPED
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_RELOCS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
0x00001000
0x00325607
0x00325800
IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.15983
.rdata
0x00327000
0x002F5578
0x002F5600
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
5.7775
.data
0x0061D000
0x00052AA8
0x0003C800
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
6.00382
.idata
0x00670000
0x00000B82
0x00000C00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
4.73051
.edata
0x00671000
0x000001A1
0x00000200
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
4.49904
.symtab
0x00672000
0x00000004
0x00000200
IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
0.0203931
.rsrc
0x00673000
0x00010B88
0x00010C00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
2.61565

Resources

Title
Entropy
Size
Codepage
Language
Type
1
2.54431
67624
UNKNOWN
English - United States
RT_ICON
100
4.80034
603
UNKNOWN
English - United States
RT_MANIFEST

Imports

kernel32.dll
msvcrt.dll
winmm.dll
ws2_32.dll

Exports

Title
Ordinal
Address
_cgo_panic
1
0x001BBC60
_cgo_topofstack
2
0x000F29F0
authorizerTrampoline
3
0x00001290
callbackTrampoline
4
0x00001070
commitHookTrampoline
5
0x000011B0
compareTrampoline
6
0x00001150
crosscall2
7
0x001BBC90
doneTrampoline
8
0x00001110
rollbackHookTrampoline
9
0x000011F0
stepTrampoline
10
0x000010C0
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
32
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start calarado cheat on fortnite.exe

Process information

PID
CMD
Path
Indicators
Parent process
764"C:\Users\admin\AppData\Local\Temp\CALARADO CHEAT ON FORTNITE.exe" C:\Users\admin\AppData\Local\Temp\CALARADO CHEAT ON FORTNITE.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\calarado cheat on fortnite.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
7
Read events
7
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
1
Text files
1
Unknown types
3

Dropped files

PID
Process
Filename
Type
764CALARADO CHEAT ON FORTNITE.exeC:\Users\admin\AppData\Local\y5of3uo6a2gi\google_chrome_default_cookie.txt
MD5:
SHA256:
764CALARADO CHEAT ON FORTNITE.exeC:\Users\admin\AppData\Local\y5of3uo6a2gi\google_chrome_default_ccdata.txt
MD5:
SHA256:
764CALARADO CHEAT ON FORTNITE.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies1sqlite
MD5:
SHA256:
764CALARADO CHEAT ON FORTNITE.exeC:\Users\admin\AppData\Local\m5pvzqreken9.zipcompressed
MD5:
SHA256:
764CALARADO CHEAT ON FORTNITE.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data1sqlite
MD5:
SHA256:
764CALARADO CHEAT ON FORTNITE.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\LoginData1sqlite
MD5:
SHA256:
764CALARADO CHEAT ON FORTNITE.exeC:\Users\admin\AppData\Local\y5of3uo6a2gi\google_chrome_default_logins.txttext
MD5:8CD3E621740BE01918DBD04A08733B6A
SHA256:2ED9E01F2B6C815EC72FF815CD9911195E67DAB9EEF4C40BFF7F9A878722F688
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
1
DNS requests
3
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
764
CALARADO CHEAT ON FORTNITE.exe
92.53.96.230:80
cj42442.tmweb.ru
TimeWeb Ltd.
RU
malicious

DNS requests

Domain
IP
Reputation
cj42442.tmweb.ru
  • 92.53.96.230
malicious
dns.msftncsi.com
  • 131.107.255.255
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
CALARADO CHEAT ON FORTNITE.exe