The CoD2SP_s.exe File Analysis

Updated 8 months ago

Checked by Malware Check

CoD2SP_s.exe

Technical Analysis

File Name	CoD2SP_s.exe
File Type	Win32 EXE
Magic Bytes	`PE32 executable (GUI) Intel 80386, for MS Windows`
SSDEEP Hash	49152:gUZ1s3dftpZalSTouBjEsv1YKxBvRiCjEUAtoEBlDQC38zivs/:gUZ1s3d1pZasTouBjEsv1YmBvhKt
Scanner Version	1.0.193.174
Database Version	2024-10-18 01:00:24 UTC

⚠

Suspicious File Detected

Detected by 15 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

21%

Detection Rate

1,753,088

File Size (bytes)

15/70

Engines Detected

2024-10-18

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	3c658b5eb206fdad0cf325d6ca46da95
SHA1	9b89161214f448a564cad0d84409a35cb85e023a
SHA256	e569b0098e29b4bc81b8bcec0b98c8aa81114763eb6879595f5dfa395b350e49
SHA512	d47eceb91db5ab7da7ff2b06c3fe2c57c96b6ff22e8b2caacf768b80980f60f1f0ead9cbbb8b51bfe3be86648edfa50a08a4e2e087f84e20bf26dfeaf03b7658
ImpHash	6b94bbe3e2deeb4142712d75c1c980ae

Security Engines with Detections (15 of 70)

Bkav

W32.AIDetectMalware Malicious

CyrenCloud

Risk/WIN32_EXE.e569b009!Threatlookup Malicious

Cylance

unsafe Malicious

K7GW

Riskware ( 0040eff71 ) Malicious

K7AntiVirus

Riskware ( 0040eff71 ) Malicious

APEX

Malicious Malicious

TrendMicro

PUA.Win32.GameHack.AF Malicious

Sophos

Troj/Agent-AGBP Malicious

Jiangmin

Trojan.Generic.3c6 Malicious

Antiy-AVL

Trojan/Win32.SGeneric Malicious

Google

Detected Malicious

VBA32

Trojan.Wacatac Malicious

TrendMicro-HouseCall

PUA.Win32.GameHack.AF Malicious

Rising

[email protected] (RDML:msC/OIi9LJhTEu5OsCQRhg) Malicious

Fortinet

W32/Agent.AGBP!tr Malicious

55 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Icon	Hash: aad3128af3be993632a249518601e2ad Fuzzy: cdade7c37036fbe5d5755e90bd55f5e9 dHash: d211daf891a98c96
Image Base	`0x00400000`
Entry Point	`0x00554683`
Compilation Time	1970-03-07 10:30:28
Checksum	0x00000000 (Actual: 0x001ad324)
OS Version	4.0
PEiD Signatures	`PE32 executable (GUI) Intel 80386, for MS Windows`
PDB Path	`c:\builds\crc6_v1\pc\cod2\pc\CoD2SP_s.pdb`
Digital Signature	No valid SignedData structure was found.
Imports	9 libraries advapi32, gdi32, kernel32, shell32, user32, winmm, ws2_32, d3d9, mss32
Exports	0 functions
Resources	7 Resources
Sections	4 Sections

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	1,470,464 bytes	1,469,666 bytes	6.68 (Compressed)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`722878671D1EDA64A3D70F0843BF2AD0`
`.rdata`	`0x00168000`	192,512 bytes	189,575 bytes	5.66 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`A360F3C0DE57C0C511387458450B07B0`
`.data`	`0x00197000`	24,276,992 bytes	68,576 bytes	3.14 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`A4E54DE092C07B0A1DD439115BCCCF9F`
`.rsrc`	`0x018be000`	14,918 bytes	14,918 bytes	4.58 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`7D35CBC1ADA5FBAB53C0ACCB16A22F69`

Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 7 (14,412 bytes)

Resource Type	Count	Total Size	Percentage
RT_ICON	5	14,280 bytes	99.1%
RT_STRING	1	56 bytes	0.4%
RT_GROUP_ICON	1	76 bytes	0.5%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

15 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1