CheatEngine76.exe Adware BundleInstaller Analysis
Technical Analysis
| File Name | CheatEngine76.exe |
| File Type |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| Scanner Version | 1.0.247.174 |
| Database Version | 2026-05-31 23:00:29 UTC |
Adware.Win32.BundleInstaller.dd!c
Malware family: BundleInstaller
Scan Another File
File Identification
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
e3dfd9ad1f6edf9c413cf96c6beebcad
|
|
| SHA1 |
d10fe35f1ba0d6111563caefd9320950405e075e
|
|
| SHA256 |
f96eca4a678f34c5d6c5e8b3ebb0f086f17ffc869c021e5576f8b906dace0336
|
|
| SHA512 |
e0e4f6235234f7f19b5d720dc9cd2dd5f3951e34ffb869f69d10db92795ed0bdc635f0bdae632a30707f30acc417789068edfd10afe507ec6bdda66696440705
|
|
| ImpHash |
40ab50289f7ef5fae60801f88d4541fc
|
PE Analysis
Basic Information
▼| Icon |
Hash: a0ef7c81eee20e999575764306184ccf
Fuzzy: 8341e53a6f1047f3c936b4d36dc8f542 dHash: 5050d274ccec82ae |
| Image Base | 0x00400000 |
| Entry Point | 0x004a83bc |
| Compilation Time | 2024-06-09 11:07:51 |
| Checksum | 0x0230b7d4 (Actual: 0x02307b38) |
| OS Version | 6.1 |
| PEiD Signatures |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| Digital Signature | OK |
| Imports |
5 libraries
kernel32, comctl32, user32, oleaut32, advapi32 |
| Exports | 2 functions |
| Resources | 30 Resources |
| Sections | 10 Sections |
Version Information
▼| Comments | This installation was built with Inno Setup. |
| CompanyName | |
| FileDescription | \ud835\uddafloo\ud835\uddcdo Inc. |
| FileVersion | 7.6.0 |
| LegalCopyright | © \ud835\uddafloo\ud835\uddcdo Inc. |
| OriginalFileName | |
| ProductName | \ud835\uddafloo\ud835\uddcdo Inc. |
| ProductVersion | 7.6.0 |
| Translation | 0x0000 0x04b0 |
PE Sections
▼| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
677,516 bytes | 677,888 bytes | 6.38 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
B889D302F6FC48A904DE33D8D947AE80 |
.itext |
0x000a7000 |
7,012 bytes | 7,168 bytes | 6.11 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
588DD0A8AB499300D3701CBD11B017D9 |
.data |
0x000a9000 |
14,392 bytes | 14,848 bytes | 4.96 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
5C0C76E77AEF52EBC6702430837CCB6E |
.bss |
0x000ad000 |
29,272 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.idata |
0x000b5000 |
4,076 bytes | 4,096 bytes | 5.02 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
627340DFF539EF99048969AA4824FB2D |
.didata |
0x000b6000 |
420 bytes | 512 bytes | 2.73 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
FD11C1109737963CC6CB7258063ABFD6 |
.edata |
0x000b7000 |
113 bytes | 512 bytes | 1.31 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
7DE8CA0C7A61668A728FD3A88DC0942D |
.tls |
0x000b8000 |
24 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.rdata |
0x000b9000 |
93 bytes | 512 bytes | 1.39 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
D84006640084DC9F74A07C2FF9C7D656 |
.rsrc |
0x000ba000 |
69,632 bytes | 69,632 bytes | 3.72 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
DE3D2C2B08672B5BD6CA4893A4A71039 |
Resource Analysis
▼| Resource Type | Count | Total Size | Percentage |
|---|---|---|---|
| RT_ICON | 13 | 55,173 bytes | |
| RT_STRING | 11 | 8,336 bytes | |
| RT_RCDATA | 3 | 844 bytes | |
| RT_GROUP_ICON | 1 | 188 bytes | |
| RT_VERSION | 1 | 1,412 bytes | |
| RT_MANIFEST | 1 | 1,960 bytes |
Certificate Chain Analysis
▼No Digital Signatures
This file is not digitally signed.
Security Implications:
- Cannot verify the publisher's identity
- Increased security risk when running this file
- May trigger security warnings on some systems
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
Certificate Verification Status
OK
Adware.Win32.BundleInstaller.dd!c Removal
Gridinsoft has the capability to identify and eliminate Adware.Win32.BundleInstaller.dd!c without requiring further user intervention.
Download Anti-MalwareRemoval Instructions
Follow these steps to completely remove the threat from your system
-
1
Get Gridinsoft Anti-Malware — it's a quick 2 MB download that won't slow down your PC.
-
2
Run the installer gsam-en-install.exe. The setup takes about 2 minutes and doesn't require a restart.
-
3
The app launches right after installation. You'll see the main dashboard with the scan button front and center.
-
4
Hit "Standard Scan" — this checks all the spots where malware typically hides: temp folders, browser data, startup programs, and system directories.
-
5
Once the scan finds this threat, click "Clean Now". The removal usually happens instantly, though some stubborn infections may need a reboot.
-
6
If you see a restart prompt, go ahead and reboot. This clears any malware that was running in memory and ensures your system starts fresh.
Leave a Comment
Gridinsoft Anti-Malware
Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware
Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!
