Should I block it?

90%
90% of PCs block this file from running.
Possible reason:
Multiple malware detections

VersionsAdditional versions

6.2.1.2643 50.00%
6.1.0.1561 50.00%

Relationships

PE structurePE file structure
Show functions
Import table
advapi32.dll
AdjustTokenPrivileges, AllocateAndInitializeSid, ChangeServiceConfigA, CloseServiceHandle, CreateServiceA, LookupPrivilegeValueA, OpenProcessToken, OpenSCManagerA, OpenServiceA, RegCloseKey, RegCreateKeyExA, RegDeleteKeyA, RegDeleteValueA, RegEnumKeyExA, RegEnumValueA, RegFlushKey, RegOpenKeyExA, RegQueryInfoKeyA, RegQueryValueExA, RegSetValueExA, StartServiceA
comctl32.dll
ImageList_Add, ImageList_AddMasked, ImageList_BeginDrag, ImageList_Copy, ImageList_Create, ImageList_Destroy, ImageList_DragEnter, ImageList_DragLeave, ImageList_DragMove, ImageList_DragShowNolock, ImageList_DrawEx, ImageList_DrawIndirect, ImageList_EndDrag, ImageList_GetImageCount, ImageList_Remove, ImageList_Replace, ImageList_SetImageCount, InitCommonControls
comdlg32.dll
ChooseColorA, ChooseFontA, ChooseFontW, CommDlgExtendedError, GetOpenFileNameA, GetOpenFileNameW, GetSaveFileNameA, GetSaveFileNameW
gdi32.dll
Arc, BitBlt, Chord, CombineRgn, CreateBitmap, CreateBrushIndirect, CreateCompatibleBitmap, CreateCompatibleDC, CreateDIBSection, CreateDIBitmap, CreateEllipticRgn, CreateFontIndirectA, CreateFontIndirectW, CreatePatternBrush, CreatePen, CreatePenIndirect, CreatePolygonRgn, CreateRectRgn, CreateRoundRectRgn, CreateSolidBrush, DPtoLP, DeleteDC, DeleteObject, Ellipse, EnumFontFamiliesA, EnumFontFamiliesExA, EnumFontFamiliesExW, ExcludeClipRect, ExtCreatePen, ExtCreateRegion, ExtFloodFill, ExtSelectClipRgn, ExtTextOutA, ExtTextOutW, GetBitmapBits, GetBkColor, GetCharABCWidthsA, GetClipBox, GetClipRgn, GetCurrentObject, GetDCOrgEx, GetDIBits, GetDeviceCaps, GetMapMode, GetObjectA, GetObjectType, GetObjectW, GetPixel, GetROP2, GetRandomRgn, GetRgnBox, GetStockObject, GetTextAlign, GetTextColor, GetTextExtentPoint32A, GetTextExtentPoint32W, GetTextMetricsA, GetViewportExtEx, GetViewportOrgEx, GetWindowExtEx, GetWindowOrgEx, IntersectClipRect, LPtoDP, LineTo, MaskBlt, MoveToEx, OffsetRgn, OffsetViewportOrgEx, PatBlt, Pie, PolyBezier, Polygon, Polyline, PtInRegion, RealizePalette, RectVisible, Rectangle, RestoreDC, RoundRect, SaveDC, SelectClipRgn, SelectObject, SelectPalette, SetArcDirection, SetBkColor, SetBkMode, SetBrushOrgEx, SetMapMode, SetPixel, SetPolyFillMode, SetROP2, SetStretchBltMode, SetTextAlign, SetTextCharacterExtra, SetTextColor, SetViewportExtEx, SetViewportOrgEx, SetWindowExtEx, SetWindowOrgEx, StretchBlt, TextOutW, FillRgn, GetTextExtentExPointA, GetTextExtentExPointW
hhctrl.ocx
HtmlHelpA
imagehlp.dll
StackWalk64, SymCleanup, SymEnumerateModules, SymEnumerateModules64, SymEnumerateSymbols, SymEnumerateSymbols64, SymFunctionTableAccess64, SymGetModuleBase64, SymGetOptions, SymGetSearchPath, SymInitialize, SymLoadModule64, SymSetOptions, SymSetSearchPath
kernel32.dll
BeginUpdateResourceA, CloseHandle, CompareStringA, CompareStringW, CopyFileA, CreateDirectoryA, CreateDirectoryW, CreateEventA, CreateFileA, CreateFileMappingA, CreateNamedPipeA, CreateProcessA, CreateThread, DeleteCriticalSection, DeleteFileA, DeleteFileW, DeviceIoControl, DosDateTimeToFileTime, DuplicateHandle, EndUpdateResourceA, EnterCriticalSection, EnumCalendarInfoA, EnumResourceLanguagesA, EnumResourceNamesA, EnumResourceTypesA, ExitProcess, ExitThread, FileTimeToDosDateTime, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FindResourceA, FindResourceExA, FlushInstructionCache, FormatMessageA, FreeEnvironmentStringsA, FreeLibrary, FreeResource, GetACP, GetCommandLineA, GetConsoleMode, GetConsoleOutputCP, GetCurrentDirectoryA, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetDateFormatA, GetEnvironmentStringsA, GetExitCodeProcess, GetExitCodeThread, GetFileAttributesA, GetFileAttributesW, GetFileSize, GetFileTime, GetFileType, GetLastError, GetLocalTime, GetLocaleInfoA, GetModuleFileNameA, GetModuleHandleA, GetProcAddress, GetProcessAffinityMask, GetProcessHeap, GetProcessWorkingSetSize, GetStartupInfoA, GetStdHandle, GetSystemInfo, GetTempPathA, GetThreadLocale, GetThreadPriority, GetTickCount, GetUserDefaultLCID, GetVersionExA, GetWindowsDirectoryA, GlobalAddAtomA, GlobalAlloc, GlobalDeleteAtom, GlobalLock, GlobalMemoryStatus, GlobalReAlloc, GlobalSize, GlobalUnlock, HeapAlloc, HeapFree, InitializeCriticalSection, LeaveCriticalSection, LoadLibraryA, LoadLibraryExA, LoadResource, LocalAlloc, LocalFileTimeToFileTime, LocalFree, LockResource, MapViewOfFile, MoveFileA, MoveFileW, MulDiv, MultiByteToWideChar, OpenFileMappingA, OpenProcess, OutputDebugStringA, PeekNamedPipe, ReadFile, ReadProcessMemory, RemoveDirectoryA, RemoveDirectoryW, ResetEvent, ResumeThread, SetCurrentDirectoryA, SetCurrentDirectoryW, SetEndOfFile, SetErrorMode, SetEvent, SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetFileTime, SetLastError, SetProcessAffinityMask, SetProcessWorkingSetSize, SetThreadPriority, SetUnhandledExceptionFilter, SizeofResource, Sleep, SuspendThread, TerminateThread, TlsAlloc, TlsGetValue, TlsSetValue, TryEnterCriticalSection, UnmapViewOfFile, UpdateResourceA, VirtualAlloc, VirtualFree, VirtualQueryEx, WaitForMultipleObjects, WaitForSingleObject, WideCharToMultiByte, WriteFile, WriteProcessMemory, DllMain
lua5.1-32.dll
luaL_loadfile, luaL_loadstring, luaL_newstate, luaL_openlibs, luaL_ref, luaL_unref, lua_atpanic, lua_call, lua_close, lua_createtable, lua_error, lua_getfield, lua_gettable, lua_gettop, lua_isnumber, lua_isstring, lua_pcall, lua_pushboolean, lua_pushcclosure, lua_pushinteger, lua_pushlightuserdata, lua_pushlstring, lua_pushnumber, lua_pushvalue, lua_rawgeti, lua_setfield, lua_settable, lua_settop, lua_toboolean, lua_tointeger, lua_tolstring, lua_tonumber, lua_touserdata, lua_type, lua_isuserdata, lua_newthread, lua_objlen, lua_pushnil
ole32.dll
CLSIDFromProgID, CoCreateGuid, CoCreateInstance, CoFreeUnusedLibraries, CoInitialize, CoTaskMemAlloc, CoTaskMemFree, CoUninitialize, GetErrorInfo, OleInitialize, OleUninitialize
oleaut32.dll
SafeArrayAccessData, SafeArrayCreate, SafeArrayGetElement, SafeArrayGetLBound, SafeArrayGetUBound, SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayRedim, SafeArrayUnaccessData, SysAllocStringLen, SysFreeString, SysReAllocStringLen, VariantChangeTypeEx, VariantClear, VariantCopy, VariantInit
shell32.dll
DragAcceptFiles, DragFinish, DragQueryFileA, DragQueryFileW, ExtractIconA, SHBrowseForFolder, SHBrowseForFolderW, SHGetMalloc, SHGetPathFromIDList, SHGetPathFromIDListW, SHGetSpecialFolderLocation, ShellExecuteA
user32.dll
DllMain
version.dll
GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
ws2_32.dll
WSACleanup, WSAStartup, bind, closesocket, connect, recv, recvfrom, send, sendto, setsockopt, socket
wsock32.dll
WSAStartup, gethostbyaddr, gethostbyname

cheatengine-i386.exe

By Cheat Engine

Remove cheatengine-i386.exe
Version:   6.1.0.1561
MD5:   ab9983b19ae94f47cc870e1914955370
SHA1:   42641e6015220db5095b28606c82c003e2db097b
SHA256:   ce481709c585d0efeebabce7da99ed338d0faa80556eac6fd150fd44ed1f0b48
Warning 3 antivirus scanners has detected malware.

Overview

cheatengine-i386.exe is malware that executes as a process with the local user's privileges. This is typically installed with the program Cheat Engine 6.1 published by Dark Byte.

DetailsDetails

File name:cheatengine-i386.exe
Publisher:Cheat Engine
Description:Cheat Engine
Typical file path:C:\Program Files\cheat engine 6.1\cheatengine-i386.exe
File version:6.1.0.1561
Product version:6.1
Size:6 MB (6,290,884 bytes)
Digital DNA
PE subsystem:Windows GUI
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following program will install this file
Cheat Engine
 Dark Byte
5% remove
Cheat Engine, commonly abbreviated as CE, is an open source memory scanner/hex editor/debugger created by Eric Heijnen ("Dark Byte") for the Windows operating system. Cheat Engine is mostly used for cheating in computer games, and is sometimes modified and recompiled to evade detection. Cheat Engine can view the disassembled memory of a process and make alterations to give the user advantages such as infinite health, time or ammunition....

MalwareMalware detections

Based on 40+ industry antivirus scanners, 3 of them detected the following malware.
Antivirus engineEngine versionDetection
ESET NOD32 7.9381 a variant of Win32/HackTool.CheatEngine.AB
Norman 7.03.02 Obfuscated_I
ViRobot 2011.4.7.4223 JS.A.Pakes.6290884

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00221587%
0.028634%
Kernel CPU:0.00098417%
0.013761%
User CPU:0.00123170%
0.014873%
Kernel CPU time:1,498 ms/min
100,923,805ms/min
Memory
Private memory:70.58 MB
21.59 MB
Private (maximum):71.89 MB
Private (minimum):69.04 MB
Non-paged memory:70.58 MB
21.59 MB
Virtual memory:225.4 MB
140.96 MB
Virtual memory (peak):293.81 MB
169.69 MB
Working set:69.04 MB
18.61 MB
Working set (peak):71.92 MB
37.95 MB
Resource allocations
Threads:3
12
Handles:136
600
GUI GDI count:176
103
GUI GDI peak:195
142
GUI USER count:112
49
GUI USER peak:126
71

BehaviorsProcess properties

Integrety level:High
Platform:32-bit
Command line:"C:\Program Files\cheat engine 6.1\cheatengine-i386.exe"
Owner:User

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 100.00%

Distribution by countryDistribution by country

Indonesia installs about 50.00% of cheatengine-i386.exe.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
ASUS 50.00%
Lenovo 50.00%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE