PlayRDR2[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

PlayRDR2.exe
Size

391KB
MD5

b37fafba0ac90383f641ad8c532d48c5
SHA1

5002704da76b88200c677a543294a850285651e4
SHA256

bad73c2fc3a5de06a6d780602c204db8286103532977dbdab30ee8ca0c42dd71
SHA512

05cec5b914b1f7777333f2e28a9422ca5777933bb8f36d4a249d7d41e53b4c63cb475acbd43f0d067d32e98f72015fcba6af36134d0c1f311f11571f728f4cb9
SSDEEP

6144://gMJ5TYWCchCcAN3I2zfVo2gRN0lxqBUb5NBxhWFEc/1zx://pJ5TYWbh/ANzdcS0Y5N

Score

N/A

Malware Config

Signatures

Files

PlayRDR2.exe
.exe windows x64

d4ffe4cbb89709e1853a5e613732c5c0

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:65:f4:57:25:17:cb:cc:aa:8b:37:76:58:0a:8d:3d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/02/2020, 00:00

Not After

17/02/2023, 12:00

Subject

CN=Rockstar Games\, Inc.,OU=Rockstar Games,O=Rockstar Games\, Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e8:26:23:2b:e3:12:c1:b4:e4:6a:6a:c6:23:c5:62:22:78:b5:4e:43
Signer

Actual PE Digest

e8:26:23:2b:e3:12:c1:b4:e4:6a:6a:c6:23:c5:62:22:78:b5:4e:43

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Rockstar Games\, Inc.,OU=Rockstar Games,O=Rockstar Games\, Inc.,L=New York,ST=New York,C=US

14/05/2020, 15:51
Valid: true

Chain 1

CN=Rockstar Games\, Inc.,OU=Rockstar Games,O=Rockstar Games\, Inc.,L=New York,ST=New York,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleFileNameW
GetEnvironmentVariableW
WaitForSingleObject
CloseHandle
VerSetConditionMask
GetCommandLineW
GetExitCodeProcess
DeleteFileW
GetFileSizeEx
SetFilePointer
WriteFile
OutputDebugStringW
VerifyVersionInfoW
GetModuleHandleW
GetLastError
SetLastError
CreateEventW
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
UnregisterWaitEx
FormatMessageA
MoveFileW
RegisterWaitForSingleObject
MultiByteToWideChar
WideCharToMultiByte
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
K32EnumProcessModules
K32GetModuleFileNameExW
CreateDirectoryW
GetFileAttributesW
GetTempPathW
ReleaseMutex
CreateMutexW
GetSystemTime
SystemTimeToFileTime
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
GetProcAddress
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
CreateFileW

user32

MessageBoxW
LoadStringW
MessageBoxIndirectW

advapi32

RegGetValueW

shell32

ShellExecuteW
ShellExecuteExW
CommandLineToArgvW
SHGetKnownFolderPath

msvcp140

?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Xtime_get_ticks
?_Xbad_function_call@std@@YAXXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?uncaught_exception@std@@YA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z

shlwapi

PathFindFileNameW

version

VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoW

vcruntime140

_CxxThrowException
__std_exception_copy
__std_terminate
wcsstr
memcpy
__C_specific_handler
__CxxFrameHandler3
memmove
memset
_purecall
__std_exception_destroy

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_initialize_wide_environment
_configure_wide_argv
exit
_exit
_set_app_type
_seh_filter_exe
_invalid_parameter_noinfo_noreturn
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_cexit
_get_wide_winmain_command_line

api-ms-win-crt-stdio-l1-1-0

setvbuf
fwrite
_fseeki64
fsetpos
fread
fputc
fgetpos
fgetc
fflush
fclose
_get_stream_buffer_pointers
ungetwc
fputwc
fgetwc
__p__commode
_set_fmode
__stdio_common_vswscanf
__stdio_common_vsprintf_s
__stdio_common_vsnprintf_s
ungetc

api-ms-win-crt-string-l1-1-0

tolower
_wcsicmp
strcpy_s
toupper
towlower
towupper

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
malloc
_callnewh

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

ole32

CoTaskMemFree

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 302KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4ffe4cbb89709e1853a5e613732c5c0

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0f:65:f4:57:25:17:cb:cc:aa:8b:37:76:58:0a:8d:3dCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

e8:26:23:2b:e3:12:c1:b4:e4:6a:6a:c6:23:c5:62:22:78:b5:4e:43Signer

Signature Validations

Verification

14/05/2020, 15:51 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcp140

shlwapi

version

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

ole32

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 302KB - Virtual size: 302KB

.reloc Size: 512B - Virtual size: 344B

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0f:65:f4:57:25:17:cb:cc:aa:8b:37:76:58:0a:8d:3d
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

e8:26:23:2b:e3:12:c1:b4:e4:6a:6a:c6:23:c5:62:22:78:b5:4e:43
Signer

14/05/2020, 15:51
Valid: true

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 302KB - Virtual size: 302KB

.reloc
Size: 512B - Virtual size: 344B