GTA5[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

GTA5.exe
Size

58.4MB
MD5

a02246c25547e469e9c872c8c82b0c2d
SHA1

6442e03ef0cfa6fc4c6e59292abc3eaf2e634c00
SHA256

56d99f1e1e650ecb483df40e3a93ddfece774f06471784c006d0fc95b2f38982
SHA512

20f4d44b93f213cc866f340b850e47f0a6a3d3cc9ee627e43f6dca0942a631b6bc611eaea3add413dbd2bce0dac3cde79ca1687505474a7463887ef303b93066
SSDEEP

786432:5bPBroFQFyH0fuONWDFRwZYVEOOgHmcJ82RZXHwiIh7YfI1vh/xeGzFCovcrXj:FPH802SgRIYVEOOgGcPnwii7lpnv2T

Score

1^/10

Malware Config

Signatures

Files

GTA5.exe
.exe windows:5 windows x64

a4ba34fea6e09078b8bf50d802500c3d

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:65:f4:57:25:17:cb:cc:aa:8b:37:76:58:0a:8d:3d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/02/2020, 00:00

Not After

17/02/2023, 12:00

Subject

CN=Rockstar Games\, Inc.,OU=Rockstar Games,O=Rockstar Games\, Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

58:6d:5a:b8:2f:88:7c:86:6a:4d:6c:d5:76:d9:ab:96:41:6a:63:01
Signer

Actual PE Digest

58:6d:5a:b8:2f:88:7c:86:6a:4d:6c:d5:76:d9:ab:96:41:6a:63:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

TlsFree
CreateSemaphoreW
ReadConsoleW
SetStdHandle
GetFileInformationByHandle
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
FlushFileBuffers
GetCurrentDirectoryW
GetConsoleMode
GetConsoleCP
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
IsDebuggerPresent
IsProcessorFeaturePresent
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStartupInfoW
GetFileType
GetStdHandle
SetLastError
FindFirstFileExW
HeapReAlloc
GetModuleHandleExW
HeapSize
GetFullPathNameA
GetDriveTypeW
GetTimeZoneInformation
PeekNamedPipe
RtlLookupFunctionEntry
RtlPcToFileHeader
DecodePointer
EncodePointer
GetLocaleInfoW
ResetEvent
InitializeCriticalSection
GetFileTime
VerifyVersionInfoW
VerSetConditionMask
CreateFileA
GetOverlappedResult
GetSystemDefaultUILanguage
VerifyVersionInfoA
OutputDebugStringA
SetThreadExecutionState
LocalFree
LocalAlloc
MoveFileExW
GetFileAttributesExW
SetFileAttributesW
RemoveDirectoryW
GetTempPathW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLocalTime
SetFileTime
SetFilePointerEx
SetEndOfFile
TerminateProcess
WerSetFlags
QueryPerformanceCounter
CreateDirectoryW
GetModuleHandleW
GetFullPathNameW
OutputDebugStringW
LoadLibraryW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
LoadLibraryExW
CreateSemaphoreA
CreateMutexA
GetSystemInfo
ReleaseMutex
ReleaseSemaphore
SetEvent
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
ResumeThread
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStringTypeW
WriteConsoleW
SetEnvironmentVariableA
TerminateThread
GetProcessId
CreateProcessW
GetSystemDirectoryW
lstrcmpA
SetNamedPipeHandleState
GetLastError
GetThreadPriority
SetThreadPriorityBoost
SetThreadPriority
GetThreadId
GetCurrentThreadId
CreateThread
GetProcessAffinityMask
GetProcessHeap
HeapFree
HeapAlloc
VirtualQueryEx
VirtualProtect
VirtualFree
VirtualAlloc
CreateEventA
SetFilePointer
Sleep
DeleteFileA
GetModuleHandleExA
GetSystemTimeAsFileTime
GetThreadContext
GetCurrentThread
TransactNamedPipe
GetConsoleWindow
RtlUnwindEx
GetModuleHandleA
RaiseException
GetCurrentProcess
OpenProcess
GetCurrentProcessId
ExitProcess
WriteFile
CloseHandle
GetModuleFileNameA
GetModuleFileNameW
GetCommandLineA
CreateFileW
CreateToolhelp32Snapshot
Process32First
Process32Next
GetDiskFreeSpaceExA
DeleteFileW
GetFileSize
ReadFile
FindClose
lstrcpyA
lstrcpyW
lstrcatW
lstrlenA
GetFileAttributesW
FindFirstFileW
FindNextFileW
MultiByteToWideChar
WaitForMultipleObjects
GetDiskFreeSpaceExW
FindFirstChangeNotificationA
FindNextChangeNotification
FindCloseChangeNotification
WaitForSingleObject
FreeLibrary
GetProcAddress
GlobalMemoryStatusEx
GetSystemFirmwareTable
SetHandleInformation
GetNativeSystemInfo
CreatePipe
LoadLibraryA
CreateProcessA
GetEnvironmentVariableA
GetWindowsDirectoryA
GetVolumeInformationA
QueryPerformanceFrequency
GetVersionExA
WideCharToMultiByte
GetUserDefaultUILanguage
GetSystemDefaultLocaleName
GetWriteWatch
ResetWriteWatch
WaitNamedPipeW
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
VirtualQuery

user32

GetSystemMetrics
ShowWindow
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
RegisterRawInputDevices
GetRawInputData
ClientToScreen
GetCursorPos
SetCursorPos
ShowCursor
MapVirtualKeyExW
MapVirtualKeyW
MapVirtualKeyA
GetKeyState
GetDoubleClickTime
SendMessageW
GetKeyboardLayout
GetKeyboardLayoutList
UnloadKeyboardLayout
ActivateKeyboardLayout
LoadKeyboardLayoutW
QueryDisplayConfig
EnumDisplaySettingsW
LockSetForegroundWindow
LoadCursorA
ClipCursor
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
CreateWindowExW
RegisterClassW
PostMessageA
PeekMessageW
DispatchMessageW
GetCursorInfo
GetMonitorInfoA
MonitorFromPoint
LoadIconA
GetParent
SetWindowLongPtrA
UpdateWindow
DefWindowProcW
KillTimer
SetTimer
SetFocus
SetWindowPos
GetClientRect
GetWindowRect
AdjustWindowRect
GetWindowLongA
MessageBoxW
GetWindowLongPtrA
SystemParametersInfoA
GetDesktopWindow
TranslateMessage

steam_api64

SteamAPI_RestartAppIfNecessary
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamInternal_ContextInit
SteamInternal_CreateInterface
SteamAPI_RegisterCallback
SteamAPI_UnregisterCallback
SteamAPI_RunCallbacks
SteamAPI_Init

gfsdk_shadowlib.win64

?NV_ShadowLib_AddBuffer@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAUNV_ShadowLib_BufferDesc@@PEAPEAI@Z
?NV_ShadowLib_RemoveBuffer@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAPEAI@Z
?NV_ShadowLib_ClearBuffer@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAI@Z
?NV_ShadowLib_RenderBufferUsingExternalMap@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAUNV_ShadowLib_ExternalMapDesc@@PEAUID3D11ShaderResourceView@@PEAIPEAUNV_ShadowLib_BufferRenderParams@@@Z
?NV_ShadowLib_FinalizeBuffer@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAIPEAPEAUID3D11ShaderResourceView@@@Z
?NV_ShadowLib_ModulateBuffer@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAIPEAUID3D11RenderTargetView@@Ugfsdk_float3@@@Z
?NV_ShadowLib_DevModeToggleDebugCascadeShader@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAI_N@Z
?NV_ShadowLib_DevModeToggleDebugEyeViewZShader@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAI_N@Z
?NV_ShadowLib_GetVersion@@YA?AW4NV_ShadowLib_Status@@PEAUNV_ShadowLib_Version@@@Z
?NV_ShadowLib_OpenDX@@YA?AW4NV_ShadowLib_Status@@PEAUNV_ShadowLib_Version@@QEIAUNV_ShadowLib_Ctx@@QEIAUID3D11Device@@QEIAUID3D11DeviceContext@@PEAUgfsdk_new_delete_t@@@Z

ws2_32

accept
bind
getaddrinfo
connect
closesocket
WSAStartup
ntohl
getnameinfo
WSAAddressToStringA
htonl
socket
freeaddrinfo
gethostbyname
ntohs
shutdown
sendto
select
recvfrom
getsockopt
__WSAFDIsSet
WSAGetLastError
gethostname
setsockopt
send
recv
listen
inet_addr
getsockname
ioctlsocket
WSACleanup
htons

version

GetFileVersionInfoW
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoSizeW
VerQueryValueW

dsound

ord8
ord9
ord3
ord6
ord1

bink2w64

BinkGetKeyFrame
BinkGoto
BinkStartAsyncThread
BinkRequestStopAsyncThread
BinkWaitStopAsyncThread
BinkOpen
BinkGetFrameBuffersInfo
BinkRegisterFrameBuffers
BinkDoFrame
BinkNextFrame
BinkWait
BinkPause
BinkClose
BinkShouldSkip
BinkSetVolume
BinkSetMemory
BinkOpenDirectSound
BinkSetSoundSystem
BinkSetFrameRate
BinkSetIO
BinkSetSoundTrack
BinkDoFrameAsyncWait
BinkDoFrameAsync

wininet

InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW
InternetCrackUrlW
InternetQueryDataAvailable
HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
InternetSetOptionW
HttpOpenRequestW

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime

psapi

GetModuleFileNameExA
GetModuleInformation
GetModuleBaseNameA
EnumProcessModules

mf

MFCreateASFMediaSinkActivate
MFCreateASFProfile
MFCreateASFContentInfo
MFShutdownObject
MFCreatePresentationClock
MFGetService
MFCreateSourceResolver

mfplat

MFCreateSample
MFCreateMediaType
MFShutdown
MFCreateAttributes
MFCreateMemoryBuffer
MFGetSystemTime
MFTEnum
MFCreateSystemTimeSource
MFInitAMMediaTypeFromMFMediaType
MFStartup

msdmo

MoFreeMediaType

mfreadwrite

MFCreateSourceReaderFromMediaSource
MFCreateSinkWriterFromURL

propsys

PropVariantToInt64
PropVariantGetStringElem
PSStringFromPropertyKey
PropVariantToStringWithDefault
PropVariantToUInt32
PropVariantToUInt64

crypt32

CryptMsgGetParam
CryptQueryObject
CertFindCertificateInStore
CertGetNameStringA

wintrust

WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

d3d9

D3DPERF_BeginEvent
D3DPERF_EndEvent

d3dcompiler_43

D3DReflect

gfsdk_txaa_alpharesolve.win64

TxaaOpenDX
TxaaResolveDX

imm32

ImmGetContext
ImmReleaseContext
ImmGetCompositionStringW
ImmSetCompositionStringW
ImmGetCandidateListW
ImmGetConversionStatus
ImmSetConversionStatus

dinput8

DirectInput8Create

xinput1_3

ord2
ord3

bcrypt

BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptDecrypt
BCryptExportKey
BCryptImportKeyPair
BCryptFinalizeKeyPair
BCryptDestroyKey
BCryptDestroySecret
BCryptEncrypt
BCryptGenerateKeyPair
BCryptCloseAlgorithmProvider
BCryptSecretAgreement
BCryptDeriveKey
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
BCryptGenRandom
BCryptGenerateSymmetricKey
BCryptSetProperty

rpcrt4

UuidCreateSequential

iphlpapi

GetIpAddrTable
GetBestRoute
GetIpForwardTable2
FreeMibTable

shlwapi

SHStrDupW

gdi32

GetDeviceCaps
GetStockObject
ExtEscape
CreateDCA
DeleteDC

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW
CryptAcquireContextA

shell32

ShellExecuteA
ShellExecuteExA
ShellExecuteW
SHCreateDirectoryExW
SHGetFolderPathW
SHGetKnownFolderPath

ole32

CoTaskMemFree
PropVariantClear
CoLockObjectExternal
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysStringLen
SysAllocStringByteLen
VariantInit
SysAllocString
SysFreeString
VariantClear

Sections

.text
Size: 25.6MB - Virtual size: 25.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINKBSS
Size: - Virtual size: 96B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.3MB - Virtual size: 18.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BINKCONS
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 495KB - Virtual size: 495KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 24.5MB - Virtual size: 24.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4ba34fea6e09078b8bf50d802500c3d

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0f:65:f4:57:25:17:cb:cc:aa:8b:37:76:58:0a:8d:3dCertificate

Extended Key Usages

Key Usages

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

58:6d:5a:b8:2f:88:7c:86:6a:4d:6c:d5:76:d9:ab:96:41:6a:63:01Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

steam_api64

gfsdk_shadowlib.win64

ws2_32

version

dsound

bink2w64

wininet

winmm

psapi

mf

mfplat

msdmo

mfreadwrite

propsys

crypt32

wintrust

wtsapi32

d3d9

d3dcompiler_43

gfsdk_txaa_alpharesolve.win64

imm32

dinput8

xinput1_3

bcrypt

rpcrt4

iphlpapi

shlwapi

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 25.6MB - Virtual size: 25.6MB

BINK Size: 3KB - Virtual size: 3KB

BINKBSS Size: - Virtual size: 96B

.rdata Size: 4.2MB - Virtual size: 4.2MB

.data Size: 2.3MB - Virtual size: 18.5MB

.pdata Size: 1.0MB - Virtual size: 1.0MB

.tls Size: 2KB - Virtual size: 2KB

BINKCONS Size: 512B - Virtual size: 512B

.rsrc Size: 183KB - Virtual size: 183KB

.reloc Size: 495KB - Virtual size: 495KB

.text Size: 24.5MB - Virtual size: 24.5MB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0f:65:f4:57:25:17:cb:cc:aa:8b:37:76:58:0a:8d:3d
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

58:6d:5a:b8:2f:88:7c:86:6a:4d:6c:d5:76:d9:ab:96:41:6a:63:01
Signer

.text
Size: 25.6MB - Virtual size: 25.6MB

BINK
Size: 3KB - Virtual size: 3KB

BINKBSS
Size: - Virtual size: 96B

.rdata
Size: 4.2MB - Virtual size: 4.2MB

.data
Size: 2.3MB - Virtual size: 18.5MB

.pdata
Size: 1.0MB - Virtual size: 1.0MB

.tls
Size: 2KB - Virtual size: 2KB

BINKCONS
Size: 512B - Virtual size: 512B

.rsrc
Size: 183KB - Virtual size: 183KB

.reloc
Size: 495KB - Virtual size: 495KB

.text
Size: 24.5MB - Virtual size: 24.5MB