GTA5[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

GTA5.exe
Size

47.5MB
MD5

0fc966acfb00c0068f94ef0c47b4e2f6
SHA1

4d968a0754d59d30b29cd7b01a06e4685a5fa49c
SHA256

eb0125ab36004ccdba7bfa918dee37035fb9e23448b850256fd6141ffe194466
SHA512

a10743d8e957bf6c320fc8ee4531a3b9388bdefdf05aa222a3fe90f2fa516aac61ca3ffc3e72acb2e2b854cd33ff4b87a27e28fc6e7b92ca88f46e0889f8ac9b
SSDEEP

786432:jgHr/JcDCt3YLr5wur+mkKQd1fmuZNbe1xKFWuCUNDHDvogPlam/3lABpOr:jgHrYLPip9d1fmuZNpFHvN3wEamPcwr

Score

1^/10

Malware Config

Signatures

Files

GTA5.exe
.exe windows:5 windows x64

Password: 1234

3320e9c3535ea5b10ea6bd719c10de9f

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:88:c0:8f:56:6d:2b:1f:0c:19:4d:b1:f8:ca:c9:a9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18-01-2023 00:00

Not After

20-01-2026 23:59

Subject

CN=Rockstar Games\, Inc.,O=Rockstar Games\, Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d4:26:49:63:e7:9a:e2:18:ee:02:54:70:99:23:0a:6e:d8:ee:f6:95
Signer

Actual PE Digest

d4:26:49:63:e7:9a:e2:18:ee:02:54:70:99:23:0a:6e:d8:ee:f6:95

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

PeekNamedPipe
GetFileInformationByHandle
SetStdHandle
ReadConsoleW
CreateSemaphoreW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
FlushFileBuffers
GetCurrentDirectoryW
GetConsoleMode
GetConsoleCP
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
IsDebuggerPresent
IsProcessorFeaturePresent
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStartupInfoW
GetFileType
GetStdHandle
SetLastError
FindFirstFileExW
HeapReAlloc
GetFullPathNameW
GetModuleHandleExW
HeapSize
GetFullPathNameA
GetDriveTypeW
GetTimeZoneInformation
RtlUnwindEx
RtlLookupFunctionEntry
RaiseException
RtlPcToFileHeader
DecodePointer
EncodePointer
GetLocaleInfoW
ResetEvent
InitializeCriticalSection
GetFileTime
VerifyVersionInfoW
VerSetConditionMask
GetSystemTimeAsFileTime
CreateFileA
GetOverlappedResult
GetSystemDefaultUILanguage
VerifyVersionInfoA
OutputDebugStringA
SetThreadExecutionState
LocalFree
LocalAlloc
MoveFileExW
GetFileAttributesExW
SetFileAttributesW
RemoveDirectoryW
GetTempPathW
OutputDebugStringW
LoadLibraryW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLocalTime
SetFileTime
SetFilePointerEx
SetEndOfFile
TerminateProcess
WerSetFlags
QueryPerformanceCounter
CreateDirectoryW
GetUserDefaultLCID
EnumSystemLocalesW
GetStringTypeW
WriteConsoleW
SetEnvironmentVariableA
TerminateThread
GetProcessId
CreateProcessW
GetSystemDirectoryW
lstrcmpA
SetNamedPipeHandleState
GetModuleHandleW
LoadLibraryExW
CreateSemaphoreA
CreateMutexA
GetSystemInfo
ReleaseMutex
ReleaseSemaphore
SetEvent
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
ResumeThread
GetLastError
GetThreadPriority
SetThreadPriorityBoost
SetThreadPriority
GetThreadId
GetCurrentThreadId
GetCurrentThread
CreateThread
GetProcessAffinityMask
GetProcessHeap
TransactNamedPipe
GetConsoleWindow
GetModuleHandleA
HeapFree
HeapAlloc
OpenProcess
GetCurrentProcessId
ExitProcess
WriteFile
CloseHandle
GetModuleFileNameA
GetModuleFileNameW
GetCommandLineA
CreateFileW
CreateToolhelp32Snapshot
Process32First
Process32Next
GetDiskFreeSpaceExA
DeleteFileW
GetFileSize
ReadFile
FindClose
lstrcpyA
lstrcpyW
lstrcatW
lstrlenA
GetFileAttributesW
FindFirstFileW
FindNextFileW
MultiByteToWideChar
WaitForMultipleObjects
GetDiskFreeSpaceExW
FindFirstChangeNotificationA
FindNextChangeNotification
FindCloseChangeNotification
WaitForSingleObject
FreeLibrary
GetProcAddress
GlobalMemoryStatusEx
GetSystemFirmwareTable
SetHandleInformation
GetNativeSystemInfo
CreatePipe
LoadLibraryA
CreateProcessA
GetEnvironmentVariableA
GetWindowsDirectoryA
GetVolumeInformationA
QueryPerformanceFrequency
GetVersionExA
WideCharToMultiByte
GetUserDefaultUILanguage
GetSystemDefaultLocaleName
GetFileSizeEx
GetWriteWatch
ResetWriteWatch
DeleteFileA
GetCurrentProcess
Sleep
SetFilePointer
CreateEventA
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQueryEx
WaitNamedPipeW
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
VirtualQuery

user32

ShowWindow
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
RegisterRawInputDevices
GetRawInputData
ClientToScreen
GetCursorPos
SetCursorPos
ShowCursor
MapVirtualKeyExW
MapVirtualKeyW
MapVirtualKeyA
GetKeyState
GetDoubleClickTime
SendMessageW
GetKeyboardLayout
GetKeyboardLayoutList
UnloadKeyboardLayout
ActivateKeyboardLayout
LoadKeyboardLayoutW
DisplayConfigGetDeviceInfo
QueryDisplayConfig
EnumDisplaySettingsW
LockSetForegroundWindow
LoadCursorA
ClipCursor
AdjustWindowRectEx
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
CreateWindowExW
RegisterClassW
PostMessageA
PeekMessageW
DispatchMessageW
GetCursorInfo
GetMonitorInfoA
MonitorFromPoint
LoadIconA
GetParent
SetWindowLongPtrA
UpdateWindow
GetSystemMetrics
KillTimer
SetTimer
SetFocus
GetClientRect
GetWindowRect
AdjustWindowRect
GetWindowLongA
MessageBoxW
GetWindowLongPtrA
SystemParametersInfoA
GetDesktopWindow
DefWindowProcW
MessageBoxA
TranslateMessage
SetWindowPos

gfsdk_shadowlib.win64

?NV_ShadowLib_OpenDX@@YA?AW4NV_ShadowLib_Status@@PEAUNV_ShadowLib_Version@@QEIAUNV_ShadowLib_Ctx@@QEIAUID3D11Device@@QEIAUID3D11DeviceContext@@PEAUgfsdk_new_delete_t@@@Z
?NV_ShadowLib_GetVersion@@YA?AW4NV_ShadowLib_Status@@PEAUNV_ShadowLib_Version@@@Z
?NV_ShadowLib_DevModeToggleDebugEyeViewZShader@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAI_N@Z
?NV_ShadowLib_DevModeToggleDebugCascadeShader@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAI_N@Z
?NV_ShadowLib_ModulateBuffer@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAIPEAUID3D11RenderTargetView@@Ugfsdk_float3@@@Z
?NV_ShadowLib_RemoveBuffer@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAPEAI@Z
?NV_ShadowLib_ClearBuffer@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAI@Z
?NV_ShadowLib_RenderBufferUsingExternalMap@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAUNV_ShadowLib_ExternalMapDesc@@PEAUID3D11ShaderResourceView@@PEAIPEAUNV_ShadowLib_BufferRenderParams@@@Z
?NV_ShadowLib_FinalizeBuffer@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAIPEAPEAUID3D11ShaderResourceView@@@Z
?NV_ShadowLib_AddBuffer@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAUNV_ShadowLib_BufferDesc@@PEAPEAI@Z

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW

dsound

ord9
ord8
ord1
ord3
ord6

bink2w64

BinkRequestStopAsyncThread
BinkWaitStopAsyncThread
BinkOpen
BinkSetMemory
BinkOpenDirectSound
BinkSetSoundSystem
BinkSetFrameRate
BinkGetFrameBuffersInfo
BinkRegisterFrameBuffers
BinkDoFrame
BinkNextFrame
BinkWait
BinkClose
BinkPause
BinkGoto
BinkGetKeyFrame
BinkSetVolume
BinkShouldSkip
BinkSetIO
BinkSetSoundTrack
BinkDoFrameAsyncWait
BinkDoFrameAsync
BinkStartAsyncThread

wininet

InternetCrackUrlW
InternetCloseHandle
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetQueryDataAvailable
InternetSetOptionW
InternetOpenW

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod

psapi

GetModuleFileNameExA
GetModuleBaseNameA
EnumProcessModules

mf

MFCreateASFMediaSinkActivate
MFCreateASFProfile
MFCreateASFContentInfo
MFShutdownObject
MFCreatePresentationClock
MFGetService
MFCreateSourceResolver

mfplat

MFInitAMMediaTypeFromMFMediaType
MFCreateAttributes
MFShutdown
MFCreateMediaType
MFStartup
MFGetSystemTime
MFCreateSample
MFTEnum
MFCreateSystemTimeSource
MFCreateMemoryBuffer

msdmo

MoFreeMediaType

mfreadwrite

MFCreateSinkWriterFromURL
MFCreateSourceReaderFromMediaSource

propsys

PropVariantToUInt32
PropVariantToStringWithDefault
PSStringFromPropertyKey
PropVariantGetStringElem
PropVariantToInt64
PropVariantToUInt64

ws2_32

recv
listen
inet_addr
getsockname
ioctlsocket
connect
send
setsockopt
socket
gethostbyname
accept
ntohl
getnameinfo
WSAAddressToStringA
htonl
freeaddrinfo
closesocket
bind
getaddrinfo
shutdown
sendto
select
recvfrom
getsockopt
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
htons
ntohs
gethostname

crypt32

CryptQueryObject
CertFindCertificateInStore
CertGetNameStringA
CryptMsgGetParam

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

d3d9

D3DPERF_BeginEvent
D3DPERF_EndEvent

d3dcompiler_43

D3DReflect

gfsdk_txaa_alpharesolve.win64

TxaaOpenDX
TxaaResolveDX

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionStringW
ImmGetCandidateListW
ImmGetConversionStatus
ImmSetConversionStatus
ImmGetCompositionStringW

dinput8

DirectInput8Create

xinput1_3

ord2
ord3

bcrypt

BCryptSecretAgreement
BCryptDeriveKey
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroySecret
BCryptImportKeyPair
BCryptExportKey
BCryptDecrypt
BCryptEncrypt
BCryptGenerateKeyPair
BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptDestroyHash
BCryptGenRandom
BCryptSetProperty
BCryptFinalizeKeyPair

rpcrt4

UuidCreateSequential

iphlpapi

GetBestRoute
GetIpForwardTable2
GetIpAddrTable
FreeMibTable

shlwapi

SHStrDupW

gdi32

DeleteDC
CreateDCA
ExtEscape
GetDeviceCaps
GetStockObject

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CryptAcquireContextA

shell32

ShellExecuteA
ShellExecuteExA
ShellExecuteW
SHCreateDirectoryExW
SHGetFolderPathW
SHGetKnownFolderPath

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoInitialize
CoSetProxyBlanket
CoTaskMemFree
PropVariantClear
CoCreateInstance
CoLockObjectExternal

oleaut32

VariantInit
SysAllocStringByteLen
SysStringLen
SysFreeString
VariantClear
SysAllocString

Sections

.text
Size: 25.8MB - Virtual size: 25.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINKBSS
Size: - Virtual size: 96B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.0MB - Virtual size: 18.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BINKCONS
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 505KB - Virtual size: 505KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 14.6MB - Virtual size: 14.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 1234

3320e9c3535ea5b10ea6bd719c10de9f

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

0d:88:c0:8f:56:6d:2b:1f:0c:19:4d:b1:f8:ca:c9:a9Certificate

Extended Key Usages

Key Usages

d4:26:49:63:e7:9a:e2:18:ee:02:54:70:99:23:0a:6e:d8:ee:f6:95Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gfsdk_shadowlib.win64

version

dsound

bink2w64

wininet

winmm

psapi

mf

mfplat

msdmo

mfreadwrite

propsys

ws2_32

crypt32

wintrust

wtsapi32

d3d9

d3dcompiler_43

gfsdk_txaa_alpharesolve.win64

imm32

dinput8

xinput1_3

bcrypt

rpcrt4

iphlpapi

shlwapi

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 25.8MB - Virtual size: 25.8MB

BINK Size: 3KB - Virtual size: 3KB

BINKBSS Size: - Virtual size: 96B

.rdata Size: 3.4MB - Virtual size: 3.4MB

.data Size: 2.0MB - Virtual size: 18.5MB

.pdata Size: 1.0MB - Virtual size: 1.0MB

.tls Size: 2KB - Virtual size: 2KB

BINKCONS Size: 512B - Virtual size: 512B

.rsrc Size: 183KB - Virtual size: 183KB

.reloc Size: 505KB - Virtual size: 505KB

.text Size: 14.6MB - Virtual size: 14.6MB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

0d:88:c0:8f:56:6d:2b:1f:0c:19:4d:b1:f8:ca:c9:a9
Certificate

d4:26:49:63:e7:9a:e2:18:ee:02:54:70:99:23:0a:6e:d8:ee:f6:95
Signer

.text
Size: 25.8MB - Virtual size: 25.8MB

BINK
Size: 3KB - Virtual size: 3KB

BINKBSS
Size: - Virtual size: 96B

.rdata
Size: 3.4MB - Virtual size: 3.4MB

.data
Size: 2.0MB - Virtual size: 18.5MB

.pdata
Size: 1.0MB - Virtual size: 1.0MB

.tls
Size: 2KB - Virtual size: 2KB

BINKCONS
Size: 512B - Virtual size: 512B

.rsrc
Size: 183KB - Virtual size: 183KB

.reloc
Size: 505KB - Virtual size: 505KB

.text
Size: 14.6MB - Virtual size: 14.6MB