Kmоd menu gta5[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Kmоd menu gta5.rar
Size

25.8MB
MD5

63eae6e8372538d0bd7668c75f4e88b1
SHA1

ef3a0ad5fde7022477e5ef7348a7c89d5d6396ca
SHA256

18858e213307d5dc450075fc6f954ce5a8308e6a75a88ac4f55c1a59c742e267
SHA512

d4776edf97a64db08356c21c52eb69edbd1022ec08bdfba771d580a66f035ee92634752f5f51368b5d4471a58ecff50755fd610a849ad072309af801abbe6511
SSDEEP

393216:uXCWWUbQW/g7eATeauscD91SDRXXHMwBIkbfpIbXpIBup3hoeNHMjn:eCwbFJKVa91+XXHMwBIw65IU3qeNm

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/mоd menu gta 5/V2/modest-menu.exe	themida

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/mоd menu gta 5/V2/modest-menu.exe
unpack001/mоd menu gta 5/modest-menu.exe
unpack001/mоd menu gta 5/scriрts/binkawin.asi

Files

Kmоd menu gta5.rar
.rar

Password: 2023
mоd menu gta 5/Readme.txt
mоd menu gta 5/V2/config.json
mоd menu gta 5/V2/modest-menu.exe
.exe windows:6 windows x64 arch:x64

Password: 2023

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 958KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 74KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 23KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 20.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 13.2MB - Virtual size: 13.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
mоd menu gta 5/V2/scripts/0jdnnqdx0h.txt
.js
mоd menu gta 5/V2/scripts/Readme.api
mоd menu gta 5/V2/scripts/demo.lua
mоd menu gta 5/V2/scripts/sirius.lua.example
mоd menu gta 5/V2/scripts/vehicle.lua
mоd menu gta 5/V2/scripts/weapon.lua
mоd menu gta 5/V2/themes.json
mоd menu gta 5/config.json
mоd menu gta 5/modest-menu.exe
.exe windows:4 windows x86 arch:x86

Password: 2023

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11.4MB - Virtual size: 11.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mоd menu gta 5/scriрts/Readme.api
mоd menu gta 5/scriрts/binkawin.asi
.dll windows:5 windows x86 arch:x86

Password: 2023

eb47f3eba69cd506a684fe741aa6a115

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetCursorPos
MessageBoxA

kernel32

DisableThreadLibraryCalls
TerminateProcess
GetCurrentProcess
GetTickCount

Exports

Exports

_RIB_Main@20

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK_acd
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK_fft
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BINKDATA
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BINKCONS
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

BINKDATA
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 714B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mоd menu gta 5/scriрts/boo.jsonlz4
mоd menu gta 5/scriрts/demo.lua
mоd menu gta 5/scriрts/menu.lua
mоd menu gta 5/scriрts/qt_cs.qm
mоd menu gta 5/scriрts/qtiff.dll
.dll windows:6 windows x86 arch:x86

Password: 2023

c82aefc4c1a131f898f9d67fa8a9d63d

Code Sign

e4:12:82:66:79:32:d8:54:6f:96:d4:d4:62:32:c0:6f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

08/09/2024, 23:59

Subject

CN=Artem Shevchenko,O=Artem Shevchenko,POSTALCODE=04050,STREET=Melnikova st. 15\, 5 apt.,L=Kiev,ST=Kiev,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bb:ce:61:bf:36:60:e4:ab:d6:6d:bb:71:d6:f7:ca:13:e6:e1:3e:db
Signer

Actual PE Digest

bb:ce:61:bf:36:60:e4:ab:d6:6d:bb:71:d6:f7:ca:13:e6:e1:3e:db

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

qt5gui

?nextImageDelay@QImageIOHandler@@UBEHXZ
?loopCount@QImageIOHandler@@UBEHXZ
?jumpToNextImage@QImageIOHandler@@UAE_NXZ
?jumpToImage@QImageIOHandler@@UAE_NH@Z
?imageCount@QImageIOHandler@@UBEHXZ
?currentImageRect@QImageIOHandler@@UBE?AVQRect@@XZ
?currentImageNumber@QImageIOHandler@@UBEHXZ
?setDotsPerMeterY@QImage@@QAEXH@Z
?setDotsPerMeterX@QImage@@QAEXH@Z
?dotsPerMeterY@QImage@@QBEHXZ
?dotsPerMeterX@QImage@@QBEHXZ
?hasAlphaChannel@QImage@@QBE_NXZ
?setColorTable@QImage@@QAEXV?$QVector@I@@@Z
?colorTable@QImage@@QBE?AV?$QVector@I@@XZ
?scanLine@QImage@@QBEPBEH@Z
?scanLine@QImage@@QAEPAEH@Z
?bits@QImage@@QAEPAEXZ
?size@QImage@@QBE?AVQSize@@XZ
?height@QImage@@QBEHXZ
?width@QImage@@QBEHXZ
?convertToFormat@QImage@@QBE?AV1@W4Format@1@V?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
?format@QImage@@QBE?AW4Format@1@XZ
?copy@QImage@@QBE?AV1@ABVQRect@@@Z
?isNull@QImage@@QBE_NXZ
??4QImage@@QAEAAV0@$$QAV0@@Z
??1QImage@@UAE@XZ
??0QImage@@QAE@ABVQSize@@W4Format@0@@Z
?logicalDpiY@QPaintDevice@@QBEHXZ
?logicalDpiX@QPaintDevice@@QBEHXZ
?setFormat@QImageIOHandler@@QBEXABVQByteArray@@@Z
?device@QImageIOHandler@@QBEPAVQIODevice@@XZ
??1QImageIOHandler@@UAE@XZ
??0QImageIOHandler@@QAE@XZ
?staticMetaObject@QImageIOPlugin@@2UQMetaObject@@B
??1QImageIOPlugin@@UAE@XZ
??0QImageIOPlugin@@QAE@PAVQObject@@@Z
?qt_metacall@QImageIOPlugin@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QImageIOPlugin@@UAEPAXPBD@Z
?setFormat@QImageIOHandler@@QAEXABVQByteArray@@@Z
?setDevice@QImageIOHandler@@QAEXPAVQIODevice@@@Z

qt5core

?toInt@QVariant@@QBEHPA_N@Z
?shared_null@QArrayData@@2QBU1@B
z_deflate
z_deflateEnd
z_inflate
z_inflateEnd
z_deflateReset
z_deflateParams
z_inflateSync
z_inflateReset
z_deflateInit_
z_inflateInit_
?type@QVariant@@QBE?AW4Type@1@XZ
??0QVariant@@QAE@ABVQSize@@@Z
??0QVariant@@QAE@H@Z
??0QVariant@@QAE@XZ
?peek@QIODevice@@QAE?AVQByteArray@@_J@Z
?write@QIODevice@@QAE_JPBD_J@Z
?read@QIODevice@@QAE_JPAD_J@Z
?fromRawData@QByteArray@@SA?AV1@PBDH@Z
?constData@QByteArray@@QBEPBDXZ
??1QByteArray@@QAE@XZ
??0QByteArray@@QAE@PBDH@Z
?deallocate@QArrayData@@SAXPAU1@II@Z
?allocate@QArrayData@@SAPAU1@IIIV?$QFlags@W4AllocationOption@QArrayData@@@@@Z
??0QMessageLogger@@QAE@PBDH0@Z
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?event@QObject@@UAE_NPAVQEvent@@@Z
?disconnectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?connectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPAU12@PBVQObject@@@Z
?isWritable@QIODevice@@QBE_NXZ
?isReadable@QIODevice@@QBE_NXZ
?isOpen@QIODevice@@QBE_NXZ
?dynamicMetaObject@QObjectData@@QBEPAUQMetaObject@@XZ
?qstrcmp@@YAHABVQByteArray@@PBD@Z
?warning@QMessageLogger@@QBAXPBDZZ

msvcp120

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ

msvcr120

_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
_except1
??1type_info@@UAE@XZ
_onexit
__dllonexit
_except_handler4_common
_unlock
_lock
__iob_func
realloc
_vscprintf
_vsnprintf_s
_libm_sse2_sqrt_precise
_libm_sse2_log_precise
_libm_sse2_exp_precise
_CIatan2
rand
fprintf
qsort
bsearch
sprintf
strncmp
floor
_libm_sse2_pow_precise
memset
malloc
vfprintf
free
memcpy
memmove
??3@YAXPAX@Z
??2@YAPAXI@Z
_purecall
?terminate@@YAXXZ
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__clean_type_info_names_internal
_calloc_crt

kernel32

DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer

Exports

Exports

qt_plugin_instance
qt_plugin_query_metadata

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mоd menu gta 5/scriрts/remote_settings.ini
mоd menu gta 5/scriрts/sirius.lua.example
mоd menu gta 5/scriрts/vehicle.lua
mоd menu gta 5/scriрts/weapon.lua

Sharing

General

Malware Config

Signatures

Files

Password: 2023

Password: 2023

Headers

DLL Characteristics

File Characteristics

Sections

Size: 958KB - Virtual size: 1.8MB

Size: 74KB - Virtual size: 173KB

Size: 512B - Virtual size: 17KB

Size: 23KB - Virtual size: 34KB

Size: 1KB - Virtual size: 7KB

.idata Size: 1KB - Virtual size: 4KB

.rsrc Size: 34KB - Virtual size: 34KB

.themida Size: - Virtual size: 20.9MB

.boot Size: 13.2MB - Virtual size: 13.2MB

Password: 2023

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 11.4MB - Virtual size: 11.4MB

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 512B - Virtual size: 12B

Password: 2023

eb47f3eba69cd506a684fe741aa6a115

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

BINK_acd Size: 4KB - Virtual size: 4KB

BINK_fft Size: 24KB - Virtual size: 23KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 336B

BINKDATA Size: 1024B - Virtual size: 600B

BINKCONS Size: 512B - Virtual size: 4B

BINKDATA Size: 10KB - Virtual size: 10KB

.reloc Size: 1024B - Virtual size: 714B

Password: 2023

c82aefc4c1a131f898f9d67fa8a9d63d

Code Sign

e4:12:82:66:79:32:d8:54:6f:96:d4:d4:62:32:c0:6fCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

bb:ce:61:bf:36:60:e4:ab:d6:6d:bb:71:d6:f7:ca:13:e6:e1:3e:dbSigner

Headers

DLL Characteristics

File Characteristics

Imports

qt5gui

qt5core

msvcp120

msvcr120

kernel32

Exports

Exports

.idata
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 34KB - Virtual size: 34KB

.themida
Size: - Virtual size: 20.9MB

.boot
Size: 13.2MB - Virtual size: 13.2MB

.text
Size: 11.4MB - Virtual size: 11.4MB

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 11KB - Virtual size: 10KB

BINK_acd
Size: 4KB - Virtual size: 4KB

BINK_fft
Size: 24KB - Virtual size: 23KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 336B

BINKDATA
Size: 1024B - Virtual size: 600B

BINKCONS
Size: 512B - Virtual size: 4B

BINKDATA
Size: 10KB - Virtual size: 10KB

.reloc
Size: 1024B - Virtual size: 714B

e4:12:82:66:79:32:d8:54:6f:96:d4:d4:62:32:c0:6f
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

bb:ce:61:bf:36:60:e4:ab:d6:6d:bb:71:d6:f7:ca:13:e6:e1:3e:db
Signer

.text
Size: 161KB - Virtual size: 160KB

.rdata
Size: 125KB - Virtual size: 125KB

.data
Size: 9KB - Virtual size: 10KB

.qtmetad
Size: 512B - Virtual size: 320B

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 7KB - Virtual size: 7KB