GTA5 Debug[.]exe

Resubmissions

29/12/2023, 19:49

231229-yjmhzahgg5 3

29/12/2023, 19:45

231229-ygnm9aeadq 3

Sharing

Copy URL Twitter E-mail

General

Target

GTA5 Debug.exe
Size

48.0MB
MD5

c44651977b906ea1e56b6e618881f389
SHA1

60a8c8681c163ec8562a0a46209701b6add8b91e
SHA256

fe1a53973c31254ad3c9b1524b95b3590ceac760eb856e84e678eafa2ea06904
SHA512

d2181f000c3033af72463a4fba039ccf5aaf414cbdf39aaba147f072a0074849142b4b9dacd4b7924a43e9e31aa73c63582ecbdccfe11db4ec9ab5850747cf58
SSDEEP

393216:6AgH4e3QROlJe6JQPWvB3EEI5TVWJFa62N5H9/V4NdfAixeqXu3u4ji5t6jonvaE:77Q91lyAm/5tAlw5MA+MSR1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
GTA5 Debug.exe

Files

GTA5 Debug.exe
.exe windows:6 windows x64 arch:x64

f438b4910369bcd311c453d1821193fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
SetLastError
SetStdHandle
GetFileInformationByHandle
PeekNamedPipe
GetFullPathNameW
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
IsProcessorFeaturePresent
FindFirstFileExW
HeapReAlloc
HeapSize
GetFullPathNameA
GetDriveTypeW
GetTimeZoneInformation
AreFileApisANSI
GetModuleHandleExW
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
DecodePointer
EncodePointer
ResetEvent
GetFileTime
VerifyVersionInfoW
VerSetConditionMask
InitializeCriticalSection
GetSystemTimeAsFileTime
CreateFileA
GetCurrentDirectoryW
LoadLibraryExW
GetOverlappedResult
GetModuleFileNameW
GetSystemDefaultUILanguage
VerifyVersionInfoA
LoadLibraryW
SetThreadExecutionState
WerSetFlags
QueryPerformanceCounter
SetEnvironmentVariableA
GetModuleHandleExA
CreateSemaphoreA
CreateMutexA
GetSystemInfo
ReleaseMutex
ReleaseSemaphore
SetEvent
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsDebuggerPresent
ResumeThread
GetThreadPriority
SetThreadPriorityBoost
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
OutputDebugStringW
WriteConsoleW
GetExitCodeProcess
GetThreadId
GetCurrentThreadId
CreateThread
RaiseException
GetCommandLineA
GetLastError
ExitProcess
VirtualAlloc
OpenProcess
GetProcessAffinityMask
GetCurrentProcessId
GetModuleFileNameA
DeleteFileW
GetFileSize
WriteFile
ReadFile
FindClose
CloseHandle
lstrcpyA
lstrcpyW
lstrcatW
lstrlenA
CreateFileW
GetFileAttributesW
FindFirstFileW
FindNextFileW
MultiByteToWideChar
WaitForMultipleObjects
GetDiskFreeSpaceExW
FindFirstChangeNotificationA
FindNextChangeNotification
FindCloseChangeNotification
FreeLibrary
GetProcAddress
WaitForSingleObject
LoadLibraryA
Sleep
OutputDebugStringA
GlobalMemoryStatusEx
CreateProcessA
GetComputerNameA
QueryPerformanceFrequency
GetVersionExA
WideCharToMultiByte
GetUserDefaultUILanguage
GetSystemDefaultLocaleName
DeleteFileA
GetCurrentProcess
OpenFile
SetFilePointer
CreateEventA
TerminateProcess
GetCurrentThread
SetThreadPriority
GetStdHandle
SetEndOfFile
SetFilePointerEx
SetFileTime
GetLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageA
GetTempPathW
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesA
GetFileAttributesExW
MoveFileExW
SetConsoleTextAttribute
GlobalAlloc
GlobalLock
GlobalUnlock
LocalAlloc
LocalLock
LocalUnlock
LocalFree
MulDiv
GetModuleHandleA
GetCurrentDirectoryA
FreeConsole
GetConsoleTitleA
VirtualFree
VirtualProtect
VirtualQuery
VirtualQueryEx
HeapAlloc
HeapFree
GetProcessHeap

gfsdk_shadowlib.win64

?NV_ShadowLib_GetVersion@@YA?AW4NV_ShadowLib_Status@@PEAUNV_ShadowLib_Version@@@Z
?NV_ShadowLib_OpenDX@@YA?AW4NV_ShadowLib_Status@@PEAUNV_ShadowLib_Version@@QEIAUNV_ShadowLib_Ctx@@QEIAUID3D11Device@@QEIAUID3D11DeviceContext@@PEAUgfsdk_new_delete_t@@@Z
?NV_ShadowLib_AddBuffer@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAUNV_ShadowLib_BufferDesc@@PEAPEAI@Z
?NV_ShadowLib_RemoveBuffer@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAPEAI@Z

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

bink2w64

BinkClose
BinkWait
BinkNextFrame
BinkRegisterFrameBuffers
BinkGetFrameBuffersInfo
BinkPause
BinkGetError
BinkWaitStopAsyncThread
BinkRequestStopAsyncThread
BinkStartAsyncThread
BinkGetSummary
BinkGetRealtime
BinkGoto
BinkSetVolume
BinkShouldSkip
BinkDoFrameAsync
BinkOpen
BinkSetMemory
BinkOpenDirectSound
BinkSetSoundSystem
BinkSetFrameRate
BinkSetIO
BinkDoFrameAsyncWait
BinkSetSoundTrack

dsound

ord3
ord1
ord8
ord9
ord6

ws2_32

shutdown
socket
gethostbyname
gethostname
WSAStartup
WSACleanup
WSAGetLastError
setsockopt
recvfrom
sendto
getaddrinfo
freeaddrinfo
WSAAddressToStringA
inet_ntoa
getnameinfo
send
select
recv
getsockopt
listen
htons
ntohs
__WSAFDIsSet
accept
bind
closesocket
inet_addr
htonl
getsockname
getpeername
connect
ioctlsocket
ntohl

comctl32

ord17

crypt32

CryptQueryObject
CryptMsgGetParam
CertGetNameStringA
CertFindCertificateInStore

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperProvDataFromStateData

dbghelp

SymFromAddr
SymSetOptions
SymGetLineFromAddr64
SymInitialize

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod

psapi

GetPerformanceInfo
GetModuleInformation
GetModuleBaseNameA
EnumProcessModules

mf

MFGetService
MFCreateSourceResolver

mfplat

MFShutdown
MFCreateAttributes
MFGetSystemTime
MFCreateMediaType
MFStartup

mfreadwrite

MFCreateSourceReaderFromMediaSource

propsys

PropVariantToUInt64
PropVariantToUInt32
PropVariantGetStringElem
PropVariantToInt64
PropVariantToStringWithDefault
PSStringFromPropertyKey

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

d3dx11_43

D3DX11CompileFromMemory

d3dcompiler_43

D3DReflect

imm32

ImmSetCompositionStringW
ImmReleaseContext
ImmGetContext
ImmSetConversionStatus
ImmGetCompositionStringW
ImmGetCandidateListW
ImmGetConversionStatus

dinput8

DirectInput8Create

xinput1_3

ord2
ord3

rpcrt4

UuidCreateSequential

iphlpapi

GetIpAddrTable
GetBestRoute
GetIpForwardTable

user32

RegisterRawInputDevices
GetRawInputData
ClientToScreen
GetCursorPos
MapVirtualKeyExW
MapVirtualKeyW
MapVirtualKeyA
GetKeyState
GetDoubleClickTime
SendMessageW
GetKeyboardLayout
GetKeyboardLayoutList
UnloadKeyboardLayout
ActivateKeyboardLayout
LoadKeyboardLayoutW
LockSetForegroundWindow
ClipCursor
ReleaseDC
GetDC
GetForegroundWindow
GetCapture
CreateWindowExW
RegisterClassW
PostMessageA
PeekMessageW
DispatchMessageW
DefWindowProcW
GetCursorInfo
GetMonitorInfoA
MonitorFromPoint
WinHelpA
GetScrollInfo
SetScrollInfo
IsDialogMessageA
LoadStringA
DestroyIcon
LoadIconA
LoadCursorA
GetLastActivePopup
GetClassNameA
FindWindowA
GetParent
SetWindowLongPtrA
SetRect
FillRect
GetSysColor
MapWindowPoints
SetCursorPos
ShowCursor
GetClientRect
GetWindowRect
AdjustWindowRect
GetWindowLongA
MessageBoxW
GetWindowLongPtrA
SystemParametersInfoA
GetDesktopWindow
CharLowerBuffA
TranslateMessage
DispatchMessageA
PeekMessageA
SendMessageA
WaitMessage
DefWindowProcA
PostQuitMessage
CallWindowProcA
RegisterClassA
UnregisterClassA
CreateWindowExA
IsWindow
DestroyWindow
ShowWindow
FlashWindowEx
MoveWindow
SetWindowPos
BringWindowToTop
CreateDialogIndirectParamA
GetDlgItem
CheckDlgButton
GetDialogBaseUnits
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
SetFocus
GetActiveWindow
GetFocus
GetAsyncKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
EnableWindow
GetSystemMetrics
GetSystemMenu
EnableMenuItem
DrawIcon
DrawTextA
UpdateWindow
SetForegroundWindow
BeginPaint
EndPaint
RedrawWindow
SetScrollPos
GetScrollPos
SetWindowTextA
GetWindowTextA
AdjustWindowRectEx
MessageBoxA
MessageBeep

gdi32

GetStockObject
DeleteDC
SetTextColor
SetBkColor
SelectObject
GetTextExtentPoint32A
DeleteObject
GetDeviceCaps
CreateSolidBrush
CreateFontIndirectA
CreateDCA

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegQueryValueExW
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExW
CryptAcquireContextA
RegEnumKeyA
RegOpenKeyA

shell32

SHGetSpecialFolderPathA
ShellExecuteExA
ShellExecuteA
SHGetFolderPathA
SHCreateDirectoryExA
SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteW

ole32

CoTaskMemFree
CLSIDFromString
PropVariantClear
CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantClear

Sections

.text
Size: 33.6MB - Virtual size: 33.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINKBSS
Size: - Virtual size: 96B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9.4MB - Virtual size: 9.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.1MB - Virtual size: 24.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BINKCONS
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 701KB - Virtual size: 701KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

f438b4910369bcd311c453d1821193fd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gfsdk_shadowlib.win64

version

bink2w64

dsound

ws2_32

comctl32

crypt32

wintrust

dbghelp

winmm

psapi

mf

mfplat

mfreadwrite

propsys

wtsapi32

d3dx11_43

d3dcompiler_43

imm32

dinput8

xinput1_3

rpcrt4

iphlpapi

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 33.6MB - Virtual size: 33.6MB

BINK Size: 3KB - Virtual size: 2KB

BINKBSS Size: - Virtual size: 96B

.rdata Size: 9.4MB - Virtual size: 9.4MB

.data Size: 3.1MB - Virtual size: 24.1MB

.pdata Size: 1.2MB - Virtual size: 1.2MB

.tls Size: 7KB - Virtual size: 7KB

BINKCONS Size: 512B - Virtual size: 120B

.reloc Size: 701KB - Virtual size: 701KB

.text
Size: 33.6MB - Virtual size: 33.6MB

BINK
Size: 3KB - Virtual size: 2KB

BINKBSS
Size: - Virtual size: 96B

.rdata
Size: 9.4MB - Virtual size: 9.4MB

.data
Size: 3.1MB - Virtual size: 24.1MB

.pdata
Size: 1.2MB - Virtual size: 1.2MB

.tls
Size: 7KB - Virtual size: 7KB

BINKCONS
Size: 512B - Virtual size: 120B

.reloc
Size: 701KB - Virtual size: 701KB