RockstarService[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

RockstarService.exe
Size

1.9MB
MD5

6f9ea3e4de56fc7f5898bfe15589f931
SHA1

fca2a3393cedb7de49c6abad69f2acc7354dfd66
SHA256

aeec8dcf4f2de8c16d72eef4f07b1857e3ac73c7c78f510fb3474cd8afb740b5
SHA512

2e335da8a87378b41143ae47351e9197cbbb6ad72615e3a3056a94acb988987fb604432520d664fd22449bf640e7dc1eff9c31e08784287944cc7ca40584d2b7
SSDEEP

49152:h5GjXAtGM1wyaOWHYRyOU+tits0yg1gb+OP8:HMaNzmHYbKsdgib+h

Score

1^/10

Malware Config

Signatures

Files

RockstarService.exe
.exe windows:6 windows x64 arch:x64

5ded821259fa82fc7798ba0bebeb665e

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:65:f4:57:25:17:cb:cc:aa:8b:37:76:58:0a:8d:3d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/02/2020, 00:00

Not After

17/02/2023, 12:00

Subject

CN=Rockstar Games\, Inc.,OU=Rockstar Games,O=Rockstar Games\, Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f7:b7:b2:28:c8:6d:86:6e:b2:0c:4d:d6:d7:d6:be:f4:d9:0d:7a:e6
Signer

Actual PE Digest

f7:b7:b2:28:c8:6d:86:6e:b2:0c:4d:d6:d7:d6:be:f4:d9:0d:7a:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileW
DeleteFileW
RemoveDirectoryW
SetEndOfFile
SetFilePointerEx
WriteFile
CloseHandle
GetLastError
SetLastError
GetOverlappedResult
QueueUserWorkItem
CopyFileExW
MoveFileWithProgressW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
WaitForSingleObject
GetExitCodeProcess
GetModuleFileNameW
GetCommandLineW
LocalFree
SetEvent
CreateEventW
Sleep
UnregisterWaitEx
RegisterWaitForSingleObject
GetCurrentProcess
FormatMessageA
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
HeapSize
WriteConsoleW
SetStdHandle
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
MultiByteToWideChar
WideCharToMultiByte
GetTempPathW
ReleaseMutex
CreateMutexW
GetSystemTime
SystemTimeToFileTime
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetDllDirectoryW
ReadFile
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
OpenProcess
GetNamedPipeClientProcessId
K32GetModuleFileNameExW
IsDebuggerPresent
OutputDebugStringW
GetLocalTime
GetFileSizeEx
SetFilePointer
GetCurrentProcessId
GetCurrentThreadId
MoveFileW
QueryPerformanceCounter
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
GetStartupInfoW
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
GetACP
HeapAlloc
HeapFree
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlUnwind
K32EnumProcesses
K32GetProcessImageFileNameA
LoadLibraryA
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler

shell32

SHGetKnownFolderPath
CommandLineToArgvW
ShellExecuteExW

ole32

CoTaskMemFree

Sections

.text
Size: 332KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ded821259fa82fc7798ba0bebeb665e

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0f:65:f4:57:25:17:cb:cc:aa:8b:37:76:58:0a:8d:3dCertificate

Extended Key Usages

Key Usages

f7:b7:b2:28:c8:6d:86:6e:b2:0c:4d:d6:d7:d6:be:f4:d9:0d:7a:e6Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ole32

Sections

.text Size: 332KB - Virtual size: 332KB

.rdata Size: 221KB - Virtual size: 221KB

.data Size: 12KB - Virtual size: 83KB

.pdata Size: 17KB - Virtual size: 17KB

.rsrc Size: 299KB - Virtual size: 299KB

.reloc Size: 4KB - Virtual size: 4KB

.text Size: 1.1MB - Virtual size: 1.1MB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0f:65:f4:57:25:17:cb:cc:aa:8b:37:76:58:0a:8d:3d
Certificate

f7:b7:b2:28:c8:6d:86:6e:b2:0c:4d:d6:d7:d6:be:f4:d9:0d:7a:e6
Signer

.text
Size: 332KB - Virtual size: 332KB

.rdata
Size: 221KB - Virtual size: 221KB

.data
Size: 12KB - Virtual size: 83KB

.pdata
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 299KB - Virtual size: 299KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 1.1MB - Virtual size: 1.1MB