metasploit | GTAv6[.]exe | Triage

Sharing

General

Target

GTAv6.exe
Size

7KB
MD5

d49abbabce4ad7a1b981a8ab618f984f
SHA1

bbeb431d5266aab7756d8db1129b4becb4149d90
SHA256

b1c1eb1f36e5455661517714d93fc22431ab987fd3c5adb83486fdc419cae08b
SHA512

ecef3478230f3965aeebbd224bad613324c5c4e2bfa6171811cefa772d5f3f39611f4b62b544635e52b58b3ef3e80e4cd289c99e0fb4b9c38e3e2ea51ae68673
SSDEEP

24:eFGStrJ9u0/6LPRnZd0BQAVhnNptVv/6QpuTxy3KkK2UnrpzMHSpoapmB:is0mh0BQYPp4VYvB

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
GTAv6.exe

Files

GTAv6.exe
.exe windows:4 windows x64 arch:x64

b4c6fff030479aa3b12625be67bf4914

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualAlloc
ExitProcess

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.izuz
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE