386a1be54758e5d14f68ad0766c7611444c9d5c3430af2c3f00ff4543f585a49

Sharing

Copy URL

Twitter E-mail

General

Target

386a1be54758e5d14f68ad0766c7611444c9d5c3430af2c3f00ff4543f585a49
Size

85.7MB
MD5

08b60632e9a312a08f804c6e2b1bb10f
SHA1

459051bc344d17982d9daa2d1a698c1d77f662f6
SHA256

386a1be54758e5d14f68ad0766c7611444c9d5c3430af2c3f00ff4543f585a49
SHA512

f02f162f6e7d96eeb9eca5df8f8f979d633c60ce992e296d1734a9f48d56c131fbf4dc2677607441c7ff2fcdae3e118d67e026ed3eb442bbb0de64d309c4b824
SSDEEP

786432:pLGLNWfahYRY3Cf9hgdzhsPj852TgHLjnqrwUO5o:EmWYG3Cf7gd1sPQ5Brjqrwv5o

Score

1^/10

Malware Config

Signatures

Files

386a1be54758e5d14f68ad0766c7611444c9d5c3430af2c3f00ff4543f585a49
.exe windows:6 windows x64 arch:x64

c3ab37042c9add426f1d508266b201e7

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:65:f4:57:25:17:cb:cc:aa:8b:37:76:58:0a:8d:3d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-02-2020 00:00

Not After

17-02-2023 12:00

Subject

CN=Rockstar Games\, Inc.,OU=Rockstar Games,O=Rockstar Games\, Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a1:c3:0e:71:dd:46:59:c7:52:a4:62:8c:da:05:e6:b4:e7:e6:2d:ec
Signer

Actual PE Digest

a1:c3:0e:71:dd:46:59:c7:52:a4:62:8c:da:05:e6:b4:e7:e6:2d:ec

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
GetNumaHighestNodeNumber
GetVersionExW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
ReadConsoleW
FlushFileBuffers
HeapReAlloc
GetCurrentDirectoryW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
DeleteTimerQueueTimer
IsValidLocale
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
GetACP
FreeLibraryAndExitThread
GetModuleHandleExW
HeapSize
GetFullPathNameA
GetDriveTypeW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
SetConsoleTitleA
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
GetConsoleWindow
GetModuleHandleA
WriteConsoleA
AllocConsole
GetFullPathNameW
CompareFileTime
lstrcmpA
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SignalObjectAndWait
GetUserDefaultLCID
GetFileSize
GetPhysicallyInstalledSystemMemory
TerminateProcess
GetSystemDirectoryW
OutputDebugStringW
FindFirstFileExW
DuplicateHandle
LoadLibraryW
WaitNamedPipeW
TransactNamedPipe
CreateNamedPipeW
SetNamedPipeHandleState
LockFileEx
UnlockFileEx
GetFileType
SleepEx
CreateProcessW
GetVersion
GetStdHandle
InitializeSListHead
IsProcessorFeaturePresent
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
GetStringTypeW
LCMapStringW
CompareStringW
GetTickCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
SetLastError
GetCPInfo
RaiseException
DecodePointer
EncodePointer
RtlPcToFileHeader
FormatMessageW
GetLocaleInfoW
InitializeCriticalSection
GetThreadContext
GetSystemTimeAsFileTime
GetOverlappedResult
CreateFileA
VerifyVersionInfoW
CreateEventExA
VerSetConditionMask
GetSystemDefaultUILanguage
GlobalAddAtomA
LocalFree
QueryPerformanceCounter
GetCommandLineW
CloseHandle
WaitForSingleObject
GetCurrentProcess
GetCurrentProcessId
OpenProcess
GetModuleFileNameW
CreateToolhelp32Snapshot
Process32First
Process32Next
K32EnumProcessModules
K32GetModuleFileNameExA
GetProcessHandleCount
DeleteFileW
QueryPerformanceFrequency
ExitProcess
FindClose
FindFirstFileExA
FindNextFileA
GetDiskFreeSpaceExA
GlobalMemoryStatusEx
GetVersionExA
GetNativeSystemInfo
FreeLibrary
GetModuleFileNameA
LoadLibraryA
WideCharToMultiByte
LCIDToLocaleName
GetUserDefaultUILanguage
VirtualAlloc
VirtualProtect
GetProcAddress
VirtualQueryEx
ReadProcessMemory
GetWriteWatch
ResetWriteWatch
GetModuleHandleExA
GetDiskFreeSpaceExW
MultiByteToWideChar
CreateFileW
ReadFile
SetFilePointer
CreateEventA
Sleep
lstrcmpW
GetCommandLineA
CreateDirectoryW
FindFirstFileW
FindNextFileW
OutputDebugStringA
SetUnhandledExceptionFilter
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
SetEvent
ReleaseSemaphore
ReleaseMutex
CreateMutexA
CreateThread
GetCurrentThread
GetCurrentThreadId
OpenThread
SetThreadPriority
GetThreadPriority
ResumeThread
SetPriorityClass
GetSystemInfo
GetLocalTime
VirtualFree
GetModuleHandleW
LoadLibraryExW
GetProcessAffinityMask
SetThreadAffinityMask
CreateSemaphoreA
GetSystemDefaultLocaleName
WerRegisterFile
WerSetFlags
FileTimeToLocalFileTime
GetFileAttributesW
GetFileAttributesExW
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
SetFileTime
WriteFile
GetTempPathW
ResetEvent
MapViewOfFile
UnmapViewOfFile
FormatMessageA
CreateFileMappingA
MoveFileExW
MoveFileWithProgressW
FileTimeToSystemTime
LocalAlloc
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
K32EnumProcesses
K32GetProcessImageFileNameA
VirtualQuery

user32

SetWindowsHookExA
CallNextHookEx
CreateIconIndirect
ShowWindow
DisplayConfigGetDeviceInfo
QueryDisplayConfig
GetWindowThreadProcessId
UnhookWindowsHookEx
EnumDisplayDevicesA
EnumDisplaySettingsW
EnumDisplaySettingsA
ChangeDisplaySettingsExA
GetDesktopWindow
GetWindowLongA
AdjustWindowRectEx
AdjustWindowRect
SetActiveWindow
CreateWindowExW
RegisterClassW
DefWindowProcW
PostMessageA
RegisterRawInputDevices
GetRawInputData
LoadCursorA
EnumDisplayDevicesW
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
ShowCursor
SetPropA
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
MapVirtualKeyExW
MapVirtualKeyW
MapVirtualKeyA
RegisterTouchWindow
CloseTouchInputHandle
GetTouchInputInfo
keybd_event
VkKeyScanExW
GetKeyState
CharNextA
GetDoubleClickTime
PostMessageW
SendMessageW
GetMessageExtraInfo
GetKeyboardLayout
GetKeyboardLayoutList
UnloadKeyboardLayout
ActivateKeyboardLayout
LoadKeyboardLayoutW
GetCursorInfo
MonitorFromPoint
ClipCursor
MonitorFromWindow
MessageBoxW
SystemParametersInfoA
MessageBoxA
LoadStringW
TranslateMessage
DispatchMessageA
PeekMessageA
WaitMessage
DestroyWindow
SetWindowPos
SetFocus
GetSystemMetrics
UpdateWindow
SetForegroundWindow
SetWindowTextA
GetClientRect
GetWindowRect
SetRect
GetWindowLongPtrA
SetWindowLongPtrA
GetParent
LoadIconA
DestroyIcon

iphlpapi

GetBestRoute
GetIpForwardTable2
FreeMibTable
GetIpAddrTable

dsound

ord1
ord9
ord3
ord6
ord8

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod

emp

EMP

mfplat

MFCreateMediaType
MFShutdown
MFCreateAttributes
MFStartup
MFCreateSourceResolver
MFGetSystemTime

mfreadwrite

MFCreateSourceReaderFromMediaSource

propsys

PropVariantGetStringElem
PropVariantToInt64

ws2_32

WSAGetLastError
getsockopt
recvfrom
sendto
shutdown
send
freeaddrinfo
htonl
WSAStartup
getnameinfo
ntohl
select
setsockopt
gethostname
gethostbyname
socket
WSACleanup
recv
ntohs
listen
inet_addr
htons
WSAAddressToStringA
getsockname
ioctlsocket
connect
closesocket
bind
accept
getaddrinfo
__WSAFDIsSet

comctl32

ord345

crypt32

CryptMsgGetParam
CryptQueryObject
CertFindCertificateInStore
CertGetNameStringA

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust

imm32

ImmGetCandidateListW
ImmSetCompositionStringW
ImmGetCompositionStringW
ImmReleaseContext
ImmGetConversionStatus
ImmGetContext
ImmSetConversionStatus

dinput8

DirectInput8Create

xinput9_1_0

XInputSetState
XInputGetState

oo2core_5_win64

OodleLZ_GetDecodeBufferSize
OodleNetwork1UDP_StateCompacted_MaxSize
OodleNetwork1UDP_Decode
OodleNetwork1UDP_Encode
OodleNetwork1UDP_State_Size
OodleNetwork1_Shared_SetWindow
OodleNetwork1_CompressedBufferSizeNeeded
OodleNetwork1_Shared_Size
OodleNetwork1UDP_State_Uncompact
OodleLZ_Decompress
OodleLZ_GetCompressedBufferSizeNeeded
OodleLZDecoder_DecodeSome
OodleLZDecoder_Destroy
OodleLZDecoder_MemorySizeNeeded
OodleLZDecoder_Create

amd_ags_x64

agsInit

d3d9

Direct3DCreate9Ex

bcrypt

BCryptGenRandom
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptFinishHash
BCryptHashData
BCryptGenerateKeyPair
BCryptEncrypt
BCryptDecrypt
BCryptExportKey
BCryptImportKeyPair
BCryptFinalizeKeyPair
BCryptDestroyKey
BCryptDestroySecret
BCryptSecretAgreement
BCryptDeriveKey
BCryptCreateHash

rpcrt4

UuidCreateSequential

version

VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoW

bink2w64

BinkStartAsyncThread
BinkSetSoundSystem
BinkSetWillLoop
BinkWait
BinkOpenDirectSound
BinkSetMemory
BinkWaitStopAsyncThreadsMulti
BinkRequestStopAsyncThreadsMulti
BinkDoFrameAsyncWait
BinkDoFrameAsyncMulti
BinkOpenWithOptions
BinkGetFrameBuffersInfo
BinkRegisterFrameBuffers
BinkSetOSFileCallbacks
BinkShouldSkip
BinkSetVolume
BinkGetPlatformInfo
BinkFreeGlobals
BinkGetKeyFrame
BinkGoto
BinkPause
BinkClose
BinkNextFrame

gdi32

CreateBitmap
GetStockObject
DeleteObject

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW
SystemFunction036
CryptAcquireContextA
RegGetValueW

shell32

ShellExecuteW
SHGetFolderPathW
ShellExecuteA
SHGetKnownFolderPath
SHGetSpecialFolderPathA
ShellExecuteExW

ole32

PropVariantClear
CoInitialize
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance

oleaut32

SysFreeString
VariantClear
SysStringLen
SysAllocString

Exports

Exports

NVSDK_NGX_D3D12_AllocateParameters
NVSDK_NGX_D3D12_CreateFeature
NVSDK_NGX_D3D12_DestroyParameters
NVSDK_NGX_D3D12_EvaluateFeature
NVSDK_NGX_D3D12_EvaluateFeature_C
NVSDK_NGX_D3D12_GetCapabilityParameters
NVSDK_NGX_D3D12_GetParameters
NVSDK_NGX_D3D12_GetScratchBufferSize
NVSDK_NGX_D3D12_ReleaseFeature
NVSDK_NGX_D3D12_Shutdown
NVSDK_NGX_Parameter_GetD
NVSDK_NGX_Parameter_GetD3d11Resource
NVSDK_NGX_Parameter_GetD3d12Resource
NVSDK_NGX_Parameter_GetF
NVSDK_NGX_Parameter_GetI
NVSDK_NGX_Parameter_GetUI
NVSDK_NGX_Parameter_GetULL
NVSDK_NGX_Parameter_GetVoidPointer
NVSDK_NGX_Parameter_SetD
NVSDK_NGX_Parameter_SetD3d11Resource
NVSDK_NGX_Parameter_SetD3d12Resource
NVSDK_NGX_Parameter_SetF
NVSDK_NGX_Parameter_SetI
NVSDK_NGX_Parameter_SetUI
NVSDK_NGX_Parameter_SetULL
NVSDK_NGX_Parameter_SetVoidPointer
NVSDK_NGX_VULKAN_AllocateParameters
NVSDK_NGX_VULKAN_CreateFeature
NVSDK_NGX_VULKAN_DestroyParameters
NVSDK_NGX_VULKAN_EvaluateFeature
NVSDK_NGX_VULKAN_EvaluateFeature_C
NVSDK_NGX_VULKAN_GetCapabilityParameters
NVSDK_NGX_VULKAN_GetParameters
NVSDK_NGX_VULKAN_GetScratchBufferSize
NVSDK_NGX_VULKAN_Init
NVSDK_NGX_VULKAN_ReleaseFeature
NVSDK_NGX_VULKAN_RequiredExtensions
NVSDK_NGX_VULKAN_Shutdown

Sections

.text
Size: 51.2MB - Virtual size: 51.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5.4MB - Virtual size: 35.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPADinfo
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 390KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 877KB - Virtual size: 877KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 19.4MB - Virtual size: 19.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c3ab37042c9add426f1d508266b201e7

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0f:65:f4:57:25:17:cb:cc:aa:8b:37:76:58:0a:8d:3dCertificate

Extended Key Usages

Key Usages

a1:c3:0e:71:dd:46:59:c7:52:a4:62:8c:da:05:e6:b4:e7:e6:2d:ecSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

iphlpapi

dsound

winmm

emp

mfplat

mfreadwrite

propsys

ws2_32

comctl32

crypt32

wintrust

imm32

dinput8

xinput9_1_0

oo2core_5_win64

amd_ags_x64

d3d9

bcrypt

rpcrt4

version

bink2w64

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 51.2MB - Virtual size: 51.2MB

.rdata Size: 6.2MB - Virtual size: 6.2MB

.data Size: 5.4MB - Virtual size: 35.5MB

.pdata Size: 2.2MB - Virtual size: 2.2MB

_RDATA Size: 40KB - Virtual size: 40KB

CPADinfo Size: 512B - Virtual size: 512B

.rsrc Size: 390KB - Virtual size: 390KB

.reloc Size: 877KB - Virtual size: 877KB

.idata Size: 17KB - Virtual size: 17KB

.text Size: 19.4MB - Virtual size: 19.4MB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0f:65:f4:57:25:17:cb:cc:aa:8b:37:76:58:0a:8d:3d
Certificate

a1:c3:0e:71:dd:46:59:c7:52:a4:62:8c:da:05:e6:b4:e7:e6:2d:ec
Signer

.text
Size: 51.2MB - Virtual size: 51.2MB

.rdata
Size: 6.2MB - Virtual size: 6.2MB

.data
Size: 5.4MB - Virtual size: 35.5MB

.pdata
Size: 2.2MB - Virtual size: 2.2MB

_RDATA
Size: 40KB - Virtual size: 40KB

CPADinfo
Size: 512B - Virtual size: 512B

.rsrc
Size: 390KB - Virtual size: 390KB

.reloc
Size: 877KB - Virtual size: 877KB

.idata
Size: 17KB - Virtual size: 17KB

.text
Size: 19.4MB - Virtual size: 19.4MB