GtaSaPortable - TheFenix010[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

GtaSaPortable - TheFenix010.rar
Size

531.9MB
MD5

c0d812cc8cf4c1b87d2929b3b8f41dbf
SHA1

08e4ae6356fb58208a7e9a8f1affcebe2bd1d853
SHA256

3e5803521fa43e70bf013c31af628ea15fada7695b29b02c0a1e06350ba95aad
SHA512

c887fd87c96fa3e0b6ce8c26a6483519b5bfa8bd54c80d3e3a05dda5a8b43f62630f7b1c018b133f6b44285eeb27fa1d5ec09d4a57514b7045e4507d423eddb4
SSDEEP

12582912:3WgUejtCF3+5tqrdgggtRRo7YOxV2R6kqOiG6EdCEHV2W:3vRtNsgfN8pHu0YhYM

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/GtaSaPortable - TheFenix010/GTA San Andreas [Setup].exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GtaSaPortable - TheFenix010/DINPUT8.DLL
unpack001/GtaSaPortable - TheFenix010/GTA San Andreas [Setup].exe
unpack002/out.upx

Files

GtaSaPortable - TheFenix010.rar
.rar
GtaSaPortable - TheFenix010/DINPUT8.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

f00d8de45daf67aece783195324e61c3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
ResetEvent
WideCharToMultiByte
SetEvent
GetCurrentProcessId
IsBadReadPtr
IsBadWritePtr
lstrlenW
FreeLibraryAndExitThread
FreeLibrary
GetLastError
WaitForMultipleObjects
SetThreadPriority
CreateThread
CreateEventA
LoadLibraryA
GetTickCount
lstrcmpiA
ReadFileEx
DuplicateHandle
GetCurrentProcess
MultiByteToWideChar
GetVersion
Sleep
ReleaseMutex
WaitForSingleObject
MulDiv
DeviceIoControl
LocalAlloc
LocalReAlloc
SleepEx
ResumeThread
GetProcAddress
DisableThreadLibraryCalls
UnmapViewOfFile
IsBadCodePtr
CompareFileTime
lstrcpyA
lstrcmpA
lstrlenA
LeaveCriticalSection
SystemTimeToFileTime
GetLocalTime
lstrcmpW
GetCurrentThreadId
MapViewOfFile
CreateFileMappingA
CreateMutexA
LoadResource
FindResourceA
CreateProcessA
InitializeCriticalSection
GetCommandLineA
RtlUnwind
ExitProcess
TerminateProcess
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
InterlockedIncrement
GetEnvironmentStringsW
WriteFile
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapAlloc
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
EnterCriticalSection
ReadFile
GetSystemTimeAsFileTime
CreateFileA
CloseHandle
SetFilePointer
GetFileSize
GetFullPathNameA
GetModuleHandleA
GetModuleFileNameA
InterlockedDecrement
InterlockedExchange
LocalFree
lstrcpyW
WriteFileEx
GetEnvironmentStrings

advapi32

RegCreateKeyExA
GetUserNameA
RegCreateKeyA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueA
RegOpenKeyA
RegQueryInfoKeyA
RegEnumKeyA
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

user32

ShowCursor
wsprintfA
CharUpperA
UnhookWindowsHookEx
GetWindowThreadProcessId
GetForegroundWindow
GetWindowLongA
CallNextHookEx
SetWindowsHookExA
PostThreadMessageA
MsgWaitForMultipleObjects
DispatchMessageA
TranslateMessage
PeekMessageA
GetInputState
SystemParametersInfoA
IntersectRect
GetWindowRect
GetDesktopWindow
MapWindowPoints
GetClientRect
ReleaseCapture
SetCursorPos
mouse_event
GetAsyncKeyState
SetCapture
ClipCursor
PostMessageA
GetMessageTime
SendNotifyMessageA
GetCursorPos
GetSystemMetrics
MapVirtualKeyA
LoadStringA
keybd_event
GetKeyboardType
IsRectEmpty
SubtractRect
SendMessageA
RegisterWindowMessageA
FindWindowA
SetWindowLongA
DefWindowProcA
GetPropA
SetPropA
RemovePropA
CallWindowProcA
IsWindow
ToAsciiEx
MapVirtualKeyExA
GetKeyboardLayout
GetActiveWindow
GetKeyNameTextA
GetKeyNameTextW

Exports

Exports

DirectInput8Create
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GtaSaPortable - TheFenix010/GTA San Andreas [Setup].exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GtaSaPortable - TheFenix010/Importante leer!! - TheFenix010.txt
GtaSaPortable - TheFenix010/TheFenix010.url

Sharing

General

Malware Config

Signatures

Files

f00d8de45daf67aece783195324e61c3

Headers

File Characteristics

Imports

kernel32

advapi32

user32

Exports

Exports

Sections

.text Size: 144KB - Virtual size: 140KB

.data Size: 12KB - Virtual size: 47KB

.rsrc Size: 36KB - Virtual size: 36KB

.reloc Size: 8KB - Virtual size: 7KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 128KB

UPX1 Size: 65KB - Virtual size: 68KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 112KB - Virtual size: 112KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 13KB - Virtual size: 40KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 144KB - Virtual size: 140KB

.data
Size: 12KB - Virtual size: 47KB

.rsrc
Size: 36KB - Virtual size: 36KB

.reloc
Size: 8KB - Virtual size: 7KB

UPX0
Size: - Virtual size: 128KB

UPX1
Size: 65KB - Virtual size: 68KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 112KB - Virtual size: 112KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 13KB - Virtual size: 40KB

.rsrc
Size: 6KB - Virtual size: 5KB