Static task
static1
Behavioral task
behavioral1
Sample
GTA5-Dump.exe
Resource
win10v2004-20240802-en
General
-
Target
GTADump_[unknowncheats.me]_.zip
-
Size
28.2MB
-
MD5
33dd110be0c002cf8ad409fe05d8b8fe
-
SHA1
b76c869567f76df53c1f69e522fab1e8117cad7a
-
SHA256
cc3c31857f5ee7faf515042c1c0ee79a0552b2cf587481cda57fb64f295a1432
-
SHA512
dae7972cc623a8643278d1acb6f9a9dd001e42abd34bd5374ce7c8fb7d39e285d9345cc4b2d96f97cb5d107ee50f2291aad7fc50afe2dcb4c6897c6498b3c147
-
SSDEEP
786432:JJRknibL87/a+QcQvJd/VBMaQnxscf00sCVnZplt1M:JvUiH8O+y/2Fi4nZpDG
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/GTA5-Dump.exe
Files
-
GTADump_[unknowncheats.me]_.zip.zip
-
GTA5-Dump.exe.exe windows:5 windows x64 arch:x64
83082d726af61aa8c3daf98f64d8f7ac
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
GetFileInformationByHandle
ReadConsoleW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
GetConsoleMode
GetConsoleCP
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
IsProcessorFeaturePresent
IsDebuggerPresent
PeekNamedPipe
GetEnvironmentStringsW
GetStartupInfoW
GetFileType
GetModuleFileNameW
GetStdHandle
SetLastError
LoadLibraryExW
FindFirstFileExW
AreFileApisANSI
GetFullPathNameW
HeapSize
GetFullPathNameA
GetDriveTypeW
GetTimeZoneInformation
RtlUnwindEx
RtlLookupFunctionEntry
RaiseException
RtlPcToFileHeader
DecodePointer
EncodePointer
ResetEvent
GetSystemTimeAsFileTime
GetFileTime
VerifyVersionInfoW
VerSetConditionMask
GetThreadContext
InitializeCriticalSection
LoadLibraryExA
GetOverlappedResult
LocalFree
LocalAlloc
GetSystemDefaultUILanguage
VerifyVersionInfoA
OutputDebugStringA
SetThreadExecutionState
WerSetFlags
QueryPerformanceCounter
CreateSemaphoreA
CreateMutexA
GetSystemInfo
ReleaseMutex
ReleaseSemaphore
OutputDebugStringW
LoadLibraryW
GetStringTypeW
GetDateFormatW
SetEvent
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
ResumeThread
GetThreadPriority
SetThreadPriorityBoost
SetThreadPriority
GetThreadId
GetConsoleWindow
GetTimeFormatW
CompareStringW
LCMapStringW
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
CreateProcessW
GetSystemDirectoryW
lstrcmpA
GetModuleHandleExW
FreeEnvironmentStringsW
GetModuleHandleA
GetCurrentThreadId
GetCurrentThread
CreateThread
GetProcessAffinityMask
GetProcessHeap
HeapFree
HeapAlloc
OpenProcess
GetCurrentProcessId
ExitProcess
CloseHandle
GetModuleFileNameA
GetCommandLineA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetDiskFreeSpaceExA
DeleteFileW
GetFileSize
WriteFile
ReadFile
FindClose
lstrcpyA
lstrcpyW
lstrcatW
lstrlenA
CreateFileW
GetFileAttributesW
FindFirstFileW
FindNextFileW
MultiByteToWideChar
WaitForMultipleObjects
FindFirstChangeNotificationA
FindNextChangeNotification
FindCloseChangeNotification
WaitForSingleObject
FreeLibrary
GetProcAddress
GlobalMemoryStatusEx
GetSystemFirmwareTable
SetHandleInformation
GetNativeSystemInfo
CreatePipe
LoadLibraryA
CreateProcessA
GetEnvironmentVariableA
GetWindowsDirectoryA
GetVolumeInformationA
QueryPerformanceFrequency
GetVersionExA
WideCharToMultiByte
GetUserDefaultUILanguage
GetSystemDefaultLocaleName
DeleteFileA
Sleep
SetFilePointer
CreateEventA
GetCurrentProcess
TerminateProcess
GetLastError
SetEndOfFile
SetFilePointerEx
SetFileTime
GetLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTempPathA
CreateDirectoryA
RemoveDirectoryA
CreateFileA
SetFileAttributesW
GetFileAttributesExW
MoveFileExW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQueryEx
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
VirtualQuery
user32
DispatchMessageW
ShowWindow
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
DefWindowProcW
RegisterRawInputDevices
GetRawInputData
ClientToScreen
GetCursorPos
SetCursorPos
ShowCursor
MapVirtualKeyExW
MapVirtualKeyW
MapVirtualKeyA
GetKeyState
GetDoubleClickTime
SendMessageW
GetKeyboardLayout
GetKeyboardLayoutList
UnloadKeyboardLayout
ActivateKeyboardLayout
LoadKeyboardLayoutW
LockSetForegroundWindow
LoadIconA
LoadCursorA
GetParent
ClipCursor
GetForegroundWindow
GetSystemMetrics
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetCapture
SetFocus
CreateWindowExW
RegisterClassW
PostMessageA
PeekMessageW
TranslateMessage
GetCursorInfo
SetWindowLongPtrA
UpdateWindow
SetWindowPos
GetDesktopWindow
SystemParametersInfoA
GetWindowLongPtrA
GetClientRect
GetWindowRect
AdjustWindowRect
GetWindowLongA
MessageBoxW
steam_api64
SteamAPI_RestartAppIfNecessary
SteamAPI_Init
SteamUser
SteamUtils
SteamUserStats
SteamAPI_RegisterCallback
SteamAPI_UnregisterCallback
SteamApps
SteamAPI_RunCallbacks
SteamFriends
gfsdk_shadowlib.win64
?NV_ShadowLib_AddBuffer@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAUNV_ShadowLib_BufferDesc@@PEAPEAI@Z
?NV_ShadowLib_RemoveBuffer@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAPEAI@Z
?NV_ShadowLib_ClearBuffer@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAI@Z
?NV_ShadowLib_OpenDX@@YA?AW4NV_ShadowLib_Status@@PEAUNV_ShadowLib_Version@@QEIAUNV_ShadowLib_Ctx@@QEIAUID3D11Device@@QEIAUID3D11DeviceContext@@PEAUgfsdk_new_delete_t@@@Z
?NV_ShadowLib_GetVersion@@YA?AW4NV_ShadowLib_Status@@PEAUNV_ShadowLib_Version@@@Z
?NV_ShadowLib_DevModeToggleDebugEyeViewZShader@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAI_N@Z
?NV_ShadowLib_DevModeToggleDebugCascadeShader@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAI_N@Z
?NV_ShadowLib_RenderBufferUsingExternalMap@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAUNV_ShadowLib_ExternalMapDesc@@PEAUID3D11ShaderResourceView@@PEAIPEAUNV_ShadowLib_BufferRenderParams@@@Z
?NV_ShadowLib_FinalizeBuffer@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAIPEAPEAUID3D11ShaderResourceView@@@Z
?NV_ShadowLib_ModulateBuffer@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAIPEAUID3D11RenderTargetView@@Ugfsdk_float3@@@Z
version
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
dsound
ord3
ord6
ord8
ord9
ord1
bink2w64
BinkSetIO
BinkDoFrameAsync
BinkShouldSkip
BinkSetFrameRate
BinkDoFrameAsyncWait
BinkSetSoundTrack
BinkSetSoundSystem
BinkStartAsyncThread
BinkRequestStopAsyncThread
BinkWaitStopAsyncThread
BinkOpen
BinkGetFrameBuffersInfo
BinkOpenDirectSound
BinkSetMemory
BinkSetVolume
BinkGetKeyFrame
BinkGoto
BinkPause
BinkClose
BinkWait
BinkNextFrame
BinkRegisterFrameBuffers
ws2_32
freeaddrinfo
getaddrinfo
shutdown
sendto
select
recvfrom
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
htons
ntohs
accept
bind
closesocket
connect
ioctlsocket
getpeername
getsockname
inet_addr
listen
recv
send
setsockopt
socket
gethostbyname
gethostname
winmm
timeGetTime
timeEndPeriod
timeBeginPeriod
psapi
EnumProcessModules
GetModuleFileNameExA
mf
MFCreateASFProfile
MFCreateSourceResolver
MFGetService
MFCreatePresentationClock
MFCreateASFMediaSinkActivate
MFCreateASFContentInfo
MFShutdownObject
mfplat
MFGetSystemTime
MFCreateSample
MFCreateAttributes
MFShutdown
MFCreateMediaType
MFStartup
MFTEnum
MFCreateSystemTimeSource
MFInitAMMediaTypeFromMFMediaType
MFCreateMemoryBuffer
msdmo
MoFreeMediaType
mfreadwrite
MFCreateSourceReaderFromMediaSource
MFCreateSinkWriterFromURL
propsys
PropVariantToUInt64
PropVariantToInt64
PropVariantGetStringElem
PSStringFromPropertyKey
PropVariantToStringWithDefault
crypt32
CryptQueryObject
CertFindCertificateInStore
CryptMsgGetParam
CertGetNameStringA
wintrust
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust
wtsapi32
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification
d3d9
D3DPERF_EndEvent
D3DPERF_BeginEvent
d3dcompiler_43
D3DReflect
gfsdk_txaa_alpharesolve.win64
TxaaOpenDX
TxaaResolveDX
imm32
ImmReleaseContext
ImmGetCompositionStringW
ImmSetCompositionStringW
ImmGetCandidateListW
ImmSetConversionStatus
ImmGetConversionStatus
ImmGetContext
dinput8
DirectInput8Create
xinput1_3
ord2
ord3
rpcrt4
UuidCreateSequential
shlwapi
SHStrDupW
gdi32
CreateDCA
DeleteDC
GetStockObject
ExtEscape
advapi32
RegOpenKeyExA
RegQueryValueExA
GetUserNameA
RegQueryValueExW
RegOpenKeyExW
CryptAcquireContextA
RegCloseKey
shell32
SHCreateDirectoryExA
SHGetSpecialFolderPathA
SHGetFolderPathA
ShellExecuteExA
ShellExecuteA
ShellExecuteW
ole32
CoInitialize
CoUninitialize
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
PropVariantClear
CoLockObjectExternal
CoTaskMemFree
oleaut32
SysAllocStringByteLen
VariantInit
VariantClear
SysStringLen
SysFreeString
SysAllocString
Sections
.text Size: 23.1MB - Virtual size: 23.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BINK Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
BINKBSS Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 3.4MB - Virtual size: 3.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16.0MB - Virtual size: 16.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 964KB - Virtual size: 968KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BINKCONS Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 183KB - Virtual size: 184KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 854KB - Virtual size: 856KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.text Size: 17.7MB - Virtual size: 17.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ