× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 864338357ffce4568fce8bdf5a7260178e8264e4663b96e704489025f963516b
File name: 155407-lr300-gtasa.exe
Detection ratio: 0 / 57
Analysis date: 2015-03-10 13:29:51 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware 20150310
AegisLab 20150310
Yandex 20150309
AhnLab-V3 20150310
Alibaba 20150310
ALYac 20150310
Antiy-AVL 20150310
Avast 20150310
AVG 20150310
Avira (no cloud) 20150310
AVware 20150310
Baidu-International 20150310
BitDefender 20150310
Bkav 20150310
ByteHero 20150310
CAT-QuickHeal 20150310
ClamAV 20150310
CMC 20150304
Comodo 20150310
Cyren 20150310
DrWeb 20150310
Emsisoft 20150310
ESET-NOD32 20150310
F-Prot 20150310
F-Secure 20150310
Fortinet 20150310
GData 20150310
Ikarus 20150310
Jiangmin 20150310
K7AntiVirus 20150310
K7GW 20150310
Kaspersky 20150310
Kingsoft 20150310
Malwarebytes 20150310
McAfee 20150310
McAfee-GW-Edition 20150310
Microsoft 20150310
eScan 20150310
NANO-Antivirus 20150310
Norman 20150310
nProtect 20150310
Panda 20150310
Qihoo-360 20150310
Rising 20150310
Sophos AV 20150310
SUPERAntiSpyware 20150310
Symantec 20150310
Tencent 20150310
TheHacker 20150310
TotalDefense 20150309
TrendMicro 20150310
TrendMicro-HouseCall 20150310
VBA32 20150310
VIPRE 20150310
ViRobot 20150310
Zillya 20150310
Zoner 20150310
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
www.GameModding.net

Product ModInstall
File version 3.1.0.0
Description ModInstall 3.0
Signature verification Signed file, verified signature
Signing date 2:24 PM 3/10/2015
Signers
[+] Game Modding
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO Code Signing CA 2
Valid from 1:00 AM 3/28/2014
Valid to 12:59 AM 3/29/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint D26D864742B145F97ED2CF74EB576F74019D74DF
Serial number 3E 16 94 7B 50 77 C6 1E F3 CB C7 38 E5 55 88 F2
[+] COMODO Code Signing CA 2
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbprint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
Counter signers
[+] GlobalSign TSA for MS Authenticode - G1
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 1:00 AM 8/23/2013
Valid to 1:00 AM 9/23/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 8CE69F5012E1D1A8FB395E2E31E2B42BDE3B343B
Serial number 11 21 40 5C 1F 0E D2 58 88 2B E5 4D 86 86 BA 11 EA 45
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 4/13/2011
Valid to 1:00 PM 1/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-02-17 09:14:27
Entry Point 0x00001D74
Number of sections 9
PE sections
Overlays
MD5 a4f0b2e739ceccd92b75a78ef60c8915
File type data
Offset 3612160
Size 2572136
Entropy 7.01
PE imports
RegCreateKeyExW
RegCloseKey
RegRestoreKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteKeyW
CryptHashData
RegQueryValueExW
CryptCreateHash
RegFlushKey
OpenProcessToken
RegConnectRegistryW
RegOpenKeyExW
RegReplaceKeyW
GetTokenInformation
CryptVerifySignatureW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
OpenThreadToken
InitiateSystemShutdownW
RegLoadKeyW
CryptAcquireContextW
RegDeleteValueW
RegSetValueExW
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
RegSaveKeyW
EqualSid
RegUnLoadKeyW
ImageList_Merge
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_GetImageInfo
FlatSB_SetScrollInfo
ImageList_SetImageCount
Ord(17)
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_DragMove
FlatSB_SetScrollProp
ImageList_Remove
ImageList_GetDragImage
ImageList_DrawEx
ImageList_SetIconSize
ImageList_Write
ImageList_GetImageCount
ImageList_Replace
ImageList_SetOverlayImage
ImageList_Destroy
ImageList_AddMasked
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
ImageList_GetIcon
FlatSB_SetScrollPos
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
InitializeFlatSB
ImageList_LoadImageW
FlatSB_GetScrollPos
ImageList_DragShowNolock
ImageList_Create
ImageList_Read
ImageList_Copy
Ord(8)
ImageList_EndDrag
ChooseColorA
GetSaveFileNameW
GetOpenFileNameW
SetDIBits
GetTextMetricsW
SetMapMode
GetWindowOrgEx
ResizePalette
GetPaletteEntries
CombineRgn
CopyEnhMetaFileW
SetPixel
EndDoc
IntersectClipRect
AngleArc
GetTextExtentPointW
CreatePalette
CreateDIBitmap
CreateEllipticRgnIndirect
GetEnhMetaFileBits
StretchBlt
StretchDIBits
ArcTo
Pie
Arc
ExtCreatePen
GetFontData
SetWinMetaFileBits
SetRectRgn
GetDIBColorTable
DeleteEnhMetaFile
TextOutW
CreateFontIndirectW
OffsetRgn
EnumFontsW
GetCurrentPositionEx
TextOutA
CreateRectRgnIndirect
LPtoDP
GetBitmapBits
GetBrushOrgEx
ExcludeClipRect
SetBkMode
BitBlt
FillRgn
SetAbortProc
FrameRgn
CreateBrushIndirect
SelectPalette
SetBkColor
ExtSelectClipRgn
StartDocW
SetROP2
EndPage
GetNearestPaletteIndex
SetDIBColorTable
DeleteObject
CreatePenIndirect
SetGraphicsMode
PatBlt
CreatePen
GetClipBox
Rectangle
GetDeviceCaps
LineTo
DeleteDC
SetWorldTransform
SetEnhMetaFileBits
GetSystemPaletteEntries
StartPage
GetObjectW
CreateDCW
RealizePalette
CreatePatternBrush
ExtTextOutW
CreateBitmap
RectVisible
GetStockObject
PlayEnhMetaFile
ExtTextOutA
UnrealizeObject
GdiFlush
RoundRect
GetWinMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
SetWindowOrgEx
GetTextExtentPoint32W
CreatePolygonRgn
Polygon
CreateHalftonePalette
GetRgnBox
SaveDC
CreateICW
MaskBlt
GetEnhMetaFilePaletteEntries
RestoreDC
GetPixel
CreateDIBSection
SetTextColor
ExtFloodFill
MoveToEx
EnumFontFamiliesExW
SetViewportOrgEx
CreateRoundRectRgn
CreateCompatibleDC
PolyBezierTo
SetStretchBltMode
PolyBezier
Chord
SetBrushOrgEx
CreateRectRgn
SelectObject
CreateCompatibleBitmap
CreateSolidBrush
Polyline
GetDIBits
AbortDoc
Ellipse
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
SetEvent
GetPrivateProfileSectionNamesW
GetFileAttributesW
GetPrivateProfileStructW
CreatePipe
GetCurrentProcess
GetDriveTypeW
GetLocaleInfoA
LocalAlloc
GetVolumeInformationW
SetErrorMode
GetLocaleInfoW
SetFileAttributesA
GetFileTime
IsDBCSLeadByteEx
GetCPInfo
lstrcmpiA
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
GetTempPathW
WaitForSingleObject
SetStdHandle
WritePrivateProfileStructW
GetStringTypeW
ResumeThread
EnumDateFormatsW
GetExitCodeProcess
LocalFree
FormatMessageW
GetThreadPriority
GetTimeZoneInformation
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
QueryDosDeviceW
GetFullPathNameW
WritePrivateProfileStringW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
InitializeCriticalSection
CopyFileW
lstrcpynW
GetModuleFileNameW
TryEnterCriticalSection
Beep
IsDebuggerPresent
ExitProcess
lstrcpyW
SwitchToThread
GetModuleFileNameA
GetPriorityClass
InterlockedExchangeAdd
SetConsoleCtrlHandler
WritePrivateProfileSectionW
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
GetPrivateProfileStringW
SetFilePointer
SetFileAttributesW
GlobalAddAtomW
CreateThread
GetSystemDirectoryW
GetSystemDefaultUILanguage
DeleteCriticalSection
GetExitCodeThread
CreateMutexW
MulDiv
ExitThread
SetPriorityClass
WaitForMultipleObjectsEx
TerminateProcess
GetVersion
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
GlobalFindAtomW
GlobalSize
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
OpenProcess
DeleteFileA
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
GetProcessHeap
GetTempFileNameW
GetComputerNameW
CompareStringW
WriteFile
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
lstrcpyA
CompareStringA
FindFirstFileW
IsValidLocale
DuplicateHandle
FindFirstFileExW
GetUserDefaultLCID
GetPrivateProfileSectionW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
SystemTimeToFileTime
GlobalDeleteAtom
GetShortPathNameW
GetSystemInfo
lstrlenA
GlobalFree
LCMapStringA
GetTimeFormatW
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
lstrlenW
WinExec
Process32NextW
VirtualFree
EnumTimeFormatsW
GetCPInfoExW
GetEnvironmentStrings
CompareFileTime
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
InterlockedCompareExchange
Process32FirstW
GetCurrentThread
SuspendThread
GetSystemDefaultLangID
RaiseException
UnhandledExceptionFilter
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
OpenMutexW
GetACP
GlobalLock
GetModuleHandleW
FreeResource
FileTimeToLocalFileTime
SizeofResource
TlsGetValue
GetLocalTime
GetCurrentDirectoryW
FindResourceW
CreateProcessW
Sleep
SetThreadPriority
VirtualAlloc
ResetEvent
GradientFill
TransparentBlt
AlphaBlend
OleUninitialize
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CLSIDFromProgID
RevokeDragDrop
IsEqualGUID
CoTaskMemFree
OleInitialize
VariantChangeType
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayPtrOfIndex
SysAllocStringLen
SafeArrayUnaccessData
VariantCopyInd
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
GetErrorInfo
SysFreeString
SafeArrayPutElement
VariantInit
DragQueryFileW
SHBrowseForFolderW
DragAcceptFiles
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderPathA
DragQueryPoint
ShellExecuteExW
SHGetFileInfoW
ExtractIconW
Shell_NotifyIconW
SHGetPathFromIDListA
SHGetSpecialFolderPathW
SHGetMalloc
ShellExecuteA
DragFinish
SHGetFolderPathW
RedrawWindow
GetForegroundWindow
VkKeyScanExW
DrawTextW
EnableScrollBar
DestroyMenu
PostQuitMessage
GetMessagePos
DrawStateW
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
CharUpperBuffA
WindowFromPoint
IntersectRect
PeekMessageA
CharUpperBuffW
SetMenuItemInfoW
SendMessageW
SetActiveWindow
GetDC
GetCursorPos
DrawTextA
GetMenuStringW
DefFrameProcW
EndMenu
TranslateMessage
OpenClipboard
SendMessageA
UnregisterClassW
GetClassInfoW
SetWindowContextHelpId
DefWindowProcW
CharLowerBuffA
LoadImageW
SetScrollPos
CallNextHookEx
IsClipboardFormatAvailable
MsgWaitForMultipleObjectsEx
GetClientRect
GetKeyboardState
keybd_event
GetActiveWindow
GetUpdateRgn
GetWindowTextW
EnumClipboardFormats
GetWindowTextLengthW
MsgWaitForMultipleObjects
GetTopWindow
GetKeyState
GetMenuContextHelpId
DestroyWindow
DrawEdge
GetParent
UpdateWindow
GetPropW
EqualRect
SetClassLongW
EnumWindows
GetMenuState
GetWindowContextHelpId
ShowWindow
DrawFrameControl
SetPropW
EnumDisplayMonitors
PeekMessageW
SetWindowsHookExW
EnableWindow
SetWindowPlacement
CharUpperW
LoadIconW
SetParent
IsWindowEnabled
GetWindow
ActivateKeyboardLayout
SetClipboardData
GetMenuItemID
GetIconInfo
GetQueueStatus
RegisterClassW
ScrollWindow
IsZoomed
GetWindowPlacement
LoadStringW
SetWindowLongW
GetKeyboardLayoutList
DrawMenuBar
EnableMenuItem
InvertRect
DrawFocusRect
GetDCEx
GetKeyboardLayout
FillRect
EnumThreadWindows
MonitorFromPoint
CreateAcceleratorTableW
GetSysColorBrush
IsWindowUnicode
CreateWindowExW
ReleaseDC
GetWindowLongW
CharNextW
IsChild
IsDialogMessageA
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
ReleaseCapture
EmptyClipboard
BeginPaint
OffsetRect
DefMDIChildProcW
GetScrollPos
CopyIcon
GetKeyboardLayoutNameW
KillTimer
MapVirtualKeyW
SetTimer
SetMenuContextHelpId
CheckMenuRadioItem
GetClipboardData
LoadBitmapW
GetSystemMetrics
IsIconic
SetScrollRange
BroadcastSystemMessage
GetWindowRect
InflateRect
SetCapture
DrawIcon
EnumChildWindows
GetScrollRange
GetMessageExtraInfo
CharLowerW
ShowOwnedPopups
PostMessageW
InvalidateRect
WaitMessage
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetClassLongW
GetLastActivePopup
DrawIconEx
SetWindowTextW
CreateMenu
RemovePropW
FindWindowW
ClientToScreen
CountClipboardFormats
GetMenuItemCount
AttachThreadInput
DestroyAcceleratorTable
GetDesktopWindow
IsDialogMessageW
LoadCursorW
GetSystemMenu
FindWindowExW
DispatchMessageW
InsertMenuW
SetForegroundWindow
ExitWindowsEx
SetFocus
GetMenuItemInfoW
GetAsyncKeyState
wvsprintfW
CharLowerBuffW
DrawTextExW
GetScrollInfo
HideCaret
CreateIconIndirect
GetCapture
ScreenToClient
MessageBeep
RemoveMenu
GetWindowThreadProcessId
ShowScrollBar
MessageBoxW
GetMenu
MonitorFromRect
SetMenu
MoveWindow
LoadKeyboardLayoutW
MessageBoxA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
TrackPopupMenu
GetSysColor
RegisterClipboardFormatW
SetScrollInfo
CopyImage
GetWindowRgn
DestroyIcon
IsWindowVisible
WinHelpW
SetCursorPos
SystemParametersInfoW
MonitorFromWindow
FrameRect
SetRect
DeleteMenu
GetKeyNameTextW
wsprintfA
CallWindowProcW
GetClassNameW
TranslateMDISysAccel
CreateIcon
ValidateRect
GetCursor
GetFocus
InsertMenuItemW
CloseClipboard
TranslateAcceleratorW
UnhookWindowsHookEx
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
timeKillEvent
timeSetEvent
timeGetTime
DocumentPropertiesW
OpenPrinterW
ClosePrinter
EnumPrintersW
Ord(203)
PE exports
Number of PE resources by type
RT_STRING 36
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 6
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 42
ENGLISH US 14
RUSSIAN 4
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
5.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.1.0.0

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Windows, Cyrillic

InitializedDataSize
911360

EntryPoint
0x1d74

MIMEType
application/octet-stream

LegalCopyright
www.GameModding.net

FileVersion
3.1.0.0

TimeStamp
2015:02:17 10:14:27+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

FileDescription
ModInstall 3.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
www.GameModding.net

CodeSize
2699264

ProductName
ModInstall

ProductVersionNumber
3.1.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c3506b04b832428d5c6f1f1744e2840e
SHA1 cb43a99abccb226610013047a9d3f1ab8fd86d4a
SHA256 864338357ffce4568fce8bdf5a7260178e8264e4663b96e704489025f963516b
ssdeep
49152:bRmZZS8uxbh8lHC4avXrmI4rQcttCq1TFcs/TC7Z9kGouMSDTwiVIoZK4uoA/3hF:Fl8lHsy1p/TmJouQmwIapRlU7JJ8n

authentihash da56b2ab508e2e50b404aa5a1ce0f383444edb0f1741355fbbe4c6fbb7fc803e
imphash 3ca1822143d521837401028bf98e7665
File size 5.9 MB ( 6184296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (60.5%)
Win32 Executable (generic) (20.8%)
Generic Win/DOS Executable (9.2%)
DOS Executable Generic (9.2%)
VXD Driver (0.1%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-03-10 13:29:51 UTC ( 2 years, 7 months ago )
Last submission 2015-03-10 13:29:51 UTC ( 2 years, 7 months ago )
File names 155407-lr300-gtasa.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Deleted files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications