home

gta_vc_playstore_v2.2.exe

GTA Vice City PlayStore v2.2

GTA PlayStore

The executable gta_vc_playstore_v2.2.exe, “GTA Vice City PlayStore” has been detected as malware by 10 anti-virus scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from vicecity.en.gta.turbodisk.net.
Publisher:
GTA PlayStore

Product:
GTA Vice City PlayStore v2.2

Description:
GTA Vice City PlayStore

Version:
2.2

MD5:
688f5a333b7a1b79959e93487a670cc4

SHA-1:
4b2df640c09b5672fca0c222800e7664b3cf6ab7

SHA-256:
76d8a5142b06be23af2d67cbdb5418ff3ef9b178088b1ddd6ca3cfa117360ec4

Scanner detections:
10 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/17/2024 5:29:09 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160215-2

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.15.21

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.7751.0

Norman
Win32.Sality.3
29.02.2016 03:11:57

File size:
1.2 MB (1,220,711 bytes)

Product version:
2

Copyright:
GTA PlayStore

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\gta_vc_playstore_v2.2.exe

File PE Metadata
Compilation timestamp:
12/6/2009 4:20:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:RIEddHJlaFKUAaCRLTdXdc57UM4C1v0xBw/b3mXxLmkvbclaFKUAaC0:RIkVL9RdtU4M4Iv0zwT3mXxaNL90

Entry address:
0x30CB

Entry point:
60, FF, CF, 69, FF, 98, D0, 1E, C9, 69, DA, 84, EB, 82, 87, EB, 05, 0F, AF, E9, FF, C1, EB, 0B, 1D, 73, 38, EA, 28, 69, FE, 3F, 77, 3E, 42, 0A, C8, 84, CE, B7, F3, 81, EE, 99, DA, 00, 00, EB, 02, 86, D3, 81, C6, 1C, 0B, 00, 00, 76, 05, 86, D8, 43, 84, DF, 1D, BC, 59, 95, 8D, 2A, D6, 68, 2F, 38, CF, 00, C6, C7, EE, 8A, CA, E8, 00, 00, 00, 00, EB, 02, 87, F0, 86, F5, F2, FF, C6, 81, C5, 29, 4E, 00, 00, 0F, AF, CD, 81, ED, 47, 0D, 00, 00, 83, E7, 00, 3B, C9, 76, 0A, 02, FD, C7, C5, 46, D2, C3, 44, 88, C7, 8A...
 
[+]

Entropy:
7.9065  (probably packed)

Code size:
22.5 KB (23,040 bytes)

The file gta_vc_playstore_v2.2.exe has been seen being distributed by the following URL.

http://vicecity.en.gta.turbodisk.net/GTA_VC_PlayStore_v2.2.exe

Remove gta_vc_playstore_v2.2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.