home

installgtacars.exe

GTA SAN ANDREAS PlayStore v2.2

GTA PlayStore

The executable installgtacars.exe, “GTA SAN ANDREAS PlayStore” has been detected as malware by 6 anti-virus scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from gtacards.turbodisk.net.
Publisher:
GTA PlayStore

Product:
GTA SAN ANDREAS PlayStore v2.2

Description:
GTA SAN ANDREAS PlayStore

Version:
2.2

MD5:
3fa7b160bc83413274d1c89f82627fe9

SHA-1:
787fc07846dbbffb4e2e002e17a5e495e62116d2

SHA-256:
087f56c505ed638e1acf8082f63287618fae851174b48e453d41996663bfdb52

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
11/24/2024 6:19:19 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160518-2

AVG
Win32/Sality
2015.0.4604

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

Microsoft Security Essentials
Threat.Undefined
1.225.1590.0

VIPRE Antivirus
Threat.4721115
50536

File size:
1.2 MB (1,216,772 bytes)

Product version:
2

Copyright:
GTA PlayStore

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Language:
Language Neutral

Common path:
C:\documents and settings\rihem\mes documents\downloads\installgtacars.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:FIEdgYlaFKUAaCR5vmC4Qk7DV9i1uHXfZGwv4xBw/b3mXxLmkvbzlaFKUAaC1:FIkvL9RMC4QyDguHvowwzwT3mXxaaL91

Entry address:
0x30CB

Entry point:
C7, C1, 1F, 47, DF, E3, F3, 69, ED, D9, AD, 52, D8, 0F, AF, C5, 2A, F5, 2D, 78, ED, 6E, 63, 0F, B7, CE, 0F, BE, D2, FE, C5, 1A, ED, 85, FA, 70, 03, 0F, AF, F1, 8D, 38, 8D, 35, E4, 02, 0A, 49, 8B, EA, B6, AE, 69, D2, 93, 5A, 77, 73, 4A, 33, DF, 3B, CD, 76, 02, 87, C2, 42, 0F, B6, EF, 56, 52, C7, C1, 58, DB, 6B, 2B, F7, C2, 85, 47, 1C, B1, 69, D0, 18, 54, 70, 18, 8A, E9, 49, 15, E0, 79, 26, 15, 8D, 05, 6C, E7, 0A, 5A, E8, 00, 00, 00, 00, 80, FC, FB, F3, FE, CD, 0F, AF, CE, 0F, AF, D6, 87, FA, 86, F0, 69, E9...
 
[+]

Code size:
22.5 KB (23,040 bytes)

The file installgtacars.exe has been seen being distributed by the following URL.

http://gtacards.turbodisk.net/InstallGTACars.exe

Remove installgtacars.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.