r.g._mechanics_grand_theft_auto_v-torrent.exe

Artem Pavlov

The executable r.g._mechanics_grand_theft_auto_v-torrent.exe has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from leto29d.storage.yandex.net.
Publisher:
Artem Pavlov  (signed and verified)

MD5:
7a822646d54d52fd3e1adc90556523a0

SHA-1:
3af565ade0328710686c36ad8c1ed14384a4ca41

SHA-256:
ff0f7f236926da3dfab1940a624734b2687357584ed6f5f0968718b52f60e5ae

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/26/2024 5:55:05 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
17.2.23.3

File size:
1.2 MB (1,247,952 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\r.g._mechanics_grand_theft_auto_v-torrent.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
4/27/2015 6:00:00 AM

Valid to:
4/27/2016 5:59:59 AM

Subject:
CN=Artem Pavlov, OU=Individual Developer, O=No Organization Affiliation, L=Kiev, S=Kiev, C=UA

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
1209A99F1D019CE4742AE045D24C83FF

File PE Metadata
Compilation timestamp:
6/20/1992 4:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0xA8D6C

Entry point:
55, 8B, EC, 83, C4, F0, B8, 54, 88, 4A, 00, E8, DC, DC, F5, FF, A1, 58, D0, 4A, 00, 8B, 00, E8, 94, 02, FB, FF, A1, 58, D0, 4A, 00, 8B, 00, 33, D2, E8, AA, FE, FA, FF, 8B, 0D, 30, CE, 4A, 00, A1, 58, D0, 4A, 00, 8B, 00, 8B, 15, 30, 1D, 4A, 00, E8, 86, 02, FB, FF, 8B, 0D, B8, D0, 4A, 00, A1, 58, D0, 4A, 00, 8B, 00, 8B, 15, 38, 1A, 4A, 00, E8, 6E, 02, FB, FF, A1, 58, D0, 4A, 00, 8B, 00, E8, E2, 02, FB, FF, E8, A5, B6, F5, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
671.5 KB (687,616 bytes)

The file r.g._mechanics_grand_theft_auto_v-torrent.exe has been seen being distributed by the following URL.

https://leto29d.storage.yandex.net/rdisk/5017e4dcad670409269b1b45606491ef1f76f19db4a20095508f90a3c083e0b5/563b2988/.../x-msdownload&fsize=1247952&hid=5d6ad729b27fb91ed5e225951db355ea&media_type=executable&tknv=v2&etag=7a822646d54d52fd3e1adc90556523a0&rtoken=876553fcd08c3e4d9acc94b407c85688&force_default=yes&ycrid=na-70a5b35fdf7d716f1bf4f225582be001-downloader2d