pcsx2[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

pcsx2.exe
Size

9.7MB
MD5

8ea60a3fb6ada3f42a15efa9c1c320b4
SHA1

ccd5af8264b25dff8aac3026784ae7a748b8220b
SHA256

e387c713005082a19db33f4e163a7f48671c1f9ea06bfd76c6f120b246043e59
SHA512

635fd2e2b1770111b3890684b1eaf37810bcda4896c21da7cbf6046cc262a409feb9141f97e54d70b18dd43e483fa336eafd933ea1850989107df2c5f4291bc4
SSDEEP

98304:Qdc297FRw8ztmkAxL27GUH5OBchpORYQPqr2LweFPBnsbcNQP9aehOsKl8:QdcjBkXAYQSSLygy17UsX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pcsx2.exe

Files

pcsx2.exe
.exe windows:6 windows x86 arch:x86

fb7ee9d3a8d3480bfb56c6aede45e1bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Git\pcsx2_master\bin\pcsx2.pdb

Imports

kernel32

UnhandledExceptionFilter
IsDebuggerPresent
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
SetThreadAffinityMask
VirtualProtect
VirtualFree
IsProcessorFeaturePresent
OpenThread
GetThreadTimes
SetThreadExecutionState
GlobalMemoryStatusEx
QueryPerformanceCounter
QueryPerformanceFrequency
GetCommandLineW
WriteConsoleA
WriteConsoleW
FillConsoleOutputCharacterW
SetConsoleCursorPosition
ReadConsoleOutputCharacterA
GetConsoleScreenBufferInfo
GetStdHandle
FreeConsole
GetProcessHeap
HeapSize
GlobalFree
GlobalUnlock
GlobalAlloc
GlobalSize
GlobalLock
MulDiv
WriteFile
GetExitCodeProcess
IsBadStringPtrA
IsBadReadPtr
ExpandEnvironmentStringsW
GetCPInfo
IsValidCodePage
SizeofResource
LockResource
LoadResource
FindResourceW
TerminateProcess
GetEnvironmentVariableW
GetSystemTimeAsFileTime
GetACP
GetUserDefaultLCID
SetThreadLocale
GetLocaleInfoW
OutputDebugStringW
GetSystemInfo
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalFree
FormatMessageW
LoadLibraryW
GetModuleHandleW
GetModuleFileNameW
FindNextFileW
GetFileType
SetCurrentDirectoryW
CopyFileW
SetErrorMode
GetVersionExW
WideCharToMultiByte
GetFileTime
SetFileTime
FindClose
FindFirstFileW
MultiByteToWideChar
GetTempPathW
GetTempFileNameW
SetThreadContext
CreateEventA
CreateSemaphoreA
TlsFree
TlsGetValue
FreeLibrary
GetProcAddress
GetThreadContext
ResetEvent
RaiseException
GetThreadPriority
TlsAlloc
LoadLibraryA
GetSystemDirectoryA
SetEvent
Sleep
DuplicateHandle
ResumeThread
SuspendThread
GetCurrentThreadId
WaitForSingleObject
WaitForMultipleObjects
GetProcessAffinityMask
ReleaseSemaphore
GetCurrentProcess
SetLastError
TlsSetValue
InitializeSListHead
SetUnhandledExceptionFilter
VirtualAlloc
GetDriveTypeW
GetLogicalDriveStringsW
CreateNamedPipeW
GetCurrentProcessId
PeekNamedPipe
ConnectNamedPipe
GetCurrentThread
SetThreadPriority
DeviceIoControl
GetFileAttributesW
GetLastError
GetFileSize
GetOverlappedResult
CreateEventW
CancelIo
ReadFile
CloseHandle
GetStartupInfoW
CreateFileW

user32

ReleaseDC
GetWindowTextW
GetClassNameW
DestroyAcceleratorTable
ChangeDisplaySettingsW
CreateAcceleratorTableW
TranslateAcceleratorW
MessageBeep
SetWindowLongW
UnionRect
ChildWindowFromPoint
GetDC
DestroyCursor
GetClassInfoW
SetWindowPos
EnumDisplaySettingsW
ValidateRect
BeginPaint
EndPaint
GetWindowDC
FindWindowExW
AdjustWindowRectEx
SetMenu
GetDoubleClickTime
IsClipboardFormatAvailable
ShowCursor
wsprintfW
ValidateRgn
GetWindowLongW
IsRectEmpty
RegisterClipboardFormatW
GetClipboardFormatNameW
DrawIconEx
GetMenuItemID
DrawFrameControl
GetSysColorBrush
SetRect
DrawEdge
CheckMenuItem
CheckMenuRadioItem
GetSubMenu
SendMessageW
MessageBoxW
PostThreadMessageW
GetWindowThreadProcessId
PostMessageW
RegisterClassW
CreateWindowExW
UnregisterClassW
DestroyWindow
DefWindowProcW
PeekMessageW
GetMessageW
MsgWaitForMultipleObjects
DispatchMessageW
SetTimer
KillTimer
LoadCursorW
SetCursor
DdeInitializeW
DdeUninitialize
DdeNameService
DdeConnect
DdeDisconnect
DdeClientTransaction
DdeGetData
DdeFreeDataHandle
DdePostAdvise
DdeCreateDataHandle
DdeCreateStringHandleW
DdeQueryStringW
DdeFreeStringHandle
DdeGetLastError
GetCursorPos
GetMessagePos
SetFocus
GetFocus
EnableWindow
ShowWindow
SetCapture
ReleaseCapture
GetCapture
GetWindowRect
PtInRect
SetCursorPos
GetScrollInfo
SetScrollInfo
EnableScrollBar
ScrollWindow
IsWindow
WindowFromPoint
GetParent
SetParent
RedrawWindow
UpdateWindow
GetClientRect
MapWindowPoints
ScreenToClient
ClientToScreen
DeferWindowPos
MoveWindow
PostQuitMessage
TranslateMessage
TrackPopupMenu
CallWindowProcW
GetKeyState
IsWindowEnabled
IsWindowVisible
IsDialogMessageW
InflateRect
SetWindowTextW
InvalidateRect
GetSysColor
GetUpdateRgn
FillRect
GetWindow
BeginDeferWindowPos
EndDeferWindowPos
GetMessageTime
SystemParametersInfoW
GetMenuItemCount
GetMenuItemInfoW
MapVirtualKeyW
VkKeyScanW
GetSystemMetrics
GetAsyncKeyState
GetActiveWindow
CallNextHookEx
AppendMenuW
UnhookWindowsHookEx
ChildWindowFromPointEx
RegisterHotKey
UnregisterHotKey
CreateDialogParamW
GetDlgItem
GetWindowTextLengthW
keybd_event
HideCaret
CreateDialogIndirectParamW
GetDialogBaseUnits
BringWindowToTop
IsIconic
SetForegroundWindow
IsZoomed
GetWindowPlacement
GetDesktopWindow
GetSystemMenu
EnableMenuItem
DrawMenuBar
FlashWindow
SetWindowRgn
DrawTextW
DrawFocusRect
SetRectEmpty
OffsetRect
DrawStateW
CopyRect
GetIconInfo
CreateIconIndirect
LoadBitmapW
LoadImageW
LoadIconW
DestroyIcon
SetMenuItemInfoW
CreatePopupMenu
DestroyMenu
InsertMenuItemW
InsertMenuW
RemoveMenu
ModifyMenuW
GetMenuState
CreateMenu
SetWindowsHookExW

gdi32

EndPage
StartPage
EndDoc
StartDocW
SetAbortProc
SetWinMetaFileBits
GetMetaFileBitsEx
SetMetaFileBitsEx
GetWinMetaFileBits
CloseEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
DeleteEnhMetaFile
CopyEnhMetaFileW
GetEnhMetaFileW
SetLayout
CreateDIBitmap
GetDIBColorTable
GetDIBits
CreateDIBSection
CreateRectRgnIndirect
GetTextExtentExPointW
GetCharABCWidthsW
LineTo
MoveToEx
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
RectInRegion
PtInRegion
EqualRgn
GetRgnBox
CombineRgn
CreateICW
CreateHatchBrush
CreatePatternBrush
ExtCreatePen
StretchDIBits
StretchBlt
SetWindowOrgEx
SetViewportOrgEx
SetWindowExtEx
CreateDCW
SetROP2
ExtTextOutW
MaskBlt
GetObjectType
GetStockObject
PolyBezier
Ellipse
RoundRect
Rectangle
Polyline
PolyPolygon
Polygon
SetPolyFillMode
SetPixel
Arc
Pie
GetPixel
ExtFloodFill
GetBkColor
SetMapMode
SelectClipRgn
ExtSelectClipRgn
GetClipBox
SetStretchBltMode
GetTextExtentPoint32W
BitBlt
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
GetObjectW
CreateSolidBrush
CreatePen
OffsetRgn
ExtCreateRegion
GetRegionData
SetBkMode
SetBkColor
SetTextColor
DeleteObject
CreateFontIndirectW
GetOutlineTextMetricsW
GetTextMetricsW
SelectObject
SetBrushOrgEx
CreateRectRgn
RealizePalette
SelectPalette
ExcludeClipRect
GdiFlush
EnumFontFamiliesExW
GetDeviceCaps
SetViewportExtEx

msvcp140

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
_Thrd_yield
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
_Xtime_get_ticks
?uncaught_exception@std@@YA_NXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
_Mtx_unlock
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Xlength_error@std@@YAXPBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ

vcruntime140

_set_se_translator
longjmp
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
wcschr
memmove
memcpy
memchr
_setjmp3
_except_handler3
__CxxLongjmpUnwind
memset
__CxxFrameHandler3
__std_exception_copy
__std_exception_destroy
_purecall
strstr
strchr
strrchr
wcsstr

api-ms-win-crt-heap-l1-1-0

calloc
_callnewh
free
malloc
realloc
_aligned_free
_set_new_mode
_aligned_malloc
_aligned_realloc

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
terminate
_seh_filter_exe
_set_app_type
_get_narrow_winmain_command_line
_initterm
_initterm_e
_exit
_c_exit
_register_thread_local_exe_atexit_callback
_controlfp_s
_invalid_parameter_noinfo_noreturn
_errno
strerror
abort
_beginthreadex
_endthreadex
exit

api-ms-win-crt-string-l1-1-0

isdigit
isalnum
isspace
iswalnum
wcsncpy
_strdup
wcspbrk
iswspace
_stricmp
iswalpha
_wcsicmp
towupper
tolower
strncat_s
strncmp
isalpha
iswdigit
towlower
strnlen
_wcsdup
toupper
iswprint
strncpy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswscanf
fputs
fseek
__stdio_common_vswprintf
_get_stream_buffer_pointers
_lseek
_wfreopen
fgets
_open
feof
tmpfile
fread
_open_osfhandle
_wsopen_dispatch
fwrite
__p__commode
fgetpos
fsetpos
_set_fmode
setvbuf
__stdio_common_vsscanf
_getcwd
_get_osfhandle
_fileno
fflush
_fseeki64
_ftelli64
_close
_read
_write
_commit
_lseeki64
_telli64
_wfopen
fclose
clearerr
getc
__stdio_common_vsprintf
fgetc
fputc
ungetc
ferror
__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vswprintf_p
__stdio_common_vfwprintf

api-ms-win-crt-time-l1-1-0

_ftime64_s
_time64
_get_timezone
wcsftime
_mktime64
_localtime64
_gmtime64
_tzset
clock

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_wrename
_wremove
_lock_file
_wmkdir
_wrmdir

api-ms-win-crt-convert-l1-1-0

wcstol
wcstoul
_wcstoui64
wcstod
_wtol
atoi
wcstombs
atof
mbstowcs
strtol
_wcstod_l
_wcstoi64
_wtoi

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen
_CIatan
_CIatan2
_CIexp
_CIsin
_CIsqrt
_libm_sse2_cos_precise
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
ceil
floor
lroundf
lround

api-ms-win-crt-environment-l1-1-0

_wgetenv
_wgetcwd
getenv

api-ms-win-crt-utility-l1-1-0

bsearch
qsort

api-ms-win-crt-locale-l1-1-0

setlocale
_configthreadlocale
_free_locale
_create_locale

comctl32

ImageList_EndDrag
ord16
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_GetImageInfo
ImageList_SetBkColor
ImageList_Remove
ImageList_DragEnter
ImageList_DragLeave
ImageList_Replace
ImageList_ReplaceIcon
ImageList_Add
ImageList_Destroy
ImageList_Create
ord17
ImageList_GetIconSize
ImageList_DragMove
ImageList_GetImageCount
ImageList_Draw

winmm

timeEndPeriod
timeBeginPeriod

rpcrt4

RpcStringFreeW
UuidToStringW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

comdlg32

ChooseFontW
CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW
PrintDlgW
PageSetupDlgW

advapi32

GetUserNameW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegEnumValueW
RegEnumKeyW

shell32

SHGetFileInfoW
ShellExecuteExW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
ExtractIconW
ExtractIconExW
SHGetSpecialFolderLocation
DragAcceptFiles
DragQueryPoint
DragQueryFileW
DragFinish

ole32

RevokeDragDrop
CoCreateInstance
OleUninitialize
ReleaseStgMedium
CoLockObjectExternal
RegisterDragDrop
CoTaskMemFree
DoDragDrop
OleIsCurrentClipboard
OleSetClipboard
OleFlushClipboard
OleGetClipboard
CoTaskMemAlloc
OleInitialize

oleaut32

SafeArrayUnlock
SafeArrayDestroy
VarBstrFromCy
SysFreeString
SysStringLen

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 347KB - Virtual size: 35.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 682KB - Virtual size: 681KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb7ee9d3a8d3480bfb56c6aede45e1bc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

comctl32

winmm

rpcrt4

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 6.8MB - Virtual size: 6.8MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 347KB - Virtual size: 35.9MB

.rsrc Size: 44KB - Virtual size: 44KB

.reloc Size: 682KB - Virtual size: 681KB

.text
Size: 6.8MB - Virtual size: 6.8MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 347KB - Virtual size: 35.9MB

.rsrc
Size: 44KB - Virtual size: 44KB

.reloc
Size: 682KB - Virtual size: 681KB