ePSXe180[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ePSXe180.zip
Size

620KB
MD5

23611ba29203d1688ffe76001e382e9e
SHA1

62b979221a0c50047a63bdc79fb4a7dd604e5dcc
SHA256

40cebd86e22c2ef99219406c487de4e2e914e9647d3d2a4b22cb43cc13a5d581
SHA512

b4fc4f7eaa937ffebda225fb2bde840b3fb4b84eb03d7864ea8e9ae26ea5bb49ddfaa8ace83f7899abff9892b75d8b1f55c1f63bac8acaa2dc507129630a15ef
SSDEEP

12288:elvCFTg0bkh5Ieyly7OZWp0R5BMRbVbjRwjjcYaUTM/M:elvSTg0Ih5glamxwRpjq1SM

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ePSXe.exe	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/burutter.dll
unpack001/ePSXe.exe
unpack002/out.upx
unpack001/plugins/gpu.dat

Files

ePSXe180.zip
.zip
bios/erase.me
burutter.dll
.dll windows:4 windows x86 arch:x86

b9f9eecfd4d123f220ade5a5daf5994b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetEnvironmentStrings
OutputDebugStringA
CloseHandle
DeviceIoControl
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
CreateFileA
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlUnwind

Exports

Exports

Big_Motor
JOY_Close
JOY_init
Small_Motor

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cheats/erase.me
docs/ePSXe_en.txt
docs/ePSXe_sp.txt
ePSXe.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 9.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 364KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 352KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 492KB - Virtual size: 8.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 588KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
epsxe.chm
.chm
memcards/delete.me
patches/erase.me
plugins/gpu.dat
.dll windows:4 windows x86 arch:x86

2c83fab03649b3189036c618ffc90291

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ddraw

DirectDrawEnumerateA
DirectDrawCreate

winmm

timeGetTime

msvfw32

ICClose
ICOpen
ICCompressorChoose
ord2
ICGetInfo

avifil32

AVIFileInit
AVIFileOpenA
AVIFileExit
AVIFileRelease
AVIStreamRelease
AVIStreamSetFormat
AVIMakeCompressedStream
AVIFileCreateStreamA
AVIStreamWrite

kernel32

TerminateProcess
InterlockedCompareExchange
InterlockedExchange
lstrlenA
GetCurrentThreadId
GetTickCount
IsDebuggerPresent
lstrcatA
FreeLibrary
LoadLibraryA
QueryPerformanceFrequency
Sleep
SetUnhandledExceptionFilter
QueryPerformanceCounter
FindResourceA
LoadResource
LockResource
GetModuleHandleA
GetProcAddress
lstrcpyA
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentProcess

user32

GetSystemMetrics
MoveWindow
UpdateWindow
GetMenu
FillRect
GetDC
ReleaseDC
InflateRect
LoadStringA
DrawTextA
SetWindowLongA
SetMenu
GetClientRect
ClientToScreen
EnumDisplaySettingsA
SetWindowPos
SetScrollRange
SetScrollPos
CheckRadioButton
SetDlgItemInt
wsprintfA
DialogBoxParamA
CheckDlgButton
EndDialog
SetDlgItemTextA
MessageBoxA
GetDlgItem
GetDlgItemInt
IsDlgButtonChecked
GetDlgItemTextA
SendMessageA
ShowWindow
GetWindowLongA
GetActiveWindow
GetAsyncKeyState
GetScrollPos
SetRect

gdi32

DeleteObject
Rectangle
SetBkColor
SetTextColor
CreatePen
CreateSolidBrush
SelectObject
CreateDIBSection
CreateCompatibleDC
GetStockObject
CreateFontA
ExtTextOutA
SetBkMode
DeleteDC

advapi32

RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA

msvcr80

memcpy
atol
strchr
memset
fclose
fopen
getenv
sprintf
malloc
fread
strstr
atoi
_mkdir
atof
rand
_time64
srand
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
fwrite
_adjust_fdiv
_stat64i32
free

Exports

Exports

GP0_Read
GP0_Write
GP1_Read
GP1_Write
GPU_About
GPU_Close
GPU_Configure
GPU_DmaExec
GPU_LoadState
GPU_Open
GPU_SaveState
GPU_ScreenShot
GPU_Update
GPUabout
GPUclose
GPUconfigure
GPUcursor
GPUdisplayFlags
GPUdisplayText
GPUdmaChain
GPUfreeze
GPUgetMode
GPUgetScreenPic
GPUinit
GPUmakeSnapshot
GPUopen
GPUreadData
GPUreadDataMem
GPUreadStatus
GPUsetMode
GPUsetfix
GPUsetframelimit
GPUshowScreenPic
GPUshutdown
GPUtest
GPUupdateLace
GPUvisualVibration
GPUwriteData
GPUwriteDataMem
GPUwriteStatus
PSEgetLibName
PSEgetLibType
PSEgetLibVersion
ZN_GPUclose
ZN_GPUdisplayFlags
ZN_GPUdmaChain
ZN_GPUdmaSliceIn
ZN_GPUdmaSliceOut
ZN_GPUfreeze
ZN_GPUgetMode
ZN_GPUgetScreenPic
ZN_GPUinit
ZN_GPUmakeSnapshot
ZN_GPUopen
ZN_GPUreadData
ZN_GPUreadStatus
ZN_GPUsetMode
ZN_GPUshowScreenPic
ZN_GPUshutdown
ZN_GPUtest
ZN_GPUupdateLace
ZN_GPUwriteData
ZN_GPUwriteStatus

Sections

.text
Size: 376KB - Virtual size: 374KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/remove.me
snap/kill.me
sstates/punch.me

Sharing

General

Malware Config

Signatures

Files

b9f9eecfd4d123f220ade5a5daf5994b

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 1KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 9.4MB

UPX1 Size: 364KB - Virtual size: 368KB

.rsrc Size: 7KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 352KB - Virtual size: 349KB

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 492KB - Virtual size: 8.8MB

.rsrc Size: 588KB - Virtual size: 584KB

2c83fab03649b3189036c618ffc90291

Headers

File Characteristics

Imports

ddraw

winmm

msvfw32

avifil32

kernel32

user32

gdi32

advapi32

msvcr80

Exports

Exports

Sections

.text Size: 376KB - Virtual size: 374KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 12KB - Virtual size: 6.0MB

.rsrc Size: 64KB - Virtual size: 62KB

.reloc Size: 68KB - Virtual size: 67KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 9.4MB

UPX1
Size: 364KB - Virtual size: 368KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 352KB - Virtual size: 349KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 492KB - Virtual size: 8.8MB

.rsrc
Size: 588KB - Virtual size: 584KB

.text
Size: 376KB - Virtual size: 374KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 12KB - Virtual size: 6.0MB

.rsrc
Size: 64KB - Virtual size: 62KB

.reloc
Size: 68KB - Virtual size: 67KB