AetherSX2 Turnip+valpha-1447[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

AetherSX2 Turnip+valpha-1447.zip
Size

28.3MB
MD5

153c4e4fd82cc9e7db788505fee0dd94
SHA1

8b964aa6baac8e0a6ca76c9fcc8903fa531593a3
SHA256

c911fc796b9bf671e9d239a637e14f44f55cf8617e7a76bbbfdde77d89152faa
SHA512

3bd3bf6bd3a58e37ff402c3e0e3a9944d4848325229b9f5ac8e81d0d7cc30fce74eac4b84437166915344336fd6d2f571e91bd0a32f6accde8510ad63c8e3877
SSDEEP

786432:J0hi3d26kppzn/YugrCz/nqCzYL6hY2WMb5:vbGpr/YdCrnjYyh9

Score

6^/10

Malware Config

Signatures

Requests dangerous framework permissions 3 IoCs

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/chdman.exe

Files

AetherSX2 Turnip+valpha-1447.zip
.zip
AetherSX2 Turnip+valpha-1447.apk
.apk android arch:arm64

xyz.aethersx2.custom

xyz.aethersx2.android.MainActivity

Activities

xyz.aethersx2.android.MainActivity

android.intent.action.MAIN

Permissions

android.permission.VIBRATE
CHD MAN Android/CHDMAN PS2.zip
.zip
ISO or GDI to CHD.bat
chdman.exe
.exe windows:4 windows x86 arch:x86

a825e436320784eede60792f2f7f39f0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateDirectoryW
CreateEventA
CreateFileW
CreateNamedPipeW
CreateSemaphoreA
DebugBreak
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
EnterCriticalSection
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FlushFileBuffers
FreeLibrary
GetCPInfo
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileAttributesExW
GetFileSize
GetFullPathNameW
GetHandleInformation
GetLastError
GetLogicalDriveStringsA
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetStartupInfoA
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount64
GetTickCount
GlobalLock
GlobalUnlock
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetEndOfFile
SetEvent
SetFilePointerEx
SetLastError
SetNamedPipeHandleState
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

___mb_cur_max_func
__doserrno
__getmainargs
__initenv
__lconv_init
__p__acmdln
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_errno
_fdopen
_filelengthi64
_fileno
_fileno
_fstat64
_fstati64
_initterm
_iob
_lock
_lseeki64
_onexit
_putenv
_read
_setjmp3
_setmode
_strnicmp
_strdup
_ultoa
_unlock
_write
abort
atoi
clock
calloc
exit
fclose
feof
ferror
fflush
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
gmtime
frexp
fseek
fsetpos
fwrite
getc
getenv
getwc
isalpha
islower
isprint
isspace
isupper
iswctype
isxdigit
localeconv
longjmp
malloc
memset
memchr
memcmp
memcpy
memmove
perror
printf
putc
putchar
puts
putwc
qsort
realloc
setlocale
setvbuf
signal
sprintf
sscanf
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncmp
strncpy
strrchr
strstr
strtol
strtoul
strxfrm
strtok
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
vsprintf
wcscoll
wcsftime
wcslen
wcsrchr
wcsxfrm

shell32

CommandLineToArgvW

shlwapi

PathIsRelativeW

user32

CloseClipboard
CreateWindowExW
GetClipboardData
GetWindowTextLengthW
GetWindowTextW
IsClipboardFormatAvailable
MessageBoxW
OpenClipboard
SetWindowTextW

wsock32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
htons
listen
recv
select
send
setsockopt
socket

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 393KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
CODEBREAKER SYSTEM/codebreaker.elf
.elf linux mipsel
CodeBreaker save state/5207cca3 (5207CCA3).00.p2s
.zip
GS.bin
PAD.bin
PCSX2 Internal Structures.dat
PCSX2 Savestate Version.id
SPU2.bin
Scratchpad.bin
Screenshot.png
.png
eeHwRegs.bin
eeMemory.bin
iopHwRegs.bin
iopMemory.bin
vu0Memory.bin
vu0MicroMem.bin
vu1Memory.bin
vu1MicroMem.bin
Compresor Zarchiver/zarchiver-0-9-5-8.apk
.apk android arch:arm

ru.zdevs.zarchiver

ru.zdevs.zarchiver.ZArchiver

Activities

ru.zdevs.zarchiver.ZArchiver

android.intent.action.MAIN
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
ru.zdevs.zarchiver.action.EXTERNAL
android.intent.action.SEND
android.intent.action.SEND_MULTIPLE

ru.zdevs.zarchiver.ZSelectFile

android.intent.action.GET_CONTENT
android.intent.action.OPEN_DOCUMENT

ru.zdevs.zarchiver.activity.ExtractDlg

android.intent.action.VIEW

Permissions

android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.WRITE_MEDIA_STORAGE
android.permission.WAKE_LOCK
android.permission.ACCESS_SUPERUSER
android.permission.FOREGROUND_SERVICE
android.permission.REQUEST_INSTALL_PACKAGES
ru.zdevs.zarchiver.permission.PLUGIN.CLOUD
ru.zdevs.zarchiver.permission.PLUGIN.FTP
ru.zdevs.zarchiver.permission.PLUGIN.USB

Services
Memory Card/Mcd001.ps2
Memory Card/Mcd002.ps2

Sharing

General

Malware Config

Signatures

Files

xyz.aethersx2.custom

xyz.aethersx2.android.MainActivity

Activities

xyz.aethersx2.android.MainActivity

Permissions

a825e436320784eede60792f2f7f39f0

Headers

File Characteristics

Imports

kernel32

msvcrt

shell32

shlwapi

user32

wsock32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.data Size: 8KB - Virtual size: 8KB

.rdata Size: 393KB - Virtual size: 392KB

/4 Size: 327KB - Virtual size: 326KB

.bss Size: - Virtual size: 5KB

.idata Size: 6KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 1KB - Virtual size: 1KB

ru.zdevs.zarchiver

ru.zdevs.zarchiver.ZArchiver

Activities

ru.zdevs.zarchiver.ZArchiver

ru.zdevs.zarchiver.ZSelectFile

ru.zdevs.zarchiver.activity.ExtractDlg

Permissions

Services

.text
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 8KB - Virtual size: 8KB

.rdata
Size: 393KB - Virtual size: 392KB

/4
Size: 327KB - Virtual size: 326KB

.bss
Size: - Virtual size: 5KB

.idata
Size: 6KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 1KB - Virtual size: 1KB