pj64-tilt (1)[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

pj64-tilt (1).zip
Size

2.2MB
MD5

ca02b41f05653544805d8193229f7c1a
SHA1

c771dca31eb67e30d113ca33ca561d08ff2a68c1
SHA256

9c3e8a1335526c7e2eb1ca585c1524278336c6526aa2377c37975f50234dbaeb
SHA512

a479b7ddfd5ae62c4a1c625fb414d3215287425510b9546b919297421dfa7c2bd539698182385633bfc8d41e76cae1e18411ed929e50a092a31dae5b70609e01
SSDEEP

49152:vdhjc0scqv5VePfaFuIf1XBda2cUEIbMxDv01iB6XBp:1ljaVe3a4Oy0EIBi0XBp

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Plugin/Audio/Jabo_Dsound.dll	acprotect
static1/unpack001/Plugin/GFX/Jabo_Direct3D8.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Plugin/GFX/Jabo_Direct3D8.dll	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Plugin/Audio/Jabo_Dsound.dll
unpack001/Plugin/GFX/Jabo_Direct3D8.dll
unpack002/out.upx
unpack001/Project64-tilt.exe

Files

pj64-tilt (1).zip
.zip
Config/Glide64.rdb
Config/Project64.cache3
Config/Project64.cfg
Config/Project64.cht
Config/Project64.rdb
Config/Project64.rdx
Config/Project64.sc3
Lang/Brazilian Portuguese.pj.Lang
Lang/Bulgarian.pj.Lang
Lang/Catalan.pj.Lang
Lang/Chinese (Simplified).pj.Lang
Lang/Chinese (Traditional).pj.Lang
Lang/Czech.pj.Lang
Lang/Danish.pj.Lang
Lang/Dutch.pj.Lang
Lang/English.pj.Lang
Lang/English_alternative.pj.Lang
Lang/Finnish.pj.Lang
Lang/French.pj.Lang
Lang/German.pj.Lang
Lang/German_localised.pj.Lang
Lang/Greek.pj.Lang
Lang/Hungarian.pj.Lang
Lang/Italian.pj.Lang
Lang/Italian_alternative.pj.Lang
Lang/Japanese.pj.Lang
Lang/Lithuanian.pj.Lang
Lang/Norwegian.pj.Lang
Lang/Polish.pj.Lang
Lang/Russian.pj.Lang
Lang/Spanish.pj.Lang
Lang/Swedish.pj.Lang
Lang/Ukrainian.pj.Lang
Plugin/Audio/Jabo_Dsound.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

AiDacrateChanged
AiLenChanged
AiReadLength
AiUpdate
CloseDLL
DllAbout
DllConfig
GetDllInfo
InitiateAudio
PluginLoaded
ProcessAList
RomClosed
RomOpen
SetSettingInfo
SetSettingInfo2

Sections

ZPE0
Size: - Virtual size: 572KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ZPE1
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Plugin/GFX/Jabo_Direct3D8.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CaptureScreen
ChangeWindow
CloseDLL
DllAbout
DllConfig
DrawFullScreenStatus
DrawScreen
GetDllInfo
GetRomBrowserMenu
InitiateGFX
MoveScreen
OnRomBrowserMenuItem
PluginLoaded
ProcessDList
ProcessRDPList
RomClosed
RomOpen
SetSettingInfo
SetSettingInfo2
ShowCFB
SoftReset
UpdateScreen
ViStatusChanged
ViWidthChanged

Sections

UPX0
Size: - Virtual size: 480KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 377KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 664KB - Virtual size: 661KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugin/GFX/PJ64Glide64.dll
.dll windows:5 windows x86 arch:x86

6d05cdefdd01de9deeb14370587ec1dc

Code Sign

67:d7:a5:ba
Certificate

Issuer

CN=Project64,OU=Project64,O=Project64,L=Internet,ST=none,C=IN

Not Before

03/06/2016, 02:31

Not After

20/10/2043, 02:31

Subject

CN=Project64,OU=Project64,O=Project64,L=Internet,ST=none,C=IN

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

83:59:1d:fc:16:91:88:00:87:9b:f5:b7:92:bf:eb:bd:2f:f5:d7:29
Signer

Actual PE Digest

83:59:1d:fc:16:91:88:00:87:9b:f5:b7:92:bf:eb:bd:2f:f5:d7:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\jenkins\workspace\Project64\Plugin\GFX\pdb\PJ64Glide64.pdb

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
GetProcAddress
GetModuleHandleA
lstrlenA
lstrcmpiA
IsDBCSLeadByte
SetLastError
GetLastError
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleFileNameA
DebugBreak
EnterCriticalSection
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
FreeLibrary
GetCurrentProcess
IsProcessorFeaturePresent
InterlockedCompareExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetProcessHeap
GetConsoleMode
GetConsoleCP
SetStdHandle
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStdHandle
VirtualFree
HeapDestroy
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapReAlloc
CreateFileW
GetFileType
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCommandLineA
VirtualQuery
GetModuleHandleW
VirtualAlloc
VirtualProtect
RtlUnwind
HeapAlloc
HeapFree
InterlockedExchange
LocalAlloc
ExitProcess
GetSystemInfo
SetEndOfFile
GetFileSize
SetFilePointer
ReadFile
WriteFile
FlushFileBuffers
CreateFileA
CreateDirectoryA
FindNextFileA
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetLocalTime
LoadLibraryA
CloseHandle
Sleep
TerminateProcess
GetCurrentProcessId
FindClose
FindFirstFileA
RaiseException

user32

SetWindowLongA
SendMessageA
DefWindowProcA
CharNextA
MessageBoxA
GetActiveWindow
EnumChildWindows
IsWindow
GetDlgItem
EnableWindow
GetWindowTextA
SetWindowTextA
CreateWindowExA
DialogBoxParamA
EndDialog
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetParent
GetAsyncKeyState
SetMenu
ChangeDisplaySettingsA
ReleaseDC
GetDC
EnumDisplaySettingsA
ShowWindow
GetMenu
FindWindowExA
UnregisterClassA
CallWindowProcA
DestroyWindow
GetWindowLongA

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc

oleaut32

VarUI4FromStr

opengl32

glVertex3fv
glPolygonOffset
glCullFace
glVertex4f
wglCreateContext
wglGetCurrentContext
wglGetProcAddress
glGetIntegerv
glGetFloatv
glFlush
glFinish
glDrawPixels
glReadPixels
glClearColor
glClearDepth
glClear
glDepthMask
glMatrixMode
glLoadIdentity
glTranslatef
glScalef
glLoadMatrixf
glViewport
glDepthFunc
glReadBuffer
glPushAttrib
glColor4ub
glPopAttrib
glBegin
glVertex2fv
glEnd
glColorMask
glScissor
glGetTexLevelParameteriv
glCopyTexSubImage2D
glCopyTexImage2D
wglMakeCurrent
wglDeleteContext
wglGetCurrentDC
glGetString
glFogfv
glFogf
glFogi
glAlphaFunc
glDisable
glBlendFunc
glEnable
glTexParameteri
glBindTexture
glTexParameterf
glTexImage2D
glDeleteTextures
glColor4f
glTexCoord2f
glDrawBuffer

comctl32

CreatePropertySheetPageA
DestroyPropertySheetPage
PropertySheetA

gdi32

SwapBuffers
GetDeviceGammaRamp
SetPixelFormat
ChoosePixelFormat
SetDeviceGammaRamp

Exports

Exports

?grAlphaCombineExt@@YGXKKKKKHKHKH@Z
?grAuxBufferExt@@YGXJ@Z
?grColorCombineExt@@YGXKKKKKHKHKH@Z
?grConfigWrapperExt@@YGXJJHH@Z
?grConstantColorValueExt@@YGXJK@Z
?grFramebufferCopyExt@@YGXHHHHHHH@Z
?grGetGammaTableExt@@YGXKPAK00@Z
?grKeyPressedExt@@YGHK@Z
?grQueryResolutionsExt@@YGPAPADPAH@Z
?grSstWinOpenExt@@YGKPAUHWND__@@JJJJHHH@Z
?grTexAlphaCombineExt@@YGXJKKKKKHKHKH@Z
?grTexColorCombineExt@@YGXJKKKKKHKHKH@Z
?grTextureAuxBufferExt@@YGXJKJJJJK@Z
?grTextureBufferExt@@YGXJKJJJJK@Z
?grWrapperFullScreenResolutionExt@@YGJPAK0@Z
CaptureScreen
ChangeWindow
CloseDLL
DllAbout
DllConfig
DllTest
DrawScreen
FBGetFrameBufferInfo
FBRead
FBWList
FBWrite
GetDllInfo
InitiateGFX
MoveScreen
PluginLoaded
ProcessDList
ProcessRDPList
ReadScreen
RomClosed
RomOpen
SetSettingInfo
SetSettingInfo2
SetSettingInfo3
SetSettingNotificationInfo
ShowCFB
UpdateScreen
ViStatusChanged
ViWidthChanged
_grAADrawTriangle@24
_grAlphaBlendFunction@16
_grAlphaCombine@20
_grAlphaControlsITRGBLighting@4
_grAlphaTestFunction@4
_grAlphaTestReferenceValue@4
_grBufferClear@12
_grBufferSwap@4
_grChromakeyMode@4
_grChromakeyValue@4
_grClipWindow@16
_grColorCombine@20
_grColorMask@8
_grConstantColorValue@4
_grCoordinateSpace@4
_grCullMode@4
_grDepthBiasLevel@4
_grDepthBufferFunction@4
_grDepthBufferMode@4
_grDepthMask@4
_grDepthRange@8
_grDisable@4
_grDisableAllEffects@0
_grDitherMode@4
_grDrawLine@8
_grDrawPoint@4
_grDrawTriangle@12
_grDrawVertexArray@12
_grDrawVertexArrayContiguous@16
_grEnable@4
_grErrorSetCallback@4
_grFinish@0
_grFlush@0
_grFogColorValue@4
_grFogMode@4
_grFogTable@4
_grGet@12
_grGetProcAddress@4
_grGetString@4
_grGlideGetState@4
_grGlideGetVertexLayout@4
_grGlideInit@0
_grGlideSetState@4
_grGlideSetVertexLayout@4
_grGlideShutdown@0
_grLfbConstantAlpha@4
_grLfbConstantDepth@4
_grLfbLock@24
_grLfbReadRegion@28
_grLfbUnlock@8
_grLfbWriteColorFormat@4
_grLfbWriteColorSwizzle@8
_grLfbWriteRegion@36
_grLoadGammaTable@16
_grQueryResolutions@8
_grRenderBuffer@4
_grReset@4
_grSelectContext@4
_grSplash@20
_grSstOrigin@4
_grSstSelect@4
_grSstWinClose@4
_grSstWinOpen@28
_grStippleMode@4
_grStipplePattern@4
_grTexCalcMemRequired@16
_grTexClampMode@12
_grTexCombine@28
_grTexDetailControl@16
_grTexDownloadMipMap@16
_grTexDownloadMipMapLevel@32
_grTexDownloadMipMapLevelPartial@40
_grTexDownloadTable@8
_grTexDownloadTablePartial@16
_grTexFilterMode@12
_grTexLodBiasValue@8
_grTexMaxAddress@4
_grTexMinAddress@4
_grTexMipMapMode@12
_grTexMultibase@8
_grTexMultibaseAddress@20
_grTexNCCTable@4
_grTexSource@16
_grTexTextureMemRequired@8
_grVertexLayout@12
_grViewport@16
_guFogGenerateLinear@12
_guFogTableIndexToW@4
_guGammaCorrectionRGB@12

Sections

.text
Size: 763KB - Virtual size: 763KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 24.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugin/Input/PJ64_NRage.dll
.dll windows:5 windows x86 arch:x86

f17835b84b6d27dec1a63ef5e20d4d2b

Code Sign

67:d7:a5:ba
Certificate

Issuer

CN=Project64,OU=Project64,O=Project64,L=Internet,ST=none,C=IN

Not Before

03/06/2016, 02:31

Not After

20/10/2043, 02:31

Subject

CN=Project64,OU=Project64,O=Project64,L=Internet,ST=none,C=IN

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:61:9b:0c:59:16:74:59:3d:7d:92:f6:2a:19:64:29:67:f5:81:c8
Signer

Actual PE Digest

0d:61:9b:0c:59:16:74:59:3d:7d:92:f6:2a:19:64:29:67:f5:81:c8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\jenkins\workspace\Project64\Plugin\Input\pdb\PJ64_NRage.pdb

Imports

comctl32

InitCommonControlsEx

kernel32

GetModuleFileNameA
lstrcatA
FindClose
FindNextFileA
lstrcmpiA
FindFirstFileA
lstrcpyA
GetLastError
ReadFile
SetFilePointer
SetEndOfFile
WriteFile
GetFileSize
HeapAlloc
HeapReAlloc
SizeofResource
LockResource
LoadResource
FindResourceA
FlushViewOfFile
HeapFree
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
LeaveCriticalSection
EnterCriticalSection
DeleteFileA
FormatMessageA
GetModuleHandleA
HeapCreate
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
CreateThread
GetProcessHeap
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
HeapSize
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
VirtualAlloc
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
GetFullPathNameA
lstrlenA
CreateFileA
CloseHandle
lstrcpynA
lstrcmpA
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LocalAlloc
InterlockedExchange
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError

user32

SetFocus
SendMessageA
LoadStringA
wsprintfA
FlashWindow
GetDC
FillRect
DrawTextA
ReleaseDC
GetClientRect
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
DialogBoxParamA
CreateDialogParamA
MoveWindow
SendDlgItemMessageA
DestroyWindow
KillTimer
SetTimer
GetWindowRect
CreateWindowExA
ShowWindow
RegisterClassA
DefWindowProcA
BeginPaint
EndPaint
EndDialog
EnableWindow
CheckDlgButton
GetDlgItem
GetWindowLongA
IsDlgButtonChecked

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
DeleteDC

comdlg32

GetSaveFileNameA
GetOpenFileNameA

ole32

CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
VariantClear
SysFreeString

Exports

Exports

CloseDLL
ControllerCommand
DllAbout
DllConfig
DllTest
GetDllInfo
GetKeys
InitiateControllers
ReadController
RomClosed
RomOpen
WM_KeyDown
WM_KeyUp

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugin/RSP/RSP 1.7.dll
.dll windows:5 windows x86 arch:x86

c26ea46bb03abef4d326af00b0934e20

Code Sign

67:d7:a5:ba
Certificate

Issuer

CN=Project64,OU=Project64,O=Project64,L=Internet,ST=none,C=IN

Not Before

03/06/2016, 02:31

Not After

20/10/2043, 02:31

Subject

CN=Project64,OU=Project64,O=Project64,L=Internet,ST=none,C=IN

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

da:4a:7b:7c:7c:b2:ad:17:7f:3b:6a:8d:2f:97:71:19:fe:4d:d0:e6
Signer

Actual PE Digest

da:4a:7b:7c:7c:b2:ad:17:7f:3b:6a:8d:2f:97:71:19:fe:4d:d0:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\jenkins\workspace\Project64\Plugin\RSP\pdb\RSP 1.7.pdb

Imports

kernel32

CloseHandle
WriteFile
SetFilePointer
CreateFileA
GetCommandLineA
CreateThread
VirtualFree
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
VirtualAlloc
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
DebugBreak
CreateMutexA
ExitThread
Sleep
WaitForSingleObjectEx
FindClose
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
FlushFileBuffers
ReadFile
GetFileSize
SetEndOfFile
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
LocalAlloc
GetProcAddress
FreeLibrary
InterlockedExchange
GetLastError
LoadLibraryA
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
GetModuleHandleA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
VirtualQuery
HeapSize
ExitProcess
HeapCreate
HeapDestroy
HeapReAlloc
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
ReleaseMutex

user32

InvalidateRect
GetClientRect
SetWindowLongA
GetSystemMetrics
SetWindowPos
SetForegroundWindow
RedrawWindow
BeginPaint
DrawEdge
EndPaint
FillRect
SetRect
DrawTextA
EnableWindow
SetScrollInfo
LoadMenuA
GetMenuState
DialogBoxParamA
SetDlgItemTextA
KillTimer
EndDialog
CheckDlgButton
SetTimer
IsDlgButtonChecked
EnableMenuItem
CheckMenuItem
GetWindowTextA
SetFocus
ShowWindow
CreateWindowExA
SendMessageA
SetWindowTextA
MessageBoxA

gdi32

SetBkMode
TextOutA
GetStockObject
SetTextColor
SelectObject

Exports

Exports

CloseDLL
DllAbout
DoRspCycles
EnableDebugging
GetDllInfo
GetRspDebugInfo
InitiateRSP
InitiateRSPDebugger
PluginLoaded
RomClosed
RomOpen
SetSettingInfo
SetSettingInfo2
SetSettingInfo3
SetSettingNotificationInfo

Sections

.text
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Project64-tilt.exe
.exe windows:5 windows x86 arch:x86

310331a551c2204c2efac1fef38aa593

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Skyler\Documents\GitHub\project64-toys\bin\Release\pdb\Project64.pdb

Imports

kernel32

CreateFileA
ExitThread
IsDebuggerPresent
DebugBreak
GetExitCodeThread
WaitForMultipleObjects
FindFirstChangeNotificationA
FindNextChangeNotification
FindCloseChangeNotification
SetErrorMode
CompareStringA
WriteConsoleW
GetCurrentDirectoryW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetDriveTypeW
GetCPInfo
LCMapStringW
CompareStringW
HeapSize
HeapReAlloc
GetFileType
GetStringTypeW
GetACP
GetStdHandle
GetModuleHandleExW
ExitProcess
GetFullPathNameA
GetTimeZoneInformation
GetCommandLineW
GetCommandLineA
LoadLibraryExW
FileTimeToSystemTime
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GetSystemTimeAsFileTime
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
OutputDebugStringW
IsProcessorFeaturePresent
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
HeapFree
HeapAlloc
EncodePointer
CreateFileW
VirtualFree
VirtualAlloc
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
GetCurrentProcessId
OpenProcess
QueryPerformanceFrequency
QueryPerformanceCounter
SetThreadPriority
GetCurrentThread
SetFilePointer
SetEndOfFile
FlushFileBuffers
ReadFile
WriteFile
GetFileSize
InitializeCriticalSection
CopyFileA
FindNextFileA
FindFirstFileA
DeleteFileA
GetFileAttributesA
SetFileAttributesA
CreateDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
FindClose
GetLocalTime
GetModuleHandleW
VirtualQuery
VirtualProtect
GetSystemInfo
SystemTimeToTzSpecificLocalTime
GetFileTime
Sleep
LoadLibraryA
WideCharToMultiByte
MultiByteToWideChar
IsDBCSLeadByte
FindResourceA
GetModuleFileNameA
LoadLibraryExA
lstrcmpiA
SizeofResource
LoadResource
ResetEvent
CreateThread
GetProcAddress
FreeLibrary
InterlockedDecrement
InterlockedIncrement
DecodePointer
GetDateFormatA
GetTimeFormatA
GetLocaleInfoA
GetVersionExA
lstrlenA
GetTickCount
GetModuleHandleA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
GetCurrentThreadId
RaiseException
CreateEventA
CloseHandle
WaitForSingleObject
SetEvent
TerminateThread
GlobalUnlock
GlobalLock
GlobalAlloc
TlsFree

user32

DrawFocusRect
UpdateWindow
GetSystemMenu
MsgWaitForMultipleObjects
CreateDialogParamA
AdjustWindowRect
DrawTextW
DeleteMenu
InsertMenuW
BringWindowToTop
IsWindowVisible
CreateAcceleratorTableA
SetMenuItemInfoA
CreatePopupMenu
RemoveMenu
CreateMenu
TranslateAcceleratorA
DestroyAcceleratorTable
IsMenu
IsDlgButtonChecked
SetRectEmpty
LoadIconA
GetDesktopWindow
SetRect
ShowCursor
GetSysColorBrush
ValidateRect
SetMenu
GetMenu
IsZoomed
MessageBoxA
SendMessageA
SendMessageW
DialogBoxParamW
EndDialog
GetDlgItem
SendDlgItemMessageA
BeginPaint
EndPaint
GetClientRect
LoadBitmapA
DefWindowProcA
GetClassNameA
CheckDlgButton
GetWindowTextW
IsIconic
MoveWindow
CreateWindowExW
RegisterClassA
PostQuitMessage
PostMessageW
PeekMessageA
DispatchMessageA
TranslateMessage
AdjustWindowRectEx
SetWindowLongW
GetMessageA
IsDialogMessageA
LoadImageA
MessageBoxW
SetWindowTextW
RemovePropA
GetPropA
SetPropA
SetMenuItemInfoW
GetMenuItemInfoW
IsWindowEnabled
SetDlgItemTextW
CreateDialogParamW
SetWindowPlacement
GetWindowPlacement
SetForegroundWindow
CharNextA
DialogBoxParamA
GetComboBoxInfo
SystemParametersInfoA
GetScrollInfo
SetScrollInfo
DestroyCursor
LoadCursorA
GetWindow
GetParent
PtInRect
EqualRect
IsRectEmpty
OffsetRect
IntersectRect
InflateRect
CopyRect
FrameRect
FillRect
GetSysColor
MapWindowPoints
ScreenToClient
ClientToScreen
SetCursor
GetWindowRect
GetWindowTextLengthA
GetScrollPos
SetScrollPos
RedrawWindow
InvalidateRect
SetWindowRgn
ReleaseDC
GetDC
DrawTextA
GetSystemMetrics
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetCapture
GetAsyncKeyState
GetKeyState
GetFocus
RegisterClipboardFormatA
GetDlgCtrlID
SetWindowPos
DestroyWindow
CreateWindowExA
GetClassInfoExA
RegisterClassExA
UnregisterClassA
PostMessageA
GetMessagePos
DrawFrameControl
GetCursorPos
TrackPopupMenu
GetSubMenu
DestroyMenu
LoadMenuA
ShowWindow
SetWindowLongA
GetWindowLongA
GetWindowTextA
SetWindowTextA
EnableWindow
SetFocus
IsClipboardFormatAvailable
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
GetDlgItemTextA
SetDlgItemTextA
IsWindow
CallWindowProcA
AppendMenuW

gdi32

GetObjectA
CombineRgn
CreateCompatibleBitmap
CreateFontIndirectA
CreateRectRgn
GetClipBox
GetTextExtentPoint32A
LineTo
RestoreDC
SetTextColor
SaveDC
SetBkColor
MoveToEx
ExtTextOutA
CreatePolygonRgn
SetViewportOrgEx
SetWindowOrgEx
OffsetWindowOrgEx
SetMapMode
SetBkMode
SelectObject
Rectangle
GetStockObject
DeleteObject
DeleteDC
CreateSolidBrush
CreatePen
CreateFontA
CreateCompatibleDC
RoundRect
BitBlt

comdlg32

GetSaveFileNameA
GetOpenFileNameA

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
ReleaseStgMedium
OleDuplicateData
DoDragDrop
RevokeDragDrop
RegisterDragDrop
CoUninitialize
CoInitialize

oleaut32

VarUI4FromStr

comctl32

PropertySheetA
ord6
ImageList_AddMasked
ImageList_Create
_TrackMouseEvent
ImageList_GetIconSize
ImageList_LoadImageA
ImageList_DrawEx

msimg32

AlphaBlend
GradientFill

Sections

.text
Size: 927KB - Virtual size: 926KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Save/SUPER MARIO 64.eep

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

ZPE0 Size: - Virtual size: 572KB

ZPE1 Size: 41KB - Virtual size: 44KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 480KB

UPX1 Size: 377KB - Virtual size: 380KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 664KB - Virtual size: 661KB

.rdata Size: 92KB - Virtual size: 91KB

.data Size: 24KB - Virtual size: 37KB

.data1 Size: 4KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 32KB - Virtual size: 28KB

6d05cdefdd01de9deeb14370587ec1dc

Code Sign

67:d7:a5:baCertificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

83:59:1d:fc:16:91:88:00:87:9b:f5:b7:92:bf:eb:bd:2f:f5:d7:29Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

oleaut32

opengl32

comctl32

gdi32

Exports

Exports

Sections

.text Size: 763KB - Virtual size: 763KB

.rdata Size: 145KB - Virtual size: 144KB

.data Size: 37KB - Virtual size: 24.4MB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 144KB - Virtual size: 143KB

f17835b84b6d27dec1a63ef5e20d4d2b

Code Sign

67:d7:a5:baCertificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0d:61:9b:0c:59:16:74:59:3d:7d:92:f6:2a:19:64:29:67:f5:81:c8Signer

Headers

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

comdlg32

ole32

oleaut32

ZPE0
Size: - Virtual size: 572KB

ZPE1
Size: 41KB - Virtual size: 44KB

.rsrc
Size: 2KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 480KB

UPX1
Size: 377KB - Virtual size: 380KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 664KB - Virtual size: 661KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 24KB - Virtual size: 37KB

.data1
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 32KB - Virtual size: 28KB

67:d7:a5:ba
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

83:59:1d:fc:16:91:88:00:87:9b:f5:b7:92:bf:eb:bd:2f:f5:d7:29
Signer

.text
Size: 763KB - Virtual size: 763KB

.rdata
Size: 145KB - Virtual size: 144KB

.data
Size: 37KB - Virtual size: 24.4MB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 144KB - Virtual size: 143KB

67:d7:a5:ba
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0d:61:9b:0c:59:16:74:59:3d:7d:92:f6:2a:19:64:29:67:f5:81:c8
Signer

.text
Size: 158KB - Virtual size: 158KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 5KB - Virtual size: 40KB

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 12KB - Virtual size: 11KB

67:d7:a5:ba
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

da:4a:7b:7c:7c:b2:ad:17:7f:3b:6a:8d:2f:97:71:19:fe:4d:d0:e6
Signer

.text
Size: 227KB - Virtual size: 227KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 7KB - Virtual size: 27KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 31KB - Virtual size: 31KB

.text
Size: 927KB - Virtual size: 926KB

.rdata
Size: 188KB - Virtual size: 188KB

.data
Size: 7KB - Virtual size: 27KB

.gfids
Size: 512B - Virtual size: 296B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 190KB - Virtual size: 189KB

.reloc
Size: 72KB - Virtual size: 71KB