Malware analysis x360ce.exe Malicious activity | ANY.RUN

Add for printing

File name:	x360ce.exe
Full analysis:	https://app.any.run/tasks/8ef7feb5-210e-4fe0-a1a7-39cbf9dcfb4d
Verdict:	Malicious activity
Analysis date:	June 21, 2025, 16:10:25
OS:	Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME:	application/vnd.microsoft.portable-executable
File info:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:	BE80F3348B240BCEE1AA96D33FE0E768
SHA1:	40EA5DE9A7A15F6E0D891CD1BA4BCA8519BB85ED
SHA256:	74FAF334CB0BDD3E9DFAB8C323D4EB3B9B089BCAADC7DBD639D9AA93A4F6F829
SSDEEP:	196608:n+/7/fO/vBSVnf+viDyJBwhsCArf+viDyJBQhsCAaIF/f+viDyJBaF9hsCA6EJ0k:nX/vu0Bwhs8vu0BQhsvFOvu0BaF9hsR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (133.0.6943.127)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (133.0.3065.92)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (136.0)
Mozilla Maintenance Service (136.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
- Searches for installed software
  - x360ce.exe (PID: 3640)
- Executable content was dropped or overwritten
  - x360ce.exe (PID: 3640)
INFO
- Reads the computer name
  - x360ce.exe (PID: 3640)
- Creates files in the program directory
  - x360ce.exe (PID: 3640)
- Checks supported languages
  - x360ce.exe (PID: 3640)
- Reads the machine GUID from the registry
  - x360ce.exe (PID: 3640)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	InstallShield setup (50.1)
.exe	\|	Win64 Executable (generic) (32.2)
.dll	\|	Win32 Dynamic Link Library (generic) (7.6)
.exe	\|	Win32 Executable (generic) (5.2)
.exe	\|	Generic Win/DOS Executable (2.3)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2020:11:15 17:43:55+00:00
ImageFileCharacteristics:	Executable, Large address aware
PEType:	PE32
LinkerVersion:	48
CodeSize:	15299584
InitializedDataSize:	150016
UninitializedDataSize:	-
EntryPoint:	0xe99302
OSVersion:	4
ImageVersion:	-
SubsystemVersion:	6
Subsystem:	Windows GUI
FileVersionNumber:	4.17.15.0
ProductVersionNumber:	4.17.15.0
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	Neutral
CharacterSet:	Unicode
Comments:	Wrapper library that translates XInput calls to DirectInput calls, for support old, no XInput compatible gamepads.
CompanyName:	Jocys.com
FileDescription:	Jocys.com X360 Controller Emulator
FileVersion:	4.17.15.0
InternalName:	x360ce.exe
LegalCopyright:	Copyright © Jocys.com 2020
LegalTrademarks:	-
OriginalFileName:	x360ce.exe
ProductName:	X360 Controller Emulator
ProductVersion:	4.17.15.0
AssemblyVersion:	4.17.15.0

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

132

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

3640

"C:\Users\admin\AppData\Local\Temp\x360ce.exe"

C:\Users\admin\AppData\Local\Temp\x360ce.exe

explorer.exe

User:

admin

Company:

Jocys.com

Integrity Level:

MEDIUM

Description:

Jocys.com X360 Controller Emulator

Version:

4.17.15.0

Modules

Images
c:\users\admin\appdata\local\temp\x360ce.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

Add for printing

Total events

5 367

Read events

5 360

Write events

Delete events

Modification events


(PID) Process:	(3640) x360ce.exe	Key:	HKEY_CURRENT_USER\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_0627&PID_0001\Calibration\0
Operation:	write	Name:	GUID
Value: B0A7F642BA4EF0118001444553540000
(PID) Process:	(3640) x360ce.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\DirectInput\X360CE.EXE5FB168DB00EBE910
Operation:	write	Name:	Name
Value: X360CE.EXE
(PID) Process:	(3640) x360ce.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\DirectInput\X360CE.EXE5FB168DB00EBE910
Operation:	write	Name:	UsesMapper
Value: 00000000
(PID) Process:	(3640) x360ce.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\DirectInput\MostRecentApplication
Operation:	write	Name:	Name
Value: X360CE.EXE
(PID) Process:	(3640) x360ce.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\DirectInput\MostRecentApplication
Operation:	write	Name:	Id
Value: X360CE.EXE5FB168DB00EBE910
(PID) Process:	(3640) x360ce.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\DirectInput\MostRecentApplication
Operation:	write	Name:	Version
Value: 00080000
(PID) Process:	(3640) x360ce.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\DirectInput\MostRecentApplication
Operation:	write	Name:	MostRecentStart
Value: 89A84C05C7E2DB01

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
3640	x360ce.exe	C:\ProgramData\X360CE\Settings\x360ce.Layouts.xml		text
		MD5:E6C10E8851EB987D3FBF5F146066870A	SHA256:A61D1C2E1AC1EC273A40B1069A31E15C3FCA76F9792E2B0C156B124A4A7C32FA
3640	x360ce.exe	C:\ProgramData\X360CE\Settings\x360ce.UserGames.xml		text
		MD5:F2D35F6F5F07C8D65A913A75F46372E2	SHA256:333B28591DCD111F6465F431EF2D5B492A9EFCEB6557EE795E82C5BC544858DF
3640	x360ce.exe	C:\ProgramData\X360CE\Settings\x360ce.Options.xml		text
		MD5:0345954272C3992AA160F10A89DAF02C	SHA256:758CFD9446A8850B43C974344C1B464B77D2A825D2771D65FBDDEB040B0EBA14
3640	x360ce.exe	C:\ProgramData\X360CE\Settings\x360ce.Programs.xml		text
		MD5:FF3EE9530247EFA888D7A24611B1BDCD	SHA256:57C26E543061F382AA15F2621C0891BD7428424CA49D6155B0257CE2AE83277C
3640	x360ce.exe	C:\ProgramData\X360CE\Settings\x360ce.UserInstances.xml		text
		MD5:9E7CCD22956BDCE30F429EA97F4062B0	SHA256:44167883A787C7BC0364B1687E6A5F49DF5CE66CF5EE8D3D1755A792FAE4F99A
3640	x360ce.exe	C:\ProgramData\X360CE\Settings\x360ce.Summaries.xml		text
		MD5:86EF143234C7C15066AE67732A42A257	SHA256:352789A74CB6D9187BFEDED112F8A780E9A5F59D0BD713F896A9AF736C4CCA92
3640	x360ce.exe	C:\ProgramData\X360CE\Settings\x360ce.UserMacros.xml		text
		MD5:8737567F5B4A25C6F1FD0F37803C5E1F	SHA256:6BEB7E262E173440ED8B59EEB1B376D8B6D4DFF15CE01E4979221202ADE75A9D
3640	x360ce.exe	C:\ProgramData\X360CE\Settings\x360ce.Presets.xml		text
		MD5:E22EF49BE69AF14AAA588938A80FFB3C	SHA256:D874CCA7E90E93FBD217C3924E5F01FE7DD5B92D83456C0B86284AB1693B923F
3640	x360ce.exe	C:\ProgramData\X360CE\Settings\x360ce.PadSettings.xml		text
		MD5:518B7E8043729212AEF492310F8CF421	SHA256:9AA4B9AC4E8A18BB2C9ECE24E007171B19999CBAC70A6567D171811599010732
3640	x360ce.exe	C:\ProgramData\X360CE\Settings\x360ce.UserDevices.xml		text
		MD5:C59E2E26ABA4EB3B1C699838DD452276	SHA256:613E34FD780F73E981004D0B3AF9D6F39C86438B3B665DFFC230A9F852A206FC

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
1268	svchost.exe	GET	200	184.24.77.23:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
1268	svchost.exe	GET	200	184.30.21.171:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:137	—	—	—	whitelisted
5944	MoUsoCoreWorker.exe	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
3788	RUXIMICS.exe	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
1268	svchost.exe	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
1268	svchost.exe	184.24.77.23:80	crl.microsoft.com	Akamai International B.V.	DE	whitelisted
1268	svchost.exe	184.30.21.171:80	www.microsoft.com	AKAMAI-AS	DE	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	40.127.240.158	whitelisted
google.com	142.250.185.78	whitelisted
crl.microsoft.com	184.24.77.23 184.24.77.11 184.24.77.40 184.24.77.4 184.24.77.15 184.24.77.13 184.24.77.18 184.24.77.9 184.24.77.19	whitelisted
www.microsoft.com	184.30.21.171	whitelisted

Threats

No threats detected

Add for printing

Process	Message
x360ce.exe	InitializeServices
x360ce.exe	x360ce.exe Information: 0 :
x360ce.exe	x360ce.exe Information: 0 :
x360ce.exe	InitializeCloudClient
x360ce.exe	Stopping remote server...
x360ce.exe	already stopped.

General Info

x360ce.exe

BE80F3348B240BCEE1AA96D33FE0E768

40EA5DE9A7A15F6E0D891CD1BA4BCA8519BB85ED

74FAF334CB0BDD3E9DFAB8C323D4EB3B9B089BCAADC7DBD639D9AA93A4F6F829

196608:n+/7/fO/vBSVnf+viDyJBwhsCArf+viDyJBQhsCAaIF/f+viDyJBaF9hsCA6EJ0k:nX/vu0Bwhs8vu0BQhsvFOvu0BaF9hsR

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

Searches for installed software

Executable content was dropped or overwritten

INFO

Reads the computer name

Creates files in the program directory

Checks supported languages

Reads the machine GUID from the registry

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings