N360-TW-21[.]1[.]0-EN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

N360-TW-21.1.0-EN.exe
Size

202.0MB
MD5

0161e328f07fc7992cacce90b9dd38c7
SHA1

aa05ccf9668e166ef28923d451f1c2ecad6f75f1
SHA256

ba40cd3162d96d590ee6a2172e664df0231795a774d3428bbc0190519cc43599
SHA512

63dc7c77650f4fce079831b441b6c50267f1c848e628f93a76b8b5c9d1b1e11bb76111606d6b62fa38c34cec71789f2bb80ba2ac56d6efb1c6b8918878c64d28
SSDEEP

6291456:eHJgNwyNVtnzMXba82OwkNaODsHuAQC8CMLG7:eAwyNPzMXWINjgOAQdLG7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
N360-TW-21.1.0-EN.exe

Files

N360-TW-21.1.0-EN.exe
.exe windows:5 windows x86 arch:x86

8b52613505a9a84c4006fdc308473c66

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

C:\bld_area\InstallToolBox_r9.1_26\VS10\Bin\Win32\Release\MiniStub.pdb

Imports

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions

kernel32

GetLastError
WTSGetActiveConsoleSessionId
WaitForSingleObject
GetExitCodeProcess
CloseHandle
OpenProcess
ExpandEnvironmentStringsW
LocalAlloc
lstrlenW
FormatMessageW
ProcessIdToSessionId
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
LocalFree
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
GetProcAddress
GetPriorityClass
SetPriorityClass
DuplicateHandle
GetCurrentProcess
DeleteFileW
GetFileAttributesW
SetFileAttributesW
CopyFileW
GetTickCount
Sleep
GetLocalTime
FindClose
GetCurrentThread
SetLastError
CreateProcessW
RemoveDirectoryW
MoveFileExW
FindFirstFileW
FindNextFileW
InterlockedExchange
FreeLibrary
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
WideCharToMultiByte
GlobalFree
MoveFileW
GetCommandLineW
GetUserDefaultLangID
GetTempPathW
GetSystemDefaultLangID
GetCurrentProcessId
CreateDirectoryW
MultiByteToWideChar
lstrcmpiW
RaiseException
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetErrorMode
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
HeapCreate
ExitProcess
SetStdHandle
LoadLibraryExW
GetVersionExW
LoadLibraryA
SetFileTime
ReadFile
VirtualFree
VirtualAlloc
GetSystemInfo
SetEvent
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
CreateEventW
WaitForMultipleObjects
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VerifyVersionInfoW
VerSetConditionMask
GetStdHandle
lstrlenA
GetProcessTimes
TryEnterCriticalSection
SetThreadPriority
GetThreadPriority
IsDebuggerPresent
SuspendThread
ResumeThread
TerminateThread
ExitThread
CreateThread
PulseEvent
OpenEventW
WaitForMultipleObjectsEx
SetFilePointer
WriteFile
FlushFileBuffers
GetFileSize
CreateFileW
SetEndOfFile
lstrcpyW
GetWindowsDirectoryW
GetSystemDirectoryW
GetCurrentDirectoryW
GetShortPathNameW
GetLongPathNameW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
OutputDebugStringW
LoadLibraryW
InterlockedCompareExchange
OpenSemaphoreW
ReadProcessMemory
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
EnumUILanguagesW
TerminateProcess
GetThreadContext
SetUnhandledExceptionFilter
InterlockedExchangeAdd
DecodePointer
EncodePointer
VirtualProtect
VirtualQuery
GetSystemTimeAsFileTime
HeapSetInformation
GetStartupInfoW
RtlUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
WriteConsoleW

ole32

PropVariantClear
IIDFromString
OleLoadFromStream
CreateStreamOnHGlobal
CLSIDFromString
CoInitializeSecurity
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoUninitialize
CoInitializeEx
OleSaveToStream
GetHGlobalFromStream

oleaut32

VariantInit
VariantCopyInd
SafeArrayUnaccessData
SafeArrayAccessData
VarUI4FromStr
SafeArrayCreateVector
SafeArrayRedim
SafeArrayUnlock
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayCreate
SysAllocStringByteLen
SysStringByteLen
VariantClear
SysAllocString

imagehlp

MapFileAndCheckSumW

Sections

.text
Size: 561KB - Virtual size: 560KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b52613505a9a84c4006fdc308473c66

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

secur32

kernel32

ole32

oleaut32

imagehlp

Sections

.text Size: 561KB - Virtual size: 560KB

.rdata Size: 179KB - Virtual size: 179KB

.data Size: 6KB - Virtual size: 17KB

.rsrc Size: 219KB - Virtual size: 219KB

.reloc Size: 43KB - Virtual size: 43KB

.text
Size: 561KB - Virtual size: 560KB

.rdata
Size: 179KB - Virtual size: 179KB

.data
Size: 6KB - Virtual size: 17KB

.rsrc
Size: 219KB - Virtual size: 219KB

.reloc
Size: 43KB - Virtual size: 43KB