6d0ef297f2c02cffaafa5cc7d9cb2d23fbcc9e18bb7823bd6d9d37250c9ff920

Sharing

Copy URL Twitter E-mail

General

Target

6d0ef297f2c02cffaafa5cc7d9cb2d23fbcc9e18bb7823bd6d9d37250c9ff920
Size

421KB
MD5

0e4126380139a80cce51423ac945e732
SHA1

3c0938685e40fa71698a9fac5e7c49586dd435a7
SHA256

6d0ef297f2c02cffaafa5cc7d9cb2d23fbcc9e18bb7823bd6d9d37250c9ff920
SHA512

a1ad967923c70f174019591c902d73b814876049d37b4e9f915a42657b5370841a93bec8aa3a9d3ea46519606216c07d38477ee3d71cdbc1514eafd0c7670930
SSDEEP

6144:aPUfQd9qwCLLa43ZJtLxQAOfglX1YUe3PgPiIyqCjKyKgPMPaS:83dowCXa4dxQBg8Uef0i5TjKy3Pmp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6d0ef297f2c02cffaafa5cc7d9cb2d23fbcc9e18bb7823bd6d9d37250c9ff920

Files

6d0ef297f2c02cffaafa5cc7d9cb2d23fbcc9e18bb7823bd6d9d37250c9ff920
.exe windows:5 windows x86 arch:x86

274243cda5952abcc0651a0f48bc51af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\dev\360mmgo\360MobileMgrHelper\Release\360MobileMgrHelper.pdb

Imports

kernel32

lstrlenA
GetCurrentProcess
FlushInstructionCache
SetLastError
CreateProcessW
CloseHandle
GetStartupInfoW
MulDiv
GetVersionExW
ReadFile
SetFilePointer
CreateFileW
WaitForSingleObject
OpenProcess
GetCurrentProcessId
GetModuleHandleA
GetSystemInfo
GetLocalTime
WritePrivateProfileStringW
GetPrivateProfileStringW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetLongPathNameW
Sleep
DeviceIoControl
FindResourceW
GetStringTypeW
GetStringTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
LCMapStringW
LoadResource
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
GetTempPathW
InitializeCriticalSectionAndSpinCount
GetTickCount
QueryPerformanceCounter
HeapCreate
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
HeapReAlloc
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
ExitProcess
TlsFree
DeleteAtom
FindAtomW
TlsAlloc
ReleaseMutex
AddAtomW
OpenThread
GetAtomNameW
TlsSetValue
GetTempFileNameW
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
InterlockedExchange
GetCurrentThreadId
GetCommandLineW
CreateMutexW
InterlockedIncrement
SizeofResource
GetLastError
RaiseException
lstrcmpiW
LoadLibraryExW
lstrlenW
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
FreeLibrary
WideCharToMultiByte
LoadLibraryW
TlsGetValue
GetSystemTime
LocalFree
FormatMessageW
OutputDebugStringW
GetFileSizeEx
WriteFile
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
CreateFileA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
DeleteCriticalSection
InitializeCriticalSection
HeapSize
GetModuleHandleW
InterlockedDecrement
MultiByteToWideChar
LCMapStringA
VirtualQuery

user32

ScreenToClient
GetActiveWindow
UnregisterClassA
MessageBoxW
CharNextW
FindWindowW
IsIconic
ShowWindow
SetForegroundWindow
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
DefWindowProcW
LoadStringW
RegisterClassW
GetClassInfoW
DestroyWindow
ReleaseDC
GetDC
GetWindowTextLengthW
CallWindowProcW
CreateDialogParamW
ClientToScreen
BeginPaint
SetFocus
LoadCursorW
GetClassInfoExW
RegisterClassExW
SetWindowTextW
PostQuitMessage
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetSystemMetrics
LoadImageW
GetWindowThreadProcessId
FindWindowExW
PostMessageW
EndPaint
GetParent
IsWindowVisible
MapWindowPoints
GetWindowRect
CreateWindowExW
IsWindow
SetWindowPos
GetWindowLongW
SendMessageW
MoveWindow
GetClientRect
InvalidateRect
RedrawWindow
GetWindowTextW
IsDialogMessageW
GetDlgItem
EnableWindow
SetWindowLongW

gdi32

SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
GetStockObject
SetBkColor
SetTextColor
BitBlt
DeleteDC

advapi32

RegQueryValueExW
RegDeleteKeyW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExA

shell32

ShellExecuteW

ole32

CoTaskMemFree
OleUninitialize
CoCreateInstance
CoTaskMemAlloc
CoUninitialize
OleInitialize
CoTaskMemRealloc
CoInitialize

oleaut32

SysFreeString
SysAllocString
SysStringByteLen
SysAllocStringByteLen
SysStringLen
VariantClear
VarUI4FromStr
VariantInit

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
SHGetValueW
PathCombineW
PathFileExistsW
PathIsRelativeW
PathAppendW

comctl32

InitCommonControlsEx
_TrackMouseEvent

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetModuleFileNameExW

Sections

.text
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 28KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 138KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

274243cda5952abcc0651a0f48bc51af

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

psapi

Sections

.text Size: 193KB - Virtual size: 192KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 28KB - Virtual size: 36KB

.rsrc Size: 138KB - Virtual size: 140KB

.text
Size: 193KB - Virtual size: 192KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 28KB - Virtual size: 36KB

.rsrc
Size: 138KB - Virtual size: 140KB