360mpgui[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

360mpgui.7z
Size

10.4MB
MD5

627ae0ca2010167f6d8353fd37a0dad8
SHA1

db34801a73cf11efb7357f16f92d625883668123
SHA256

cb4c8112e602e88ef7c6be8b2fa4f5c36eee150ccd74b4c0704de08922fbb343
SHA512

a8235f6536926b076fc10289f719639d97cb820805ddbd8abfa71820598684b6bc37e3a9090ccc30d4e12f4aad73602c24630e30dab592836459c295533d60eb
SSDEEP

196608:cQt4Njmjk47cg4/s1RevOuclXcwVluqF8C2Oy1B67deoCxUWf:cQt+jd48Ie5WXcYluqFsOy1U0oCxUC

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/360mpgui/360mpGui v1.5.0.0.exe	upx
static1/unpack001/360mpgui/360mpTools/ImgBurn.exe	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack002/out.upx	autoit_exe

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/360mpgui/360mpGui v1.5.0.0.exe
unpack002/out.upx
unpack001/360mpgui/360mpTools/ImgBurn.exe
unpack001/360mpgui/360mpTools/Xbox Image Browser.exe
unpack001/360mpgui/360mpTools/abgx360.exe
unpack001/360mpgui/360mpTools/exiso.exe

Files

360mpgui.7z
.7z
360mpgui/.DS_Store
360mpgui/360mpGui v1.5.0.0.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 624KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 263KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
360mpgui/360mpGui.ini
360mpgui/360mpTools/ImgBurn.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 10.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 175KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
360mpgui/360mpTools/ImgBurn.ini
360mpgui/360mpTools/ImgBurnStuff/Sounds/Error.wav
360mpgui/360mpTools/ImgBurnStuff/Sounds/Success.wav
360mpgui/360mpTools/Log.txt
360mpgui/360mpTools/MSCOMCTL.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

ce21923007044b1701a0b2dc4ac9396b

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:7d:a7:00:00:00:00:00:48
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/10/2003, 05:59

Not After

25/01/2005, 06:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c7:c4:89:65:e3:9c:c5:cd:87:45:a0:f0:e3:45:44:66:2e:8c:1e:27
Signer

Actual PE Digest

c7:c4:89:65:e3:9c:c5:cd:87:45:a0:f0:e3:45:44:66:2e:8c:1e:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
LocalReAlloc
GetProfileIntA
RtlMoveMemory
LocalSize
FreeResource
GetCurrentProcessId
MulDiv
GetTickCount
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GlobalReAlloc
IsBadReadPtr
Sleep
WaitForSingleObject
GlobalHandle
GetThreadLocale
LocalFree
LocalAlloc
GlobalAddAtomA
SetFilePointer
SetStdHandle
FlushFileBuffers
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
ExitProcess
RtlUnwind
GetCommandLineA
CompareStringW
GlobalSize
CreateFileA
GetFileSize
GlobalUnlock
GlobalLock
ReadFile
CloseHandle
IsDBCSLeadByte
GetModuleHandleA
FindResourceA
LoadResource
LockResource
GetLastError
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
lstrcatA
GetModuleFileNameA
IsBadWritePtr
lstrcmpiA
GetLocalTime
GetTimeFormatA
GetDateFormatA
lstrcmpA
GlobalAlloc
GlobalFree
GetVersionExA
GetCurrentThreadId
MultiByteToWideChar
CompareStringA
lstrcpyA
InterlockedExchange
lstrlenA
GetSystemDefaultLCID
lstrcpynA
HeapAlloc
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
HeapReAlloc

user32

DrawFocusRect
AdjustWindowRect
DrawFrameControl
TrackPopupMenu
GetMessageA
AdjustWindowRectEx
CopyRect
GetKeyNameTextA
ShowCaret
SetCaretPos
GrayStringA
HideCaret
DestroyCaret
CreateCaret
SetWindowTextA
SetScrollInfo
DrawTextExA
InvertRect
SetRectEmpty
GetShellWindow
SetKeyboardState
GetKeyboardState
GetScrollInfo
GetKeyboardLayout
DestroyCursor
GetUpdateRgn
GetUpdateRect
GetWindowRgn
ValidateRect
CallMsgFilterA
LockWindowUpdate
IsZoomed
GetDesktopWindow
GetIconInfo
GetCursor
GetForegroundWindow
InvalidateRgn
EndDeferWindowPos
EnumChildWindows
GetDoubleClickTime
FindWindowA
GetMessageTime
GetWindowThreadProcessId
RemovePropA
SendNotifyMessageA
SetScrollPos
SetScrollRange
GetWindowTextLengthA
EnableScrollBar
ChildWindowFromPoint
EndDialog
GetWindow
GetPropA
GetCursorPos
WindowFromPoint
GetClassNameA
GetDlgCtrlID
IsWindow
SetPropA
SetTimer
KillTimer
SendDlgItemMessageA
IsWindowVisible
UnregisterClassA
CharNextA
SetActiveWindow
CheckRadioButton
SetFocus
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
GetDlgItem
IsWindowEnabled
GetDCEx
DrawIconEx
CreateIconIndirect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetClipboardFormatNameA
SetCursorPos
RegisterClipboardFormatA
MessageBeep
RegisterWindowMessageA
PeekMessageA
PostMessageW
PeekMessageW
VkKeyScanA
SetParent
CharUpperA
GetDlgItemInt
SetCursor
CreateDialogIndirectParamA
GetNextDlgTabItem
IsDialogMessageA
ScrollWindowEx
GetDlgItemTextA
SetWindowRgn
IntersectRect
EqualRect
MoveWindow
BeginPaint
EndPaint
DeferWindowPos
BeginDeferWindowPos
CharNextExA
DrawIcon
DestroyIcon
MapWindowPoints
CreatePopupMenu
AppendMenuA
TrackPopupMenuEx
DestroyMenu
GetActiveWindow
MessageBoxA
WinHelpA
PtInRect
DefWindowProcA
GetWindowDC
SetRect
LoadCursorA
IsRectEmpty
ClientToScreen
GetWindowRect
MapVirtualKeyA
DestroyWindow
CreateWindowExA
GetSysColorBrush
GetAsyncKeyState
EnableWindow
PostMessageA
TranslateMessage
DispatchMessageA
wsprintfA
DialogBoxParamA
UpdateWindow
GetWindowLongA
SetWindowLongA
GetDC
ReleaseDC
GetParent
OffsetRect
UnionRect
GetFocus
IsChild
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetMessagePos
ScreenToClient
SetWindowPos
SetCapture
GetWindowTextA
WindowFromDC
GetClientRect
CallWindowProcA
DrawEdge
GetSysColor
FrameRect
InflateRect
FillRect
DrawTextA
GetKeyState
GetCapture
ReleaseCapture
GetClassInfoA
RegisterClassA
InvalidateRect
LoadIconA
GetSystemMetrics
CopyImage
SendMessageA
LoadStringA
RedrawWindow
ShowWindow
CreateAcceleratorTableA

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
OleLoadFromStream
OleSaveToStream
CreateOleAdviseHolder
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

advapi32

RegDeleteKeyA
RegOpenKeyA
RegQueryValueA
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
GetErrorInfo
OleCreateFontIndirect
OleCreatePropertyFrame
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
LoadTypeLi
VariantChangeTypeEx
SysStringByteLen
SysAllocStringByteLen
OleLoadPicture
SysAllocStringLen
VariantCopy
OleTranslateColor
VariantChangeType
OleCreatePictureIndirect
VariantCopyInd
SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString
SafeArrayCopy

comdlg32

GetOpenFileNameA

gdi32

Arc
GetTextExtentPointA
GetCharWidthA
OffsetWindowOrgEx
ExtTextOutW
GetTextExtentPointW
Polyline
GetTextAlign
SetTextAlign
OffsetRgn
GetTextColor
CombineRgn
GetTextMetricsA
MoveToEx
LineTo
Ellipse
DeleteObject
SelectObject
CreateSolidBrush
SetViewportOrgEx
SetWindowOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
GetDeviceCaps
CreateFontIndirectA
GetObjectA
SelectClipRgn
ExcludeClipRect
RectVisible
GetClipBox
IntersectClipRect
GetClipRgn
CreateRectRgnIndirect
RealizePalette
SelectPalette
PatBlt
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC
GetTextExtentPoint32A
TextOutA
SetBkColor
SetTextColor
SetBkMode
Rectangle
CreatePen
GetStockObject
GetViewportExtEx
GetWindowExtEx
LPtoDP
DeleteDC
CreateDCA
CreateRectRgn
StretchBlt
CreateICA
CopyMetaFileA
CopyEnhMetaFileA
GetPaletteEntries
GetDIBits
CreateDIBitmap
GetBitmapBits
CreatePalette
GetNearestColor
CreatePatternBrush
CreateDIBSection
CreateHalftonePalette
BitBlt
SetDIBColorTable
GetDIBColorTable
GetPixel
StretchDIBits
SetBrushOrgEx
GetBkColor
ExtTextOutA
RestoreDC
SaveDC
CreateFontA

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 692KB - Virtual size: 690KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360mpgui/360mpTools/Xbox Image Browser.exe
.exe windows:4 windows x86 arch:x86

57c27b1cfb7a9c053f79715453d87f0f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
ord690
__vbaStrI2
ord691
_CIcos
_adj_fptan
__vbaHresultCheck
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaCyMul
ord694
__vbaAryMove
__vbaFreeVar
__vbaLineInputStr
__vbaGosubReturn
__vbaLenBstr
__vbaStrVarMove
__vbaLateIdCall
ord588
ord697
__vbaVarIdiv
__vbaFreeVarList
_adj_fdiv_m64
__vbaFpCDblR8
__vbaAryRecMove
EVENT_SINK_Invoke
__vbaNextEachVar
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord519
__vbaI2Abs
ord628
__vbaCopyBytes
__vbaResume
__vbaVarCmpNe
__vbaStrCat
__vbaCyInt
__vbaLsetFixstr
ord660
ord661
__vbaSetSystemError
__vbaRecDestruct
__vbaLenBstrB
__vbaHresultCheckObj
__vbaVargVarCopy
ord665
ord558
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaLateMemSt
ord591
EVENT_SINK2_Release
ord592
__vbaExitProc
__vbaForEachCollObj
ord300
__vbaI4Abs
ord301
ord595
__vbaObjSet
__vbaOnError
__vbaCyAdd
__vbaStrLike
ord596
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaCyStr
__vbaFpR4
ord306
__vbaForEachCollVar
__vbaStrFixstr
ord520
__vbaBoolVar
ord307
ord522
__vbaRefVarAry
__vbaFpR8
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
ord524
ord709
__vbaErase
ord631
__vbaVargVarMove
__vbaVarCmpGt
ord632
__vbaLateMemStAd
ord525
__vbaNextEachCollObj
__vbaChkstk
__vbaI2Cy
__vbaGosubFree
ord526
__vbaCyVar
__vbaFileClose
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
ord528
__vbaGet3
ord529
__vbaExitEachColl
__vbaStrCmp
__vbaCyI2
__vbaVarTstEq
__vbaAryConstruct2
__vbaPutOwner3
__vbaDateR8
__vbaR4Str
__vbaCyI4
__vbaObjVar
__vbaNextEachCollVar
__vbaI2I4
__vbaVarLikeVar
ord561
DllFunctionCall
ord670
__vbaVarOr
ord563
__vbaCySub
ord564
__vbaFpUI1
__vbaCastObjVar
__vbaStrR4
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaStrR8
__vbaR8Cy
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaRedimVar
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaStrUI1
__vbaUI1I4
__vbaFpCmpCy
__vbaExceptHandler
ord711
__vbaPrintFile
__vbaStrToUnicode
ord712
ord606
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
__vbaGosub
__vbaI2Str
ord607
__vbaVarDiv
ord608
__vbaFPException
__vbaInStrVar
ord717
ord319
__vbaGetOwner3
__vbaUbound
__vbaStrVarVal
ord534
__vbaVarCat
__vbaDateVar
__vbaCheckType
__vbaI2Var
__vbaFileSeek
ord537
ord644
ord645
ord538
_CIlog
ord646
ord539
__vbaErrorOverflow
ord647
__vbaFileOpen
ord570
__vbaVar2Vec
__vbaNew2
ord648
__vbaInStr
ord571
__vbaCyMulI2
__vbaVarInt
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
EVENT_SINK2_AddRef
__vbaI4Str
ord681
__vbaVarCmpLt
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
__vbaR8Var
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
ord689
__vbaVarCmpEq
__vbaFpCy
__vbaLateMemCall
__vbaVarAdd
__vbaAryLock
ord320
__vbaStrComp
__vbaStrToAnsi
__vbaVarDup
ord321
ord613
__vbaFpI2
__vbaCheckTypeVar
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaVarTstGe
__vbaFpI4
ord616
__vbaR8IntI2
__vbaLateMemCallLd
__vbaRecDestructAnsi
ord617
_CIatan
__vbaAryCopy
ord618
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
__vbaI4Cy
__vbaForEachVar
ord619
__vbaR8IntI4
ord650
_allmul
__vbaLateIdSt
__vbaAryRecCopy
_CItan
ord546
__vbaFPInt
__vbaAryUnlock
__vbaFpCSngR8
_CIexp
__vbaStrCy
__vbaMidStmtBstr
__vbaRecAssign
__vbaFreeObj
__vbaFreeStr
__vbaI4ErrVar
ord581

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
360mpgui/360mpTools/abgx360.exe
.exe windows:4 windows x86 arch:x86

b916755a0d33c46e153e60f90de6b68d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

DeregisterEventSource
RegOpenKeyExA
RegQueryValueExA
RegisterEventSourceA
ReportEventA

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
DeleteDC
DeleteObject
GetBitmapBits
GetDeviceCaps
GetObjectA
SelectObject

kernel32

AddAtomA
CloseHandle
CreateEventA
CreateFileA
CreateMutexA
DeviceIoControl
DuplicateHandle
ExitProcess
ExpandEnvironmentStringsA
FindAtomA
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeLibrary
GetACP
GetAtomNameA
GetConsoleScreenBufferInfo
GetConsoleTitleA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceExA
GetDriveTypeA
GetExitCodeThread
GetFileAttributesA
GetFileType
GetLastError
GetProcAddress
GetStdHandle
GetTickCount
GetVersion
GetVersionExA
GlobalMemoryStatus
LoadLibraryA
LocalFree
PeekNamedPipe
QueryPerformanceCounter
ReadFile
ReleaseMutex
SetConsoleScreenBufferSize
SetConsoleTextAttribute
SetEndOfFile
SetEvent
SetFilePointerEx
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepEx
TerminateThread
WaitForMultipleObjects
WaitForSingleObject

msvcrt

_close
_getch
_kbhit
_open
_putenv
_read
_stat
_strdup
_stricmp
_strnicmp
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_beginthreadex
_cexit
_chmod
_errno
_filelengthi64
_findclose
_findfirst
_findnext
_fstati64
_fullpath
_getch
_getpid
_iob
_isctype
_lseeki64
_mkdir
_onexit
_pctype
_setmode
_stat
_stati64
_stricmp
_strnicmp
_sys_nerr
_vsnprintf
abort
atexit
atoi
calloc
exit
fclose
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
freopen
fseek
fsetpos
ftell
fwrite
getenv
gmtime
localtime
malloc
memchr
memcpy
memmove
memset
pow
printf
putchar
puts
qsort
rand
realloc
remove
rename
rewind
setvbuf
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtod
strtol
strtoul
time
tolower
vfprintf
wcsstr

user32

FindWindowA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
ShowWindow

wldap32

ber_free
ldap_err2stringA
ldap_first_attributeA
ldap_first_entry
ldap_get_dnA
ldap_get_values_lenA
ldap_initA
ldap_memfreeA
ldap_msgfree
ldap_next_attributeA
ldap_next_entry
ldap_search_sA
ldap_set_optionA
ldap_simple_bind_sA
ldap_unbind_s
ldap_value_free_len

ws2_32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
getsockname
getsockopt
htons
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
libssh2_banner_set
libssh2_base64_decode
libssh2_channel_close
libssh2_channel_direct_tcpip_ex
libssh2_channel_eof
libssh2_channel_flush_ex
libssh2_channel_forward_accept
libssh2_channel_forward_cancel
libssh2_channel_forward_listen_ex
libssh2_channel_free
libssh2_channel_get_exit_status
libssh2_channel_handle_extended_data
libssh2_channel_handle_extended_data2
libssh2_channel_open_ex
libssh2_channel_process_startup
libssh2_channel_read_ex
libssh2_channel_receive_window_adjust
libssh2_channel_receive_window_adjust2
libssh2_channel_request_pty_ex
libssh2_channel_request_pty_size_ex
libssh2_channel_send_eof
libssh2_channel_set_blocking
libssh2_channel_setenv_ex
libssh2_channel_wait_closed
libssh2_channel_wait_eof
libssh2_channel_window_read_ex
libssh2_channel_window_write_ex
libssh2_channel_write_ex
libssh2_channel_x11_req_ex
libssh2_hostkey_hash
libssh2_knownhost_add
libssh2_knownhost_check
libssh2_knownhost_del
libssh2_knownhost_free
libssh2_knownhost_get
libssh2_knownhost_init
libssh2_knownhost_readfile
libssh2_knownhost_readline
libssh2_knownhost_writefile
libssh2_knownhost_writeline
libssh2_poll
libssh2_poll_channel_read
libssh2_scp_recv
libssh2_scp_send_ex
libssh2_session_abstract
libssh2_session_block_directions
libssh2_session_callback_set
libssh2_session_disconnect_ex
libssh2_session_flag
libssh2_session_free
libssh2_session_get_blocking
libssh2_session_hostkey
libssh2_session_init_ex
libssh2_session_last_errno
libssh2_session_last_error
libssh2_session_method_pref
libssh2_session_methods
libssh2_session_set_blocking
libssh2_session_startup
libssh2_sftp_close_handle
libssh2_sftp_fstat_ex
libssh2_sftp_init
libssh2_sftp_last_error
libssh2_sftp_mkdir_ex
libssh2_sftp_open_ex
libssh2_sftp_read
libssh2_sftp_readdir_ex
libssh2_sftp_rename_ex
libssh2_sftp_rmdir_ex
libssh2_sftp_seek
libssh2_sftp_seek64
libssh2_sftp_shutdown
libssh2_sftp_stat_ex
libssh2_sftp_symlink_ex
libssh2_sftp_tell
libssh2_sftp_tell64
libssh2_sftp_unlink_ex
libssh2_sftp_write
libssh2_trace
libssh2_userauth_authenticated
libssh2_userauth_hostbased_fromfile_ex
libssh2_userauth_keyboard_interactive_ex
libssh2_userauth_list
libssh2_userauth_password_ex
libssh2_userauth_publickey_fromfile_ex

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 498KB - Virtual size: 497KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 94KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stab
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360mpgui/360mpTools/exiso.exe
.exe windows:5 windows x86 arch:x86

f6633bfb51af70652d57984b9973ee1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recv
inet_addr
gethostname
getsockname
setsockopt
bind
gethostbyname
listen
accept
connect
WSAGetLastError
htons
socket
getsockopt
shutdown
select
send
WSAStartup
WSACleanup

kernel32

WriteFile
GetCurrentDirectoryA
CreateDirectoryA
SetEnvironmentVariableA
CompareStringW
CreateFileW
IsProcessorFeaturePresent
GetStringTypeW
GetProcessHeap
SetEndOfFile
GetDriveTypeW
HeapSize
ReadFile
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetLastError
MoveFileA
SetFilePointer
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileExA
FindNextFileA
FindClose
HeapReAlloc
GetSystemTimeAsFileTime
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
GetDriveTypeA
CloseHandle
CreateProcessA
DuplicateHandle
GetCurrentProcess
DeleteFileA
GetCommandLineA
HeapSetInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
DeleteCriticalSection
SetStdHandle
HeapCreate
SetCurrentDirectoryA
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LoadLibraryW
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
GetCurrentDirectoryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetFileAttributesA
CreatePipe
GetExitCodeProcess
WaitForSingleObject
GetTimeZoneInformation
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 624KB

UPX1 Size: 263KB - Virtual size: 264KB

.rsrc Size: 184KB - Virtual size: 184KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 512KB - Virtual size: 512KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 26KB - Virtual size: 105KB

.rsrc Size: 191KB - Virtual size: 191KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 10.0MB

UPX1 Size: 2.4MB - Virtual size: 2.4MB

.rsrc Size: 175KB - Virtual size: 176KB

ce21923007044b1701a0b2dc4ac9396b

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:0e:7d:a7:00:00:00:00:00:48Certificate

Extended Key Usages

Key Usages

c7:c4:89:65:e3:9c:c5:cd:87:45:a0:f0:e3:45:44:66:2e:8c:1e:27Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

comdlg32

gdi32

Exports

Exports

Sections

.text Size: 692KB - Virtual size: 690KB

.data Size: 32KB - Virtual size: 29KB

.rsrc Size: 280KB - Virtual size: 279KB

.reloc Size: 40KB - Virtual size: 38KB

57c27b1cfb7a9c053f79715453d87f0f

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.data Size: 4KB - Virtual size: 27KB

.rsrc Size: 164KB - Virtual size: 163KB

b916755a0d33c46e153e60f90de6b68d

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

msvcrt

user32

wldap32

ws2_32

Exports

UPX0
Size: - Virtual size: 624KB

UPX1
Size: 263KB - Virtual size: 264KB

.rsrc
Size: 184KB - Virtual size: 184KB

.text
Size: 512KB - Virtual size: 512KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 26KB - Virtual size: 105KB

.rsrc
Size: 191KB - Virtual size: 191KB

UPX0
Size: - Virtual size: 10.0MB

UPX1
Size: 2.4MB - Virtual size: 2.4MB

.rsrc
Size: 175KB - Virtual size: 176KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:0e:7d:a7:00:00:00:00:00:48
Certificate

c7:c4:89:65:e3:9c:c5:cd:87:45:a0:f0:e3:45:44:66:2e:8c:1e:27
Signer

.text
Size: 692KB - Virtual size: 690KB

.data
Size: 32KB - Virtual size: 29KB

.rsrc
Size: 280KB - Virtual size: 279KB

.reloc
Size: 40KB - Virtual size: 38KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 4KB - Virtual size: 27KB

.rsrc
Size: 164KB - Virtual size: 163KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 69KB - Virtual size: 69KB

.rdata
Size: 498KB - Virtual size: 497KB

.bss
Size: - Virtual size: 94KB

.edata
Size: 4KB - Virtual size: 4KB

.idata
Size: 6KB - Virtual size: 6KB

.reloc
Size: 79KB - Virtual size: 78KB

.stab
Size: 34KB - Virtual size: 34KB

.stabstr
Size: 19KB - Virtual size: 18KB

.text
Size: 111KB - Virtual size: 111KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 5KB - Virtual size: 18KB

.reloc
Size: - Virtual size: 6KB