home

360Amigo.exe

360Amigo System Speedup

360Amigo Oy

The application 360Amigo.exe by 360Amigo Oy has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘360Amigo’. While running, it connects to the Internet address 360amigo.com on port 80 using the HTTP protocol.
Publisher:
360Amigo  (signed by 360Amigo Oy)

Product:
360Amigo System Speedup

Version:
1.2.1.8200

MD5:
c6e9af13701d32dfe31125566b3d6381

SHA-1:
f03725ba09484c7bf68052d3c58aa1e51fa20707

SHA-256:
6cf6b6d46d07ac8b806f98cfbb45f67ccc87b7b40bb3171157ef62642f9d354f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 10:37:59 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Startup.360AmigoOy.I
14.2.22.22

File size:
4.9 MB (5,097,248 bytes)

Product version:
1.2.1

Copyright:
Copyright(c) 2013 by 360Amigo

Trademarks:
360Amigo

Original file name:
360Amigo.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\360amigo\360amigo.exe

Digital Signature
Signed by:
360Amigo Oy

Authority:
VeriSign, Inc.

Valid from:
7/28/2012 5:00:00 PM

Valid to:
7/29/2013 4:59:59 PM

Subject:
CN=360Amigo Oy, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=360Amigo Oy, L=Helsinki, S=Helsinki, C=FI

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7369CB538B18E218534A606B0904BBA4

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:GEKUfv/SJ1qKQfyurNCYoHfYCxgrbR+pvnXG:GGu3kl4fYCIN+lXG

Entry address:
0x325520

Entry point:
55, 8B, EC, 83, C4, F0, 53, 56, B8, 68, 4C, 72, 00, E8, 9A, 1E, CE, FF, 8B, 1D, 50, C7, 73, 00, B8, D0, 59, 72, 00, E8, F2, 3A, D8, FF, E8, 45, F5, FF, FF, E8, E4, F5, FF, FF, E8, C7, 33, D8, FF, 84, C0, 75, 34, BA, EC, 59, 72, 00, B1, 01, B8, 14, 5A, 72, 00, E8, A2, B8, CE, FF, 84, C0, 74, 0E, A1, E4, CB, 73, 00, 8B, 00, E8, BE, 3A, D8, FF, EB, 11, A1, E4, CB, 73, 00, 8B, 00, E8, F0, 39, D8, FF, E8, 9B, F3, CD, FF, BA, EC, 59, 72, 00, B1, 01, B8, 24, 5A, 72, 00, E8, 6E, B8, CE, FF, 84, C0, 74, 3E, 8B, 03...
 
[+]

Entropy:
6.9828

Developed / compiled with:
Microsoft Visual C++

Code size:
3.1 MB (3,296,256 bytes)

2 Scheduled Tasks
Task name:
360Amigo

Trigger:
Logon (Runs on logon)

Task name:
360Amigo

Trigger:
Logon (Runs on logon)

Action:
360amigo.exe -autorun


Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
360Amigo

Command:
"C:\Program Files\360amigo\360amigo.exe" -autorun


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 360amigo.com  (62.146.210.29:80)

Remove 360Amigo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.