oxy_cloud_msetup_9nRFS[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

oxy_cloud_msetup_9nRFS.exe
Size

849KB
MD5

536791fb6e8caee97429b0f0be55d295
SHA1

4d6f4c98262b8005c6bbf7d7475802a8c2b075f8
SHA256

e6b3daa4642efe1841573fa94792529183edf872ebbf66f44ff97d93997aa1de
SHA512

178b995a4e29215f01dee5d5ea0972c4f8b352a08ef4bd86df40097bd0ada9d97ae1374651226c949339a70ceae032c5bd33cf3657e319b129ea671ffc733898
SSDEEP

24576:lRFTxEHNKKhJYZxltFpBq7Gb1eZiv4zKaD/bL:lTxEH4cJQDq7awBKaD/

Score

N/A

Malware Config

Signatures

Files

oxy_cloud_msetup_9nRFS.exe
.exe windows x86

685332c2f8227782512c3038c9af5a2e

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:37:60:c3:83:13:65:45:2c:1e:b7:40:78:37:e1:e4
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

22/12/2021, 00:00

Not After

22/12/2022, 23:59

Subject

CN=NBZ\,OOO,O=NBZ\,OOO,ST=Sankt-Peterburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:37:60:c3:83:13:65:45:2c:1e:b7:40:78:37:e1:e4
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

22/12/2021, 00:00

Not After

22/12/2022, 23:59

Subject

CN=NBZ\,OOO,O=NBZ\,OOO,ST=Sankt-Peterburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:e0:77:a2:b3:47:e1:09:91:dc:90:40:04:95:f3:c4:62:d0:65:c0:af:93:21:49:6b:14:8c:35:71:ee:a6:bb
Signer

Actual PE Digest

2b:e0:77:a2:b3:47:e1:09:91:dc:90:40:04:95:f3:c4:62:d0:65:c0:af:93:21:49:6b:14:8c:35:71:ee:a6:bb

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=NBZ\,OOO,O=NBZ\,OOO,ST=Sankt-Peterburg,C=RU

02/09/2022, 07:19
Valid: true

Chain 1

CN=NBZ\,OOO,O=NBZ\,OOO,ST=Sankt-Peterburg,C=RU

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

d8:30:52:66:81:ea:19:52:de:96:e1:84:a6:59:99:f8:8d:80:14:cc
Signer

Actual PE Digest

d8:30:52:66:81:ea:19:52:de:96:e1:84:a6:59:99:f8:8d:80:14:cc

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=NBZ\,OOO,O=NBZ\,OOO,ST=Sankt-Peterburg,C=RU

02/09/2022, 07:19
Valid: true

Chain 1

CN=NBZ\,OOO,O=NBZ\,OOO,ST=Sankt-Peterburg,C=RU

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wintrust

WinVerifyTrust

dnsapi

DnsQuery_W
DnsFree

powrprof

CallNtPowerInformation

crypt32

CertFreeCertificateChainEngine
CryptBinaryToStringA
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

ws2_32

select
inet_addr
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
recv
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
ioctlsocket
freeaddrinfo
getaddrinfo
listen
htonl
accept
WSAIoctl
__WSAFDIsSet
WSACleanup
WSAStartup
WSASetLastError

normaliz

IdnToAscii

kernel32

FreeResource
GetModuleHandleW
GetProcAddress
FormatMessageW
HeapFree
GetProcessHeap
GetTickCount64
DeleteFileW
CreateFileW
SetFilePointer
SetEndOfFile
CloseHandle
WriteFile
CreateThread
WaitForSingleObject
WaitForMultipleObjects
MoveFileExW
GetExitCodeProcess
CreateEventW
SetEvent
ReadFile
HeapAlloc
LoadLibraryW
FreeLibrary
CreateDirectoryW
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
FindNextFileW
FindClose
GetModuleFileNameW
GetSystemDirectoryW
OpenProcess
CreateToolhelp32Snapshot
Module32FirstW
GetTempFileNameW
GetTempPathW
GetFileSizeEx
GetLocalTime
LockResource
GetSystemTimeAsFileTime
IsWow64Process
GetCurrentProcess
GetDiskFreeSpaceExW
GetTickCount
CreateMutexW
ReleaseMutex
GetStdHandle
LocalFree
GlobalMemoryStatusEx
GetSystemInfo
LocalAlloc
GetNativeSystemInfo
GetLocaleInfoA
GetVolumeInformationW
Process32FirstW
GetCurrentProcessId
Process32NextW
K32EnumDeviceDrivers
K32GetDeviceDriverBaseNameW
SetLastError
InitializeCriticalSectionEx
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
QueryPerformanceCounter
WaitForSingleObjectEx
GetEnvironmentVariableA
MoveFileExA
CreateFileA
GetCPInfo
InitializeCriticalSectionAndSpinCount
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
RaiseException
LoadResource
FindResourceW
VerifyVersionInfoW
VerSetConditionMask
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetStdHandle
GetFileType
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetDriveTypeW
GetFileInformationByHandle
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LCMapStringEx
DecodePointer
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
HeapReAlloc
HeapSize
CompareStringW
LCMapStringW
GetLocaleInfoW
SizeofResource
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
GetFileAttributesExW
GetCurrentDirectoryW
GetFullPathNameW
FlushFileBuffers
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
PeekNamedPipe
SetEnvironmentVariableW
EncodePointer
GetStringTypeW
GetCommandLineW
WriteConsoleW

user32

SetCapture
GetFocus
GetSystemMetrics
ShowCursor
SetCursor
DestroyCursor
EndPaint
FrameRect
BeginPaint
GetDlgCtrlID
IsWindowEnabled
SetFocus
DrawTextW
FillRect
GetClientRect
ReleaseDC
ShowScrollBar
SetScrollInfo
SetScrollPos
ReleaseCapture
MapDialogRect
CharLowerA
CharLowerW
MonitorFromPoint
SetTimer
GetWindowTextW
GetWindowTextLengthW
TrackMouseEvent
GetSysColor
MoveWindow
ClientToScreen
GetParent
SetForegroundWindow
UpdateWindow
ShowWindow
GetDlgItem
SendMessageW
RedrawWindow
MapWindowPoints
GetCursorPos
SetCursorPos
GetSysColorBrush
LockWindowUpdate
DrawIconEx
EnumChildWindows
SetWindowPos
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
EnableWindow
SetWindowTextW
DefWindowProcW
GetWindowLongW
DestroyWindow
UnregisterClassW
SetWindowLongW
CreateWindowExW
GetDesktopWindow
GetWindowRect
RegisterClassExW
LoadCursorW
CharUpperW
MessageBoxW
FindWindowW
SetClassLongW
PostQuitMessage
DestroyIcon
LoadIconW
LoadImageW
FlashWindow
KillTimer
GetDC
PostMessageW

gdi32

DeleteDC
GetDeviceCaps
AddFontMemResourceEx
SetDIBits
GetDIBits
StretchBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetTextColor
GetBkColor
BitBlt
SetBkColor
GetBkMode
SetBkMode
DeleteObject
CreateFontIndirectW
SetDCBrushColor
SetStretchBltMode
GetStockObject
CreateSolidBrush
CreatePen
SetTextColor
SelectObject

advapi32

CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
CryptGenRandom
CryptAcquireContextA
RegOpenKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW

shell32

SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
ord171
SHFileOperationW
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoCreateGuid
CreateStreamOnHGlobal

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shlwapi

PathFileExistsW

comctl32

ord410
ord412
InitCommonControlsEx
ord413

gdiplus

GdipDisposeImage
GdiplusStartup
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipFree
GdipLoadImageFromStream
GdiplusShutdown
GdipAlloc
GdipCloneImage

winmm

timeKillEvent
timeSetEvent

msimg32

GradientFill

wininet

InternetCrackUrlW

Sections

.text
Size: 564KB - Virtual size: 563KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

685332c2f8227782512c3038c9af5a2e

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

8e:37:60:c3:83:13:65:45:2c:1e:b7:40:78:37:e1:e4Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

8e:37:60:c3:83:13:65:45:2c:1e:b7:40:78:37:e1:e4Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

2b:e0:77:a2:b3:47:e1:09:91:dc:90:40:04:95:f3:c4:62:d0:65:c0:af:93:21:49:6b:14:8c:35:71:ee:a6:bbSigner

Signature Validations

Verification

02/09/2022, 07:19 Valid: true

Chain 1

d8:30:52:66:81:ea:19:52:de:96:e1:84:a6:59:99:f8:8d:80:14:ccSigner

Signature Validations

Verification

02/09/2022, 07:19 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

wintrust

dnsapi

powrprof

crypt32

ws2_32

normaliz

kernel32

user32

gdi32

advapi32

shell32

ole32

version

shlwapi

comctl32

gdiplus

winmm

msimg32

wininet

Sections

.text Size: 564KB - Virtual size: 563KB

.rdata Size: 143KB - Virtual size: 143KB

.data Size: 5KB - Virtual size: 14KB

.rsrc Size: 85KB - Virtual size: 84KB

.reloc Size: 28KB - Virtual size: 28KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

8e:37:60:c3:83:13:65:45:2c:1e:b7:40:78:37:e1:e4
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

8e:37:60:c3:83:13:65:45:2c:1e:b7:40:78:37:e1:e4
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

2b:e0:77:a2:b3:47:e1:09:91:dc:90:40:04:95:f3:c4:62:d0:65:c0:af:93:21:49:6b:14:8c:35:71:ee:a6:bb
Signer

02/09/2022, 07:19
Valid: true

d8:30:52:66:81:ea:19:52:de:96:e1:84:a6:59:99:f8:8d:80:14:cc
Signer

02/09/2022, 07:19
Valid: true

.text
Size: 564KB - Virtual size: 563KB

.rdata
Size: 143KB - Virtual size: 143KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 85KB - Virtual size: 84KB

.reloc
Size: 28KB - Virtual size: 28KB