Onix Launcher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Onix Launcher.exe
Size

1.2MB
MD5

da2b097e05f97f067c0a1e9a9584d258
SHA1

f541b61fecf433a3e37dd125011212bacb98c74e
SHA256

39f910ebbf51a5a3959202485df6ad39ea890043e1f74ae31b4a66d3e68716e6
SHA512

2a59c9650e05f38e650cc95b99f55020061c359479a39df8f2a7d9b3c12fb2c34155e5e663e7163f82a08cf641634dfbbe021a61878440693d338f7f9f790066
SSDEEP

24576:Z1btx+ksDEqJLXv09XwQR+tRPUEvHecRqqDs:T54ksDEwrs5wQR4RMEveq

Score

N/A

Malware Config

Signatures

Files

Onix Launcher.exe
.exe windows x64

3d801c644831ea603aa48d1fb106c85d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dwrite

DWriteCreateFactory

d2d1

ord1

api-ms-win-core-libraryloader-l1-2-0

LockResource
GetModuleFileNameA
GetProcAddress
FreeLibrary
LoadResource
LoadLibraryExW
GetModuleHandleExW
FreeLibraryAndExitThread
SizeofResource
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
CreateProcessW
CreateRemoteThread
GetStartupInfoW
GetCurrentThreadId
CreateProcessA
SetThreadPriority
GetCurrentProcess
CreateThread
ExitThread
TerminateProcess
ExitProcess
GetCurrentThread
GetExitCodeThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcessId

api-ms-win-core-file-l1-1-0

FlushFileBuffers
FindClose
ReadFile
FindFirstFileA
GetFileSizeEx
GetFileType
WriteFile
FindNextFileW
CreateFileA
SetFilePointerEx
GetFileAttributesExW
GetFileInformationByHandle
CreateDirectoryW
CreateFileW
DeleteFileA
GetFullPathNameW
GetDriveTypeW
FindFirstFileExW
SetEndOfFile

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetWindowsDirectoryA
GetSystemTimeAsFileTime

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-com-l1-1-0

CoIncrementMTAUsage
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoCreateInstance

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryA

api-ms-win-core-memory-l1-1-0

VirtualAllocEx
WriteProcessMemory
VirtualFreeEx

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetStdHandle
GetEnvironmentVariableA
GetCommandLineA
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryA
GetCurrentDirectoryW
SetCurrentDirectoryA
SetStdHandle
FreeEnvironmentStringsW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
InitializeSRWLock
SetEvent
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
ResetEvent
WaitForSingleObjectEx
CreateEventW
ReleaseSRWLockExclusive
WaitForSingleObject

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-localization-l1-2-0

GetOEMCP
GetACP
FormatMessageW
LCMapStringEx
LCMapStringW
GetLocaleInfoW
IsValidCodePage
EnumSystemLocalesW
FormatMessageA
IsValidLocale
GetUserDefaultLCID
GetCPInfo

api-ms-win-core-psapi-ansi-l1-1-0

K32GetModuleFileNameExA
K32GetModuleBaseNameA

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW
K32EnumProcesses

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-console-l2-1-0

SetConsoleTextAttribute

api-ms-win-core-console-l2-2-0

SetConsoleTitleA

api-ms-win-core-console-l1-2-0

FreeConsole

api-ms-win-core-console-l3-2-0

GetConsoleWindow

api-ms-win-core-console-l1-1-0

ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
AllocConsole
WriteConsoleW

api-ms-win-security-cryptoapi-l1-1-0

CryptGetHashParam
CryptCreateHash
CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptAcquireContextA

api-ms-win-security-sddl-ansi-l1-1-0

ConvertStringSidToSidA

api-ms-win-security-provider-ansi-l1-1-0

SetNamedSecurityInfoA
SetEntriesInAclA
GetNamedSecurityInfoA

api-ms-win-core-file-l1-2-2

GetTempPathA
GetTempFileNameA
AreFileApisANSI

kernel32

K32EnumProcessModules

user32

SetForegroundWindow
SendMessageW
CreateWindowExW
SetWindowPos
DispatchMessageA
AdjustWindowRectEx
PostQuitMessage
SendMessageA
PeekMessageA
GetWindowLongPtrW
ScreenToClient
SetWindowLongPtrW
DestroyWindow
GetWindowRect
DefWindowProcW
SetCursor
LoadCursorW
MessageBoxA
DispatchMessageW
RegisterClassExW
UnregisterClassW
GetMessageW
GetClientRect
LoadIconW
TranslateMessage
SetLayeredWindowAttributes
GetForegroundWindow
SetWindowTextA
DefWindowProcA
ShowWindow

gdi32

DeleteObject
CreateSolidBrush

comdlg32

GetOpenFileNameA

shell32

Shell_NotifyIconW

ole32

CoInitialize

urlmon

URLOpenBlockingStreamA
URLDownloadToFileA

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
CompareStringW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
RtlCaptureContext
RtlUnwind
RtlVirtualUnwind

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-namedpipe-l1-1-0

WaitNamedPipeW
PeekNamedPipe

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegSetValueExW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSize
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteStringBuffer
WindowsPreallocateStringBuffer
WindowsCreateStringReference
WindowsDeleteString
WindowsPromoteStringBuffer
WindowsCreateString

oleaut32

SysFreeString

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException

Sections

.text
Size: 469KB - Virtual size: 469KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 588KB - Virtual size: 587KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d801c644831ea603aa48d1fb106c85d

Headers

DLL Characteristics

File Characteristics

Imports

dwrite

d2d1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-memory-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-localization-l1-2-0

api-ms-win-core-psapi-ansi-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-console-l2-1-0

api-ms-win-core-console-l2-2-0

api-ms-win-core-console-l1-2-0

api-ms-win-core-console-l3-2-0

api-ms-win-core-console-l1-1-0

api-ms-win-security-cryptoapi-l1-1-0

api-ms-win-security-sddl-ansi-l1-1-0

api-ms-win-security-provider-ansi-l1-1-0

api-ms-win-core-file-l1-2-2

kernel32

user32

gdi32

comdlg32

shell32

ole32

urlmon

api-ms-win-core-file-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

oleaut32

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

Sections

.text Size: 469KB - Virtual size: 469KB

.rdata Size: 146KB - Virtual size: 146KB

.data Size: 25KB - Virtual size: 247KB

.pdata Size: 20KB - Virtual size: 20KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 588KB - Virtual size: 587KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 469KB - Virtual size: 469KB

.rdata
Size: 146KB - Virtual size: 146KB

.data
Size: 25KB - Virtual size: 247KB

.pdata
Size: 20KB - Virtual size: 20KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 588KB - Virtual size: 587KB

.reloc
Size: 4KB - Virtual size: 3KB