OnlineFix64[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

OnlineFix64.dll
Size

4.3MB
MD5

aa6eed97f7877abb9f3396e0c4eec706
SHA1

abe788bb8c682d08264200275abeb0a26a905a5b
SHA256

04a9518cf09ad09c42647b2f2d3036f3fcfd59a36850a6ef56359fcc11ad1456
SHA512

4a5186414fe9a1e577d5724d1f72d0a1c3441d2172b02cbb0f20bd803a997af5a98ec30f87948f3eb426c5d63b96a75ad3c510529e0eb3ab7f34eefd1d7eb605
SSDEEP

98304:L96tOeWfnh8aT4Sl9NGgjIK3sY/RY6nCdaPsCw:wOtfhP4M9ND9fBnCAw

Score

1^/10

Malware Config

Signatures

Files

OnlineFix64.dll
.dll windows x64

cf6e405258c3ddfda368fcfc399290b8

Code Sign

3d:78:81:50:95:64:b4:f4:2f:20:de:49:b7:42:21:6d:f9:5f:15:f0
Certificate

Issuer

CN=Ascertia Public CA 1,O=Ascertia,C=GB

Not Before

12/08/2020, 15:02

Not After

12/09/2020, 15:02

Subject

CN=OnlineFix,OU=OnlineFix,O=OnlineFix,L=OnlineFix,ST=OnlineFix,C=UK,1.2.840.113549.1.9.1=#0c166f6e6c696e65666978406f6e6c696e656669782e6d65

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e6
Certificate

Issuer

CN=Ascertia Root CA 2,O=Ascertia,C=GB

Not Before

21/04/2009, 12:15

Not After

14/04/2028, 23:59

Subject

CN=Ascertia Public CA 1,O=Ascertia,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

40:68:78:62:72:af:26:30:0a:10:4f:6e:39:2f:73:40:6a:6d:ce:69:f2:96:c3:d9:f2:b6:2f:9a:d1:60:3e:0b
Signer

Actual PE Digest

40:68:78:62:72:af:26:30:0a:10:4f:6e:39:2f:73:40:6a:6d:ce:69:f2:96:c3:d9:f2:b6:2f:9a:d1:60:3e:0b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=OnlineFix,OU=OnlineFix,O=OnlineFix,L=OnlineFix,ST=OnlineFix,C=UK,1.2.840.113549.1.9.1=#0c166f6e6c696e65666978406f6e6c696e656669782e6d65

31/08/2020, 21:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileAttributesA
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

shell32

ord680

ws2_32

ioctlsocket

wldap32

ord143

advapi32

RegisterEventSourceW

dbghelp

ImageDirectoryEntryToData

Exports

Exports

Breakpad_SteamMiniDumpInit
Breakpad_SteamSetAppID
Breakpad_SteamSetSteamID
Breakpad_SteamWriteMiniDumpSetComment
Breakpad_SteamWriteMiniDumpUsingExceptionInfoWithBuildId
CreateInterface
OnlineFix
ShellExecuteA
ShellExecuteW
Steam_BConnected
Steam_BGetCallback
Steam_BLoggedOn
Steam_BReleaseSteamPipe
Steam_ConnectToGlobalUser
Steam_CreateGlobalUser
Steam_CreateLocalUser
Steam_CreateSteamPipe
Steam_FreeLastCallback
Steam_GSBLoggedOn
Steam_GSBSecure
Steam_GSGetSteam2GetEncryptionKeyToSendToNewClient
Steam_GSGetSteamID
Steam_GSLogOff
Steam_GSLogOn
Steam_GSRemoveUserConnect
Steam_GSSendSteam2UserConnect
Steam_GSSendSteam3UserConnect
Steam_GSSendUserDisconnect
Steam_GSSendUserStatusResponse
Steam_GSSetServerType
Steam_GSSetSpawnCount
Steam_GSUpdateStatus
Steam_GetAPICallResult
Steam_GetGSHandle
Steam_InitiateGameConnection
Steam_LogOff
Steam_LogOn
Steam_ReleaseThreadLocalMemory
Steam_ReleaseUser
Steam_SetLocalIPBinding
Steam_TerminateGameConnection
hid_close
hid_enumerate
hid_error
hid_exit
hid_free_enumeration
hid_get_feature_report
hid_get_indexed_string
hid_get_manufacturer_string
hid_get_product_string
hid_get_serial_number_string
hid_init
hid_open
hid_open_path
hid_read
hid_read_timeout
hid_send_feature_report
hid_set_nonblocking
hid_write
hid_write_output_report

Sections

.text
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 509KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.of0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.of1
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf6e405258c3ddfda368fcfc399290b8

Code Sign

3d:78:81:50:95:64:b4:f4:2f:20:de:49:b7:42:21:6d:f9:5f:15:f0Certificate

Extended Key Usages

Key Usages

e6Certificate

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

40:68:78:62:72:af:26:30:0a:10:4f:6e:39:2f:73:40:6a:6d:ce:69:f2:96:c3:d9:f2:b6:2f:9a:d1:60:3e:0bSigner

Signature Validations

Verification

31/08/2020, 21:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ws2_32

wldap32

advapi32

dbghelp

Exports

Exports

Sections

.text Size: - Virtual size: 1.6MB

.rdata Size: - Virtual size: 509KB

.data Size: - Virtual size: 305KB

.pdata Size: - Virtual size: 76KB

_RDATA Size: - Virtual size: 148B

.of0 Size: - Virtual size: 1.6MB

.of1 Size: 4.3MB - Virtual size: 4.3MB

.reloc Size: 512B - Virtual size: 192B

.rsrc Size: 1024B - Virtual size: 652B

3d:78:81:50:95:64:b4:f4:2f:20:de:49:b7:42:21:6d:f9:5f:15:f0
Certificate

e6
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

40:68:78:62:72:af:26:30:0a:10:4f:6e:39:2f:73:40:6a:6d:ce:69:f2:96:c3:d9:f2:b6:2f:9a:d1:60:3e:0b
Signer

31/08/2020, 21:34
Valid: false

.text
Size: - Virtual size: 1.6MB

.rdata
Size: - Virtual size: 509KB

.data
Size: - Virtual size: 305KB

.pdata
Size: - Virtual size: 76KB

_RDATA
Size: - Virtual size: 148B

.of0
Size: - Virtual size: 1.6MB

.of1
Size: 4.3MB - Virtual size: 4.3MB

.reloc
Size: 512B - Virtual size: 192B

.rsrc
Size: 1024B - Virtual size: 652B