oxlint[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

oxlint.exe
Size

3.3MB
MD5

24ea3c54fc4d5babcb1e50d95a490e19
SHA1

78033fb0b96d3ce29f886604879670c91430b7d0
SHA256

6712c1669c91d4f95a0e9501a6bec4ebe18310fc82e4349a97d83a4ad133268c
SHA512

8dc723b67413896208841ad4910abae8c0e9b4cc5fe031ec6c4d0d494df1297015e7dea6b55bd5c41529d2e75dd42fc297e5007ae716b35cf8df811167309279
SSDEEP

49152:mHG0sjp34zO0NZtm3P9zXW+Sq63u4PdcQLgB7dPZNh+yLbe0dtW+F/qsp:DjpN0XM/9zXW/u4AeyY0vp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
oxlint.exe

Files

oxlint.exe
.exe windows x64

96a89d562e8f31eda08895ee7f235134

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetProcessTimes
GetCurrentProcessorNumber
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
FlsFree
FreeLibrary
FindClose
GetNumaHighestNodeNumber
SwitchToThread
GetNumaNodeProcessorMask
WriteConsoleA
GetSystemTimeAsFileTime
CreateFileW
GetCurrentThreadId
GetFileInformationByHandleEx
FlsAlloc
IsProcessorFeaturePresent
TerminateProcess
GetFileType
GetFileInformationByHandle
FlsSetValue
QueryPerformanceCounter
Sleep
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleMode
GetConsoleMode
SetThreadStackGuarantee
AddVectoredExceptionHandler
WriteFile
GetEnvironmentVariableA
GetFinalPathNameByHandleW
ReleaseSRWLockShared
SleepConditionVariableSRW
AcquireSRWLockShared
GetLastError
GetModuleFileNameW
RtlCaptureContext
GetCurrentDirectoryW
ExitProcess
WakeAllConditionVariable
FindFirstFileW
FindNextFileW
SetFilePointerEx
GetFullPathNameW
InitializeSListHead
QueryPerformanceFrequency
FormatMessageW
GetModuleHandleW
RtlLookupFunctionEntry
GetEnvironmentVariableW
ReleaseMutex
GetCurrentProcess
CreateMutexA
LoadLibraryA
WaitForSingleObjectEx
SetLastError
GetCommandLineW
WriteConsoleW
MultiByteToWideChar
IsDebuggerPresent
WaitForSingleObject
TryAcquireSRWLockExclusive
GetCurrentThread
CreateThread
WakeConditionVariable
GetSystemInfo
GetProcAddress
GetCurrentProcessId
CloseHandle
ReleaseSRWLockExclusive
GetModuleHandleA
GetLargePageMinimum
AcquireSRWLockExclusive
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter

bcrypt

BCryptGenRandom

ntdll

RtlNtStatusToDosError
NtWriteFile
NtReadFile

advapi32

OpenProcessToken
SystemFunction036
AdjustTokenPrivileges
LookupPrivilegeValueA

userenv

GetUserProfileDirectoryW

vcruntime140

__C_specific_handler
__current_exception
memcpy
memcmp
__CxxFrameHandler3
memset
memmove
__current_exception_context
strstr

api-ms-win-crt-math-l1-1-0

ceil
__setusermatherr
log2
trunc
fma

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_onexit_table
_crt_atexit
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argc
terminate
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
_seh_filter_exe
__p___argv
_errno
abort

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
_set_fmode
__p__commode
fputs
__acrt_iob_func

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 789KB - Virtual size: 789KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96a89d562e8f31eda08895ee7f235134

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

bcrypt

ntdll

advapi32

userenv

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 789KB - Virtual size: 789KB

.data Size: 6KB - Virtual size: 211KB

.pdata Size: 39KB - Virtual size: 39KB

.reloc Size: 49KB - Virtual size: 48KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 789KB - Virtual size: 789KB

.data
Size: 6KB - Virtual size: 211KB

.pdata
Size: 39KB - Virtual size: 39KB

.reloc
Size: 49KB - Virtual size: 48KB