oxide-loader[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

oxide-loader.exe
Size

527KB
MD5

d8c1c24eb35e37823d48fcc9e043c7bc
SHA1

90477579c2cc85f9243c40213078403033d6bebc
SHA256

470736b763dfbed85207c5ed5adcf378fa0ab7187d8e0840528c71345cd7acec
SHA512

3f78ea5727f7a063668342a80860e20fb704b61181e011e6dec8929d353e856107cee5bec5a72f604f8184def8545a52858fb8f8ab823a719362fd309d8ed7a7
SSDEEP

12288:AXM+lY80OmNWVf3Ax85kxbf/JsX0LAQUeIqT7f4VeWY+Y:AXMwY8pmNWVf3Ebf6X7QznfYeWPY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
oxide-loader.exe

Files

oxide-loader.exe
.exe windows x86

8d50fb1ac6b4210af39e3ce6efbd357e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3d9

Direct3DCreate9

kernel32

QueryPerformanceCounter
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
MultiByteToWideChar
IsDebuggerPresent
GetModuleHandleA
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
FreeLibrary
GetProcAddress
QueryPerformanceFrequency
GetStartupInfoW
LoadLibraryA
UnhandledExceptionFilter
GetModuleHandleW
IsProcessorFeaturePresent

user32

GetKeyState
SetClipboardData
GetClipboardData
CloseClipboard
OpenClipboard
UpdateWindow
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
PostQuitMessage
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
ReleaseCapture
SetCursorPos
GetCursorPos
DefWindowProcW
GetWindowRect
DestroyWindow
SetWindowPos
TranslateMessage
SetLayeredWindowAttributes
PeekMessageW
DispatchMessageW
ShowWindow
RegisterClassExW
UnregisterClassW
CreateWindowExW
EmptyClipboard

shell32

ShellExecuteW

msvcp140

_Query_perf_frequency
_Xtime_get_ticks
?_Xlength_error@std@@YAXPBD@Z
_Thrd_sleep
_Query_perf_counter

imm32

ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

vcruntime140

__current_exception
_CxxThrowException
__std_exception_copy
__std_exception_destroy
memmove
_except_handler4_common
memchr
strstr
__std_terminate
_purecall
__CxxFrameHandler3
memset
memcpy
__current_exception_context

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_cexit
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_invalid_parameter_noinfo_noreturn
_c_exit
_register_thread_local_exe_atexit_callback
_crt_atexit
terminate
_controlfp_s
_initialize_onexit_table
_register_onexit_function
_seh_filter_exe

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
_set_fmode
_wfopen
__p__commode
fflush
fclose
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
ftell
fwrite
fseek
__stdio_common_vfprintf

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strncmp
strncpy

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
_set_new_mode
free

api-ms-win-crt-math-l1-1-0

_libm_sse2_acos_precise
_libm_sse2_sin_precise
_CIfmod
_libm_sse2_cos_precise
ceil
__setusermatherr
_libm_sse2_sqrt_precise

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 265KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d50fb1ac6b4210af39e3ce6efbd357e

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

kernel32

user32

shell32

msvcp140

imm32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 222KB - Virtual size: 222KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 265KB - Virtual size: 266KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 222KB - Virtual size: 222KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 265KB - Virtual size: 266KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 7KB - Virtual size: 6KB