oxygen_auth[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

oxygen_auth.dll
Size

5.6MB
MD5

cd3e516a5b2611997f141863de6f405a
SHA1

d1e1ba9219e32cea476ec58d5013d6c2874112bc
SHA256

48aa0793a1fc5e54fbd37268019ea7e3aa9344c6456c41854a8e2e7c3a39e857
SHA512

a43ed6168af5a8f3976c9d4a435429504674ba41f68e332c4f01c7634f0314f8356c95082d886d6ae8b760c5af65d573c8a8cc8bde2728cd029a72778e674646
SSDEEP

98304:V6BxYZJGrwg70Q9TbHBg/0NPjSuEichXohqPqQIixCubpBlNYpM:V6BODHDQ1hO0ZjSu04hCqQvCEBlO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
oxygen_auth.dll

Files

oxygen_auth.dll
.dll windows:6 windows x86 arch:x86

048ee6e2acdf6f449ddf71b1f0a3e356

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAIoctl

crypt32

CertFreeCertificateChain

wldap32

ord143

normaliz

IdnToAscii

kernel32

CreateFileA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

GetCurrentHwProfileA

shell32

ShellExecuteA

msvcp140

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ

vcruntime140

__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_cexit

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-stdio-l1-1-0

fread

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-filesystem-l1-1-0

_access

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

get_hwid
start_auth
verify_auth

Sections

.text
Size: - Virtual size: 329KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.auth0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.auth1
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

048ee6e2acdf6f449ddf71b1f0a3e356

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

wldap32

normaliz

kernel32

advapi32

shell32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

wtsapi32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 329KB

.rdata Size: - Virtual size: 59KB

.data Size: - Virtual size: 2KB

.auth0 Size: - Virtual size: 3.2MB

.auth1 Size: 5.6MB - Virtual size: 5.6MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 233B

.text
Size: - Virtual size: 329KB

.rdata
Size: - Virtual size: 59KB

.data
Size: - Virtual size: 2KB

.auth0
Size: - Virtual size: 3.2MB

.auth1
Size: 5.6MB - Virtual size: 5.6MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 233B