Onnex_Dropper[.]exe | Triage

Sharing

General

Target

Onnex_Dropper.exe
Size

120KB
MD5

59f7eeba1ec327d6ced70a5edbc2a5eb
SHA1

7ff4a58f73a436adb32f5c9e283ce5ddff212b7c
SHA256

607fcc87f1fd28117f790dbedac4183107d5b54a630dfb6666d24b66baebd8bc
SHA512

845357512a68246b1acd83905ab737b6e0f393abb9ed3083597f8ba2f03402c85c73313d05540defd5b26d1c1db57bd5e86f29297c0d2c8a6745dfbd0d55c403
SSDEEP

1536:0OVrCWV3SR/VIC8SUal2XonjhgXJD77d31JKZ6QCJgKoxgn81cbd:jVL3B1QCugn8qbd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Onnex_Dropper.exe

Files

Onnex_Dropper.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ