oni[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

oni.exe
Size

31.1MB
MD5

0c43761439202db625b99f6d37285a9f
SHA1

0beb0f745cddbc3ce6e23b3f0f471e6c8d11ebf1
SHA256

968d3cf356e77f054c3a87960a4b17b32cb55430077b508370ab685054e6319e
SHA512

d582b5ca72ea04724253274effb499f8d89b6fa1dde5767abc496b83e9b3f0fc80497b872bd82dd500bd87a3707b699956372c68a671a46d87cb2eb48a465f8c
SSDEEP

786432:tRZ1VprWGF/z+/cYk2Y5Nnq16M4DlbLu:bZ1V7tQ9mBMel

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
oni.exe

Files

oni.exe
.exe windows:6 windows x64 arch:x64

Password: infected

e76fccbb270d01a765b3580d44722804

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

IsProcessorFeaturePresent
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

msvcp140

?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy

api-ms-win-crt-stdio-l1-1-0

__p__commode

api-ms-win-crt-runtime-l1-1-0

__sys_errlist

api-ms-win-crt-heap-l1-1-0

_set_new_mode

api-ms-win-crt-math-l1-1-0

_fdopen

api-ms-win-crt-convert-l1-1-0

strtoll

api-ms-win-crt-time-l1-1-0

strftime

api-ms-win-crt-filesystem-l1-1-0

_fstat64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-string-l1-1-0

_strdup

api-ms-win-crt-utility-l1-1-0

qsort

ws2_32

__WSAFDIsSet

crypt32

CertGetNameStringW

advapi32

CryptAcquireContextW

Sections

.text
Size: - Virtual size: 427KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.u&m
Size: - Virtual size: 18.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ZP-
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.V|=
Size: 31.1MB - Virtual size: 31.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

e76fccbb270d01a765b3580d44722804

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

ws2_32

crypt32

advapi32

Sections

.text Size: - Virtual size: 427KB

.rdata Size: - Virtual size: 119KB

.data Size: - Virtual size: 4KB

.pdata Size: - Virtual size: 21KB

.u&m Size: - Virtual size: 18.7MB

.ZP- Size: 4KB - Virtual size: 4KB

.V|= Size: 31.1MB - Virtual size: 31.1MB

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 427KB

.rdata
Size: - Virtual size: 119KB

.data
Size: - Virtual size: 4KB

.pdata
Size: - Virtual size: 21KB

.u&m
Size: - Virtual size: 18.7MB

.ZP-
Size: 4KB - Virtual size: 4KB

.V|=
Size: 31.1MB - Virtual size: 31.1MB

.rsrc
Size: 512B - Virtual size: 469B