GetClientVersion
GetMinecraftVersion
GetVisualClientVersion
Static task
static1
1 signatures
General
-
Target
OnixClientScripting.dll
-
Size
6.7MB
-
MD5
bf3fb4652549dcc27501ac3b7ab1ff5c
-
SHA1
16a2e9cc46cce013a8cbb396febd7f401e9be01f
-
SHA256
5312cd15a29926ba5a49ff76682f3bd37b6bf028239e2d236be101d4664a5eb8
-
SHA512
1d13efc4ff7d95065ac80cd9128b8a8152add7ab8fbae445ae6420351c469ea7550cd5f1a4a8ef41fadcab475add27f9866d5df8f4e331e81f1ad001d5917953
-
SSDEEP
98304:qXz7dvlyxne1eN93DdX5sG3KRyvJebtHVp:qXz7NgxneO9DsG3KRyvJebhVp
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource OnixClientScripting.dll
Files
-
OnixClientScripting.dll.dll windows:6 windows x64 arch:x64
44bdc0b94f78b16d5cc19f0fec1c7c50
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
ws2_32
getsockopt
gethostname
ioctlsocket
getpeername
sendto
recvfrom
freeaddrinfo
getaddrinfo
recv
listen
htonl
getsockname
connect
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
WSASetLastError
WSAGetLastError
inet_pton
ntohs
inet_ntop
WSAStartup
WSACleanup
setsockopt
WSAIoctl
htons
socket
__WSAFDIsSet
select
accept
bind
bcrypt
BCryptGenRandom
advapi32
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptAcquireContextW
CryptImportKey
CryptEncrypt
CryptDestroyKey
crypt32
CryptQueryObject
CertGetNameStringW
CertFreeCertificateChainEngine
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertCreateCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertFindExtension
kernel32
OutputDebugStringW
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetTimeZoneInformation
SetStdHandle
GetExitCodeProcess
CreatePipe
SetEndOfFile
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
CloseHandle
WaitForSingleObject
Sleep
CreateThread
GetCurrentThreadId
SetThreadPriority
ExitThread
GetThreadId
FreeLibraryAndExitThread
GetModuleHandleA
GetProcAddress
CreateEventA
VirtualQuery
DeleteFileA
GetCurrentProcess
GlobalMemoryStatusEx
K32GetProcessMemoryInfo
QueryPerformanceCounter
QueryPerformanceFrequency
GetLocalTime
DeleteFileW
TerminateThread
GetExitCodeThread
VirtualProtect
RtlUnwind
FindFirstChangeNotificationW
FindNextChangeNotification
GetLastError
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
RtlPcToFileHeader
GetSystemInfo
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentProcessId
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
GetModuleHandleW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
VirtualAlloc
VirtualFree
FreeLibrary
GetModuleFileNameA
LoadLibraryExA
FormatMessageA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetLastError
FormatMessageW
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SetEvent
CreateEventW
GetSystemDirectoryW
LoadLibraryW
MoveFileExW
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerSetConditionMask
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
InitializeSRWLock
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableSRW
GetLogicalProcessorInformation
InitializeCriticalSection
ResetEvent
ReleaseSemaphore
CreateSemaphoreA
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleFileNameW
GetModuleHandleExW
InterlockedFlushSList
InterlockedPushEntrySList
WriteConsoleW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
RtlUnwindEx
RaiseException
FileTimeToSystemTime
ExitProcess
DuplicateHandle
CreateProcessW
SetFilePointerEx
FindCloseChangeNotification
WriteFile
K32GetModuleInformation
user32
SetClipboardData
CloseClipboard
OpenClipboard
SetCursorPos
GetWindowRect
GetClipboardData
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
DefWindowProcA
GetDpiForWindow
EmptyClipboard
GetKeyState
FindWindowA
ToUnicodeEx
GetKeyboardLayout
MapVirtualKeyA
GetKeyboardState
ole32
CoCreateFreeThreadedMarshaler
CoInitializeEx
StringFromCLSID
CoInitialize
CoCreateInstance
CoTaskMemFree
dwrite
DWriteCreateFactory
d2d1
ord2
ord1
d3dcompiler_47
D3DCompile
d3d11
D3D11On12CreateDevice
D3D11CreateDevice
api-ms-win-core-synch-l1-1-0
TryAcquireSRWLockExclusive
api-ms-win-core-heap-l2-1-0
LocalFree
api-ms-win-core-localization-l1-2-0
GetLocaleInfoEx
LCMapStringEx
GetCPInfo
api-ms-win-core-processenvironment-l1-1-0
GetCurrentDirectoryW
api-ms-win-core-file-l1-1-0
GetFileAttributesExW
GetFileInformationByHandle
FindFirstFileExW
FindFirstFileW
FindClose
GetFullPathNameW
SetFileInformationByHandle
FindNextFileW
CreateDirectoryW
api-ms-win-core-file-l1-2-0
GetTempPathW
api-ms-win-core-file-l1-2-2
AreFileApisANSI
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-file-l2-1-0
CreateSymbolicLinkW
GetFileInformationByHandleEx
CreateHardLinkW
api-ms-win-core-file-l2-1-2
CopyFileW
api-ms-win-core-processthreads-l1-1-0
SwitchToThread
GetStartupInfoW
TerminateProcess
api-ms-win-core-sysinfo-l1-2-0
GetNativeSystemInfo
api-ms-win-core-synch-l1-2-0
WakeAllConditionVariable
api-ms-win-core-libraryloader-l1-2-0
LoadLibraryExW
api-ms-win-core-string-l1-1-0
GetStringTypeW
CompareStringEx
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
api-ms-win-core-util-l1-1-0
EncodePointer
DecodePointer
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
SetUnhandledExceptionFilter
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
oleaut32
SysAllocString
GetErrorInfo
SetErrorInfo
SysFreeString
SysStringLen
Exports
Exports
Sections
.text Size: 5.0MB - Virtual size: 5.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 31KB - Virtual size: 139KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 151KB - Virtual size: 150KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ