oclo[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

oclo.exe
Size

2.3MB
MD5

0d14677324fb1f05953aff5dfc889965
SHA1

dc857ba74f95716edb41f441f28482219939f025
SHA256

33e42e7828cda7987d17342e0eb8134f590cd3d291dbc75f13334259a4908ba1
SHA512

6d7b43c4c415e425d53a4332811a7c82ba4b3f3ac9dbabe28397ef311d8227bfc0be0903e8ac0b6d858bdca0e685821497d48e6201e7d2943a5d33b62279b218
SSDEEP

24576:A/VAFdBq01lUapCVXAyOtlru19eSVqhCv4pjX/I+4YTXa779BLwc3oe7X8tCHrfx:Qoz6XDl9jl7f+TgmA0sIM7bov

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
oclo.exe

Files

oclo.exe
.exe windows:6 windows x64 arch:x64

6897e09add1836442c84d70f65d04a85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetConsoleScreenBufferInfo
SetConsoleCursorInfo
GetConsoleCursorInfo
SetConsoleOutputCP
SetConsoleCtrlHandler
GetConsoleOutputCP
GetUserDefaultLCID
GetSystemDefaultLCID
GetCurrencyFormatW
SetLocaleInfoW
GetCPInfoExW
IsValidCodePage
CompareStringW
GetTimeFormatW
GetDateFormatW
GetNumaProcessorNode
SetVolumeMountPointW
FindFirstVolumeMountPointW
CopyFileExW
CopyFileW
BackupSeek
BackupRead
lstrcatW
lstrcmpW
GetTapeParameters
GetTapeStatus
PrepareTape
GetTapePosition
SetTapePosition
ConvertFiberToThread
GetProcessIoCounters
GetCurrentProcess
SetProcessAffinityMask
GetNumaHighestNodeNumber
QueryInformationJobObject
AssignProcessToJobObject
GetLogicalProcessorInformation
GetProcessPriorityBoost
SetPriorityClass
TlsSetValue
TlsGetValue
GetThreadPriorityBoost
GetCurrentThreadId
WriteConsoleW
CloseHandle
CreateFileW
GetConsoleMode
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetFileApisToANSI
AreFileApisANSI
UnlockFileEx
SetFilePointerEx
SetEndOfFile
QueryDosDeviceW
LockFileEx
GetLongPathNameW
GetFileSizeEx
GetModuleHandleA
GetExitCodeProcess
GetStringTypeW
GetFileType
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
FindNextFileW
FindFirstFileExW
HeapFree
HeapAlloc
GetModuleHandleExW
TerminateProcess
ExitProcess
GetModuleFileNameW
WriteFile
GetStdHandle
RtlPcToFileHeader
RaiseException
EncodePointer
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RtlUnwindEx
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetFileInformationByHandle
GetFileAttributesExW
FindClose
DefineDosDeviceW
GetCurrentDirectoryW
SetStdHandle
GetCurrentProcessId
RtlVirtualUnwind
RtlLookupFunctionEntry
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext

gdi32

SetWindowOrgEx
GetKerningPairsW
SetBrushOrgEx
GetWinMetaFileBits
PolylineTo
Polygon
LPtoDP
PolyTextOutW
StrokeAndFillPath
SetArcDirection
AbortPath
SetWinMetaFileBits
GetEnhMetaFileBits
GdiTransparentBlt
SetTextColor
SetSystemPaletteUse
SetMetaFileBitsEx
SetMapMode
SetDIBitsToDevice
SetBkMode
SetDCPenColor
SaveDC
PtVisible
PtInRegion
OffsetClipRgn
MaskBlt
GetWindowExtEx
GetViewportOrgEx
RemoveFontResourceExW
GetGlyphIndicesW
GetTextExtentExPointW
GetTextAlign
GetSystemPaletteUse
GetSystemPaletteEntries
GetMetaFileBitsEx
GetCurrentPositionEx
GetCharWidth32W
GetCharWidthW
EnumFontFamiliesW
DrawEscape
CreateBrushIndirect
CancelDC
BitBlt
Arc
AnimatePalette

winspool.drv

ConnectToPrinterDlg
EnumPrintersW
ResetPrinterW
SetJobW
GetJobW
EnumJobsW
SetPrinterW
FlushPrinter
GetPrinterDataW
EnumPrinterDataW
SetPrinterDataW
SetPrinterDataExW
GetFormW
ConfigurePortW
SetPortW

comdlg32

PrintDlgExW
PrintDlgW
ChooseFontW
ReplaceTextW
FindTextW
ChooseColorW
GetFileTitleW
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

StringFromIID
CLSIDFromString
CoEnableCallCancellation
CoTestCancel
CoCancelCall
CoQueryAuthenticationServices
CoQueryClientBlanket
CoSetProxyBlanket
IIDFromString
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoGetStdMarshalEx
CoLockObjectExternal
CoDisconnectObject
CoMarshalHresult
CoUnmarshalInterface
CoMarshalInterface
CoGetMarshalSizeMax
CoGetPSClsid
CoResumeClassObjects
CoGetObjectContext
CoGetContextToken
CoGetCurrentLogicalThreadId
CoGetCurrentProcess
CoUninitialize
ProgIDFromCLSID
CLSIDFromProgID
CoInvalidateRemoteMachineBindings
CLSIDFromProgIDEx
CoGetInstanceFromIStorage
CoAllowSetForegroundWindow
CoIsOle1Class
CoFileTimeToDosDateTime
CoInstall
BindMoniker
MkParseDisplayName
MonikerRelativePathTo
GetClassFile
OleGetIconOfClass
OleSetAutoConvert
CoGetInterceptor
CoGetCallContext

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerInstallFileW
VerFindFileW

comctl32

ord412
ord410
ord14
ord15
ord13
PropertySheetW

dxgi

CreateDXGIFactory

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6897e09add1836442c84d70f65d04a85

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

winspool.drv

comdlg32

ole32

version

comctl32

dxgi

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 5KB - Virtual size: 27KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 5KB - Virtual size: 27KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB