oxipng[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

oxipng.exe
Size

1.1MB
MD5

c753add3bb79ea97f71d0c78ee6a30ed
SHA1

639a5984fd1787ba6373cc9e6cb90d403f8067d7
SHA256

9f5ac546004b576c3e8f2085fd06758c6e2a6a0b8f0edac8c277e3ec44f6e556
SHA512

9e75295bc52a40d9103cc99675893b4436eded96533f34cce120e84bbfbce0695a7f4559b9299215370e222b92c6e3d51a524d4dc663195d60d7c9d158be06de
SSDEEP

24576:QCzCoNyc5S2xwyWOAR2pKDMC/Q3zi/8ENu1GkpzlBj:QCzCoNBxxwyy2pKc3Y8EAkkNj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
oxipng.exe

Files

oxipng.exe
.exe windows:6 windows x64 arch:x64

e01b234c14ac9838df4dd1b01e19bc93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

oxipng.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

kernel32

FindFirstFileW
WideCharToMultiByte
ReadConsoleW
ExitProcess
HeapAlloc
GetProcessHeap
FindNextFileW
RtlCaptureContext
RtlLookupFunctionEntry
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
GetCurrentProcessId
CreateMutexA
ReleaseMutex
RtlVirtualUnwind
GetFileType
UnhandledExceptionFilter
IsDebuggerPresent
GetFullPathNameW
SetUnhandledExceptionFilter
GetFileInformationByHandleEx
GetFileInformationByHandle
CreateFileW
GetEnvironmentVariableW
lstrlenW
FormatMessageW
GetModuleHandleW
QueryPerformanceFrequency
GetProcAddress
GetModuleHandleA
WriteConsoleW
MultiByteToWideChar
IsProcessorFeaturePresent
CreateThread
GetSystemInfo
SwitchToThread
SetFileTime
SetFileInformationByHandle
SetFilePointerEx
QueryPerformanceCounter
FindClose
WaitForSingleObject
CloseHandle
SetWaitableTimer
Sleep
CreateWaitableTimerExW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleMode
GetConsoleMode
GetStdHandle
HeapReAlloc
GetCurrentThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetLastError
GetModuleFileNameW
SetLastError
GetCommandLineW
HeapFree
CreateDirectoryW
GetCurrentDirectoryW
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess

ntdll

RtlNtStatusToDosError
NtWriteFile
NtReadFile

vcruntime140

memcpy
__current_exception_context
__current_exception
memmove
__C_specific_handler
memset
memcmp
__CxxFrameHandler3

api-ms-win-crt-math-l1-1-0

round
__setusermatherr
log

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_exit
exit
_initterm_e
_initterm
__p___argv
_initialize_narrow_environment
_configure_narrow_argv
_cexit
_set_app_type
_seh_filter_exe
__p___argc
_get_initial_narrow_environment
_c_exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 1022KB - Virtual size: 1021KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e01b234c14ac9838df4dd1b01e19bc93

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

ntdll

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1022KB - Virtual size: 1021KB

.rdata Size: 129KB - Virtual size: 129KB

.data Size: 512B - Virtual size: 10KB

.pdata Size: 16KB - Virtual size: 15KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 1022KB - Virtual size: 1021KB

.rdata
Size: 129KB - Virtual size: 129KB

.data
Size: 512B - Virtual size: 10KB

.pdata
Size: 16KB - Virtual size: 15KB

.reloc
Size: 3KB - Virtual size: 2KB