home

oni-demo.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from get-2.wpapi.wp.pl.
MD5:
f6307769b9705a089ce51f7879b2f5dc

SHA-1:
727e0c096437424600e2943044d6a1689eb9f5bd

SHA-256:
346e8155df88249f8616d24a86c7333cb0932cb6b7234cdddd1217883c67b870

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 2:55:32 PM UTC  (today)

File size:
227.9 KB (233,360 bytes)

File type:
Executable application (Win16 EXE)

Common path:
C:\users\{user}\downloads\oni-demo.exe

File PE Metadata
OS version:
270.17968

OS bitness:
Win16

Subsystem:
Native (none required)

Linker version:
3.0

CTPH (ssdeep):
3072:JoWrZh3O636rezHx2FAuMNPKaPNVolSXK0R3SSUKpnmmltwfICyaaeVDW7vVcXla:eWlh3OcIMNSa1eEa0DB8IsVYtc1A0eKc

Entry address:
0xA4009C

Entry point:
4D, 5A, 01, 01, 01, 00, 01, 00, 05, 00, 00, 00, FF, FF, 00, 00, 14, 00, 00, 00, 00, 00, 0A, 00, 40, 00, 00, 00, 01, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 10, 01, 00, 00, 04, 00, 0A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 54, 68, 69, 73, 20, 69, 73, 20, 61, 20, 57, 69, 6E, 64, 6F, 77...
 
[+]

Code size:
256 KB (262,147 bytes)

The file oni-demo.exe has been seen being distributed by the following URL.

http://get-2.wpapi.wp.pl/a,61764431,f,upload/b/9/d/.../oni-demo.exe

Scan oni-demo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.