f56fbc16e5b326e920150f2b2ba01bc596c4badf4fb4691d5dc47d90c0ad98eb[.]zip[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

f56fbc16e5b326e920150f2b2ba01bc596c4badf4fb4691d5dc47d90c0ad98eb.zip.zip
Size

3.7MB
MD5

d5a2d7974e3836ac3cc7508548fc540b
SHA1

9c886556aa12af01eb7077820fbc53dd73071d51
SHA256

65dd64cc9bd5af31984d3028361129a0e77eb753bdd309437da1cd20e66b1d9d
SHA512

926d259b514221ec9238d9db9f8f6be655f0f380687a58c19a07e1e8b92f983316d7388dc434e84ba47ef306d4d09593378c05310eec9d8f13aa6dcd3289b031
SSDEEP

98304:Q+kgSulKTR7mvel7SOIq67ecXfjRo7kYAvYApzINpxQU:VkRkeRqM76qjkjewYADzIDxQU

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Omega.App.Common.dll.deploy
unpack002/Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Omega.Daq.dll.deploy
unpack002/Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Omega.Sensor.CommLib.dll.deploy
unpack002/Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Omega.Sensor.Platinum.dll.deploy
unpack002/Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Omega.Sensor.SmartSensor.dll.deploy
unpack002/Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Omega.Sensor.dll.deploy
unpack002/Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/chartext.dll.deploy

Files

f56fbc16e5b326e920150f2b2ba01bc596c4badf4fb4691d5dc47d90c0ad98eb.zip.zip
.zip

Password: infected
f56fbc16e5b326e920150f2b2ba01bc596c4badf4fb4691d5dc47d90c0ad98eb.zip
.zip
EIP_1.1.5/Platinum-EIP_115.bin
EIP_1.1.5/Readme.txt
Firmware_1.4.0.6/Readme.txt
Firmware_1.4.0.6/image.bin
OEG.lnk
.lnk
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Omega.App.Common.dll.deploy
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Omega.Daq.dll.deploy
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Omega.Sensor.CommLib.dll.deploy
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Omega.Sensor.Platinum.dll.deploy
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Omega.Sensor.SmartSensor.dll.deploy
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Omega.Sensor.dll.deploy
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/OmegaVCP.inf.deploy
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Platinum tools.ico.deploy
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Platinum.application
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Platinum.exe.config.deploy
.xml
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Platinum.exe.deploy
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

0d:1d:c2:3d:50:2b:16:70:f6:97:4f:98:21:af:df:6f
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24-03-2015 00:00

Not After

30-05-2018 12:00

Subject

CN=Omega Engineering\, Inc.,O=Omega Engineering\, Inc.,L=Santa Ana,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f4:23:49:67:4d:18:20:e4:57:09:69:7c:6e:fb:34:b2:8d:8d:76:59
Signer

Actual PE Digest

f4:23:49:67:4d:18:20:e4:57:09:69:7c:6e:fb:34:b2:8d:8d:76:59

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 745KB - Virtual size: 745KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/Platinum.exe.manifest
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/chartext.dll.deploy
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/database.txt.deploy
Platinum_Configurator_1.5.2.0/Application Files/Platinum_1_5_2_0/system_config_services.ico.deploy
Platinum_Configurator_1.5.2.0/M5461_0817_PLATINUM Series Configurator User Guide.pdf
.pdf
- http://www.omega.com/
- http://notice.omega.com
- http://omega.com
- http://omega.com/worldwide
- http://www.Omega.com
- http://Platinum_Configurator.zip
Platinum_Configurator_1.5.2.0/Platinum.application
Platinum_Configurator_1.5.2.0/Readme.txt
Platinum_Configurator_1.5.2.0/autorun.inf
Platinum_Configurator_1.5.2.0/setup.exe
.exe windows:5 windows x86

bc6227cc297eafe8b983449b17c815c6

Code Sign

07:1d:da:20:ab:a6:ee:13:4d:04:81:26:b5:d5:98:c5
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

05-07-2018 00:00

Not After

11-06-2021 12:00

Subject

CN=Omega Engineering\, Inc.,O=Omega Engineering\, Inc.,L=Santa Ana,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:67:bf:09:00:d7:74:5b:be:fd:1c:31:3d:7a:67:6e:9c:9f:df:d4
Signer

Actual PE Digest

10:67:bf:09:00:d7:74:5b:be:fd:1c:31:3d:7a:67:6e:9c:9f:df:d4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetNativeSystemInfo
EndUpdateResourceW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetEvent
CreateEventW
LoadResource
LockResource
SizeofResource
FindResourceW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
DeleteFileW
GetFileAttributesW
GetTempFileNameW
ReadFile
GetTempPathW
GetCurrentProcess
OpenProcess
GetSystemDirectoryW
GetWindowsDirectoryW
GetVersionExW
GetModuleFileNameW
GlobalAlloc
GlobalFree
LocalFree
FormatMessageW
CopyFileW
GetDateFormatW
GetTimeFormatW
CompareStringW
WideCharToMultiByte
GetVersion
GetModuleHandleW
RaiseException
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
Sleep
HeapSetInformation
SetFilePointer
GetDiskFreeSpaceExW
CreateFileW
DeleteCriticalSection
CreateThread
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrlenW
SetEndOfFile
MulDiv
GetTickCount
GetExitCodeProcess
LoadLibraryW
GetSystemInfo
SwitchToThread
FindNextFileW
UpdateResourceA
BeginUpdateResourceA
FindResourceA
lstrlenA
DeleteFileA
CreateFileA
UpdateResourceW
BeginUpdateResourceW
GetEnvironmentVariableA
ReadConsoleW
WriteConsoleW
SetStdHandle
HeapReAlloc
LCMapStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
OutputDebugStringW
LoadLibraryExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
HeapSize
GetOEMCP
GetACP
IsValidCodePage
IsDebuggerPresent
IsProcessorFeaturePresent
HeapAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FindFirstFileW
FindClose
GetProcAddress
FreeLibrary
WaitForSingleObject
GetLastError
CloseHandle
WriteFile
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
LoadLibraryExA
GetCommandLineW
RtlUnwind
GetCPInfo
HeapFree
SetLastError
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetProcessHeap
GetStdHandle
GetFileType

gdi32

GetStockObject
EnumFontFamiliesExW
DeleteObject
CreateFontIndirectW
GetObjectW
GetTextMetricsW
SelectObject
GetTextExtentPoint32W
GetDeviceCaps
DeleteDC
CreateCompatibleDC

ole32

CoUninitialize
CoInitialize

secur32

GetComputerObjectNameW

shell32

ShellExecuteExW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
ShellExecuteA

user32

SystemParametersInfoW
IsDialogMessageW
LoadImageW
LoadIconW
LoadCursorW
SetClassLongW
ScreenToClient
GetWindowRect
GetClientRect
SetWindowTextW
ShowScrollBar
SetForegroundWindow
EnableWindow
GetFocus
SetFocus
SendDlgItemMessageW
SetDlgItemTextW
GetDlgItem
CreateDialogIndirectParamW
CreateDialogParamW
MoveWindow
ShowWindow
DestroyWindow
SendMessageW
SendMessageA
PeekMessageW
DispatchMessageW
TranslateMessage
ExitWindowsEx
MessageBoxW
ReleaseDC
GetDC
DrawTextW
GetSystemMetrics
GetDialogBaseUnits
MessageBoxA
SetCursor
MsgWaitForMultipleObjects

crypt32

CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy

wininet

InternetCrackUrlW
InternetCombineUrlW

msi

ord8
ord78
ord150
ord92

Exports

Exports

_DecodePointerInternal@4
_EncodePointerInternal@4

Sections

.text
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
USBDriver/USBDriveInstallationGuide.pdf
.pdf
- http://OmegaVCP.cat
USBDriver/USBDriver.zip
.zip
OmegaUSBx64.EXE
.exe windows:6 windows x64

013c74198fc6e42dcf33737d6c40c012

Code Sign

0d:1d:c2:3d:50:2b:16:70:f6:97:4f:98:21:af:df:6f
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24-03-2015 00:00

Not After

30-05-2018 12:00

Subject

CN=Omega Engineering\, Inc.,O=Omega Engineering\, Inc.,L=Santa Ana,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

63:f7:4a:bd:a8:00:94:5e:83:ed:df:e7:c2:9d:f8:db:93:d9:c6:67
Signer

Actual PE Digest

63:f7:4a:bd:a8:00:94:5e:83:ed:df:e7:c2:9d:f8:db:93:d9:c6:67

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

OpenProcessToken
GetTokenInformation
RegSetValueExA
EqualSid
RegQueryValueExA
LookupPrivilegeValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegDeleteValueA
AllocateAndInitializeSid
FreeSid
AdjustTokenPrivileges
RegCloseKey

kernel32

GetPrivateProfileIntA
GetFileAttributesA
IsDBCSLeadByte
GetSystemDirectoryA
GlobalUnlock
GetShortPathNameA
CreateDirectoryA
FindFirstFileA
GetLastError
GetProcAddress
RemoveDirectoryA
SetFileAttributesA
GlobalFree
FindClose
GetPrivateProfileStringA
LoadLibraryA
LocalAlloc
WritePrivateProfileStringA
GetModuleFileNameA
FindNextFileA
CompareStringA
_lopen
CloseHandle
LocalFree
DeleteFileA
ExitProcess
DosDateTimeToFileTime
CreateFileA
FindResourceA
SetFilePointer
GlobalAlloc
ExpandEnvironmentStringsA
WaitForSingleObject
SetEvent
GetModuleHandleW
FormatMessageA
SetFileTime
WriteFile
GetDriveTypeA
GetVolumeInformationA
TerminateThread
SizeofResource
CreateEventA
GetExitCodeProcess
CreateProcessA
ReadFile
SetCurrentDirectoryA
_llseek
ResetEvent
LockResource
GetSystemInfo
LoadLibraryExA
CreateMutexA
GetCurrentDirectoryA
GetVersionExA
GetVersion
GetTempPathA
CreateThread
LocalFileTimeToFileTime
Sleep
FreeResource
GetWindowsDirectoryA
lstrcmpA
_lclose
GlobalLock
GetCurrentProcess
LoadResource
FreeLibrary
GetStartupInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
EnumResourceLanguagesA
MulDiv
GetDiskFreeSpaceA
GetTempFileNameA

gdi32

GetDeviceCaps

user32

SetForegroundWindow
MsgWaitForMultipleObjects
SendDlgItemMessageA
GetWindowLongPtrA
GetWindowRect
GetDC
MessageBoxA
PeekMessageA
ReleaseDC
GetDlgItem
SetWindowPos
ShowWindow
SetWindowLongPtrA
DispatchMessageA
SetWindowTextA
EnableWindow
CallWindowProcA
DialogBoxIndirectParamA
GetDlgItemTextA
LoadStringA
MessageBeep
CharUpperA
CharNextA
ExitWindowsEx
CharPrevA
EndDialog
GetDesktopWindow
SetDlgItemTextA
SendMessageA
GetSystemMetrics

msvcrt

?terminate@@YAXXZ
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
memset
memcpy
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_errno
_vsnprintf
_commode

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OmegaUSBx86.EXE
.exe windows:6 windows x86

bc70c4fa605f17c85050b7c7b6d42e44

Code Sign

0d:1d:c2:3d:50:2b:16:70:f6:97:4f:98:21:af:df:6f
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24-03-2015 00:00

Not After

30-05-2018 12:00

Subject

CN=Omega Engineering\, Inc.,O=Omega Engineering\, Inc.,L=Santa Ana,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:1f:c6:f9:2a:2c:52:af:c5:03:ab:94:d7:01:7e:dc:52:45:b2:79
Signer

Actual PE Digest

29:1f:c6:f9:2a:2c:52:af:c5:03:ab:94:d7:01:7e:dc:52:45:b2:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenProcessToken
GetTokenInformation
RegSetValueExA
EqualSid
RegQueryValueExA
LookupPrivilegeValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegDeleteValueA
AllocateAndInitializeSid
FreeSid
AdjustTokenPrivileges
RegCloseKey

kernel32

GetPrivateProfileIntA
GetFileAttributesA
IsDBCSLeadByte
GetSystemDirectoryA
GlobalUnlock
GetShortPathNameA
CreateDirectoryA
FindFirstFileA
GetLastError
GetProcAddress
RemoveDirectoryA
SetFileAttributesA
GlobalFree
FindClose
GetPrivateProfileStringA
LoadLibraryA
LocalAlloc
WritePrivateProfileStringA
GetModuleFileNameA
FindNextFileA
CompareStringA
_lopen
CloseHandle
LocalFree
DeleteFileA
ExitProcess
DosDateTimeToFileTime
CreateFileA
FindResourceA
GlobalAlloc
ExpandEnvironmentStringsA
LoadResource
WaitForSingleObject
SetEvent
GetModuleHandleW
FormatMessageA
SetFileTime
WriteFile
GetDriveTypeA
GetVolumeInformationA
TerminateThread
SizeofResource
CreateEventA
GetExitCodeProcess
CreateProcessA
_llseek
SetCurrentDirectoryA
GetTempFileNameA
ResetEvent
LockResource
GetSystemInfo
LoadLibraryExA
CreateMutexA
GetCurrentDirectoryA
GetVersionExA
GetVersion
GetTempPathA
CreateThread
LocalFileTimeToFileTime
SetFilePointer
GetWindowsDirectoryA
lstrcmpA
_lclose
GlobalLock
GetCurrentProcess
FreeResource
FreeLibrary
Sleep
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
RtlUnwind
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
EnumResourceLanguagesA
MulDiv
GetDiskFreeSpaceA
ReadFile

gdi32

GetDeviceCaps

user32

GetDC
SendMessageA
SetForegroundWindow
MsgWaitForMultipleObjects
SendDlgItemMessageA
GetWindowRect
MessageBoxA
GetWindowLongA
PeekMessageA
ReleaseDC
GetDlgItem
SetWindowPos
ShowWindow
DispatchMessageA
SetWindowTextA
EnableWindow
CallWindowProcA
DialogBoxIndirectParamA
GetDlgItemTextA
LoadStringA
MessageBeep
CharUpperA
CharNextA
ExitWindowsEx
CharPrevA
EndDialog
GetDesktopWindow
SetDlgItemTextA
SetWindowLongA
GetSystemMetrics

msvcrt

memset
?terminate@@YAXXZ
_controlfp
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_acmdln
_initterm
_amsg_exit
__p__commode
_XcptFilter
_errno
_vsnprintf
__setusermatherr

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OmegaVCP.inf
omegavcp.cat

Sharing

General

Malware Config

Signatures

Files

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 137KB - Virtual size: 137KB

.sdata Size: 512B - Virtual size: 312B

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 63KB - Virtual size: 62KB

.rsrc Size: 1024B - Virtual size: 880B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 19KB - Virtual size: 18KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 107KB - Virtual size: 106KB

.rsrc Size: 1024B - Virtual size: 992B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 31KB - Virtual size: 30KB

.rsrc Size: 1024B - Virtual size: 944B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 142KB - Virtual size: 142KB

.rsrc Size: 1024B - Virtual size: 928B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

0d:1d:c2:3d:50:2b:16:70:f6:97:4f:98:21:af:df:6fCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

.text
Size: 137KB - Virtual size: 137KB

.sdata
Size: 512B - Virtual size: 312B

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 63KB - Virtual size: 62KB

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 107KB - Virtual size: 106KB

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 31KB - Virtual size: 30KB

.rsrc
Size: 1024B - Virtual size: 944B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 142KB - Virtual size: 142KB

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 512B - Virtual size: 12B

0d:1d:c2:3d:50:2b:16:70:f6:97:4f:98:21:af:df:6f
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

f4:23:49:67:4d:18:20:e4:57:09:69:7c:6e:fb:34:b2:8d:8d:76:59
Signer

.text
Size: 745KB - Virtual size: 745KB

.sdata
Size: 512B - Virtual size: 312B

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

07:1d:da:20:ab:a6:ee:13:4d:04:81:26:b5:d5:98:c5
Certificate

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

10:67:bf:09:00:d7:74:5b:be:fd:1c:31:3d:7a:67:6e:9c:9f:df:d4
Signer

.text
Size: 323KB - Virtual size: 323KB

.data
Size: 8KB - Virtual size: 17KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 58KB - Virtual size: 58KB

.reloc
Size: 14KB - Virtual size: 13KB

0d:1d:c2:3d:50:2b:16:70:f6:97:4f:98:21:af:df:6f
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

63:f7:4a:bd:a8:00:94:5e:83:ed:df:e7:c2:9d:f8:db:93:d9:c6:67
Signer