68d7af54e7174ca6e7248979cfd653e10c7ea81eeb03246b896725ca4695b3a8[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

68d7af54e7174ca6e7248979cfd653e10c7ea81eeb03246b896725ca4695b3a8.zip.zip
Size

723KB
MD5

34464fdb767a6bdbc37e29732a671954
SHA1

85576721f14f6a12799039b7737eb9bc6b8d14f3
SHA256

8f845e602fdd51faa954a3f652279fd591c9047f31a256835cd714cb2f30efcd
SHA512

c2874a4f4f245b5213448c5ca00380168b9def8b87826d4f00ac39643dc8082c905ae54dc2d7c3e61a59cd2c1217908f8371a5ab9390777a3680b3aa5fbc480e
SSDEEP

12288:kta9TZorUgAi/Otbbkyj8VekmbYG4yYWONAVrq/TNwwwrBBWfW6JDx:kW9orUgAQCbQq8VeFUG32mV+pwwEctx

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Files

68d7af54e7174ca6e7248979cfd653e10c7ea81eeb03246b896725ca4695b3a8.zip.zip
.zip

Password: infected
68d7af54e7174ca6e7248979cfd653e10c7ea81eeb03246b896725ca4695b3a8.zip
.zip
USBDriver/Platinum USB Driver Installation Guide.pdf
.pdf
- http://OmegaVCP.cat
USBDriver/driver/OmegaUSBx64.EXE
.exe windows:6 windows x64

013c74198fc6e42dcf33737d6c40c012

Code Sign

0d:1d:c2:3d:50:2b:16:70:f6:97:4f:98:21:af:df:6f
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/03/2015, 00:00

Not After

30/05/2018, 12:00

Subject

CN=Omega Engineering\, Inc.,O=Omega Engineering\, Inc.,L=Santa Ana,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

63:f7:4a:bd:a8:00:94:5e:83:ed:df:e7:c2:9d:f8:db:93:d9:c6:67
Signer

Actual PE Digest

63:f7:4a:bd:a8:00:94:5e:83:ed:df:e7:c2:9d:f8:db:93:d9:c6:67

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

OpenProcessToken
GetTokenInformation
RegSetValueExA
EqualSid
RegQueryValueExA
LookupPrivilegeValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegDeleteValueA
AllocateAndInitializeSid
FreeSid
AdjustTokenPrivileges
RegCloseKey

kernel32

GetPrivateProfileIntA
GetFileAttributesA
IsDBCSLeadByte
GetSystemDirectoryA
GlobalUnlock
GetShortPathNameA
CreateDirectoryA
FindFirstFileA
GetLastError
GetProcAddress
RemoveDirectoryA
SetFileAttributesA
GlobalFree
FindClose
GetPrivateProfileStringA
LoadLibraryA
LocalAlloc
WritePrivateProfileStringA
GetModuleFileNameA
FindNextFileA
CompareStringA
_lopen
CloseHandle
LocalFree
DeleteFileA
ExitProcess
DosDateTimeToFileTime
CreateFileA
FindResourceA
SetFilePointer
GlobalAlloc
ExpandEnvironmentStringsA
WaitForSingleObject
SetEvent
GetModuleHandleW
FormatMessageA
SetFileTime
WriteFile
GetDriveTypeA
GetVolumeInformationA
TerminateThread
SizeofResource
CreateEventA
GetExitCodeProcess
CreateProcessA
ReadFile
SetCurrentDirectoryA
_llseek
ResetEvent
LockResource
GetSystemInfo
LoadLibraryExA
CreateMutexA
GetCurrentDirectoryA
GetVersionExA
GetVersion
GetTempPathA
CreateThread
LocalFileTimeToFileTime
Sleep
FreeResource
GetWindowsDirectoryA
lstrcmpA
_lclose
GlobalLock
GetCurrentProcess
LoadResource
FreeLibrary
GetStartupInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
EnumResourceLanguagesA
MulDiv
GetDiskFreeSpaceA
GetTempFileNameA

gdi32

GetDeviceCaps

user32

SetForegroundWindow
MsgWaitForMultipleObjects
SendDlgItemMessageA
GetWindowLongPtrA
GetWindowRect
GetDC
MessageBoxA
PeekMessageA
ReleaseDC
GetDlgItem
SetWindowPos
ShowWindow
SetWindowLongPtrA
DispatchMessageA
SetWindowTextA
EnableWindow
CallWindowProcA
DialogBoxIndirectParamA
GetDlgItemTextA
LoadStringA
MessageBeep
CharUpperA
CharNextA
ExitWindowsEx
CharPrevA
EndDialog
GetDesktopWindow
SetDlgItemTextA
SendMessageA
GetSystemMetrics

msvcrt

?terminate@@YAXXZ
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
memset
memcpy
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_errno
_vsnprintf
_commode

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
USBDriver/driver/OmegaUSBx86.EXE
.exe windows:6 windows x86

bc70c4fa605f17c85050b7c7b6d42e44

Code Sign

0d:1d:c2:3d:50:2b:16:70:f6:97:4f:98:21:af:df:6f
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/03/2015, 00:00

Not After

30/05/2018, 12:00

Subject

CN=Omega Engineering\, Inc.,O=Omega Engineering\, Inc.,L=Santa Ana,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:1f:c6:f9:2a:2c:52:af:c5:03:ab:94:d7:01:7e:dc:52:45:b2:79
Signer

Actual PE Digest

29:1f:c6:f9:2a:2c:52:af:c5:03:ab:94:d7:01:7e:dc:52:45:b2:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenProcessToken
GetTokenInformation
RegSetValueExA
EqualSid
RegQueryValueExA
LookupPrivilegeValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegDeleteValueA
AllocateAndInitializeSid
FreeSid
AdjustTokenPrivileges
RegCloseKey

kernel32

GetPrivateProfileIntA
GetFileAttributesA
IsDBCSLeadByte
GetSystemDirectoryA
GlobalUnlock
GetShortPathNameA
CreateDirectoryA
FindFirstFileA
GetLastError
GetProcAddress
RemoveDirectoryA
SetFileAttributesA
GlobalFree
FindClose
GetPrivateProfileStringA
LoadLibraryA
LocalAlloc
WritePrivateProfileStringA
GetModuleFileNameA
FindNextFileA
CompareStringA
_lopen
CloseHandle
LocalFree
DeleteFileA
ExitProcess
DosDateTimeToFileTime
CreateFileA
FindResourceA
GlobalAlloc
ExpandEnvironmentStringsA
LoadResource
WaitForSingleObject
SetEvent
GetModuleHandleW
FormatMessageA
SetFileTime
WriteFile
GetDriveTypeA
GetVolumeInformationA
TerminateThread
SizeofResource
CreateEventA
GetExitCodeProcess
CreateProcessA
_llseek
SetCurrentDirectoryA
GetTempFileNameA
ResetEvent
LockResource
GetSystemInfo
LoadLibraryExA
CreateMutexA
GetCurrentDirectoryA
GetVersionExA
GetVersion
GetTempPathA
CreateThread
LocalFileTimeToFileTime
SetFilePointer
GetWindowsDirectoryA
lstrcmpA
_lclose
GlobalLock
GetCurrentProcess
FreeResource
FreeLibrary
Sleep
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
RtlUnwind
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
EnumResourceLanguagesA
MulDiv
GetDiskFreeSpaceA
ReadFile

gdi32

GetDeviceCaps

user32

GetDC
SendMessageA
SetForegroundWindow
MsgWaitForMultipleObjects
SendDlgItemMessageA
GetWindowRect
MessageBoxA
GetWindowLongA
PeekMessageA
ReleaseDC
GetDlgItem
SetWindowPos
ShowWindow
DispatchMessageA
SetWindowTextA
EnableWindow
CallWindowProcA
DialogBoxIndirectParamA
GetDlgItemTextA
LoadStringA
MessageBeep
CharUpperA
CharNextA
ExitWindowsEx
CharPrevA
EndDialog
GetDesktopWindow
SetDlgItemTextA
SetWindowLongA
GetSystemMetrics

msvcrt

memset
?terminate@@YAXXZ
_controlfp
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_acmdln
_initterm
_amsg_exit
__p__commode
_XcptFilter
_errno
_vsnprintf
__setusermatherr

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
USBDriver/driver/OmegaVCP.inf
USBDriver/driver/omegavcp.cat

Sharing

General

Malware Config

Signatures

Files

Password: infected

013c74198fc6e42dcf33737d6c40c012

Code Sign

0d:1d:c2:3d:50:2b:16:70:f6:97:4f:98:21:af:df:6fCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

63:f7:4a:bd:a8:00:94:5e:83:ed:df:e7:c2:9d:f8:db:93:d9:c6:67Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

cabinet

version

Sections

.text Size: 32KB - Virtual size: 31KB

.data Size: 512B - Virtual size: 7KB

.pdata Size: 1KB - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 115KB - Virtual size: 116KB

.reloc Size: 1024B - Virtual size: 516B

bc70c4fa605f17c85050b7c7b6d42e44

Code Sign

0d:1d:c2:3d:50:2b:16:70:f6:97:4f:98:21:af:df:6fCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

29:1f:c6:f9:2a:2c:52:af:c5:03:ab:94:d7:01:7e:dc:52:45:b2:79Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

cabinet

version

Sections

.text Size: 26KB - Virtual size: 26KB

.data Size: 1024B - Virtual size: 6KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 115KB - Virtual size: 116KB

.reloc Size: 2KB - Virtual size: 2KB

0d:1d:c2:3d:50:2b:16:70:f6:97:4f:98:21:af:df:6f
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

63:f7:4a:bd:a8:00:94:5e:83:ed:df:e7:c2:9d:f8:db:93:d9:c6:67
Signer

.text
Size: 32KB - Virtual size: 31KB

.data
Size: 512B - Virtual size: 7KB

.pdata
Size: 1KB - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 115KB - Virtual size: 116KB

.reloc
Size: 1024B - Virtual size: 516B

0d:1d:c2:3d:50:2b:16:70:f6:97:4f:98:21:af:df:6f
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

29:1f:c6:f9:2a:2c:52:af:c5:03:ab:94:d7:01:7e:dc:52:45:b2:79
Signer

.text
Size: 26KB - Virtual size: 26KB

.data
Size: 1024B - Virtual size: 6KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 115KB - Virtual size: 116KB

.reloc
Size: 2KB - Virtual size: 2KB