6508719812e065c2c16d70e48794c55d

Sharing

Copy URL Twitter E-mail

General

Target

6508719812e065c2c16d70e48794c55d
Size

207KB
MD5

6508719812e065c2c16d70e48794c55d
SHA1

d146de6a89b817d7e0fb55fc7aeac5ffe8807cae
SHA256

31f0c042f8f40ce5e3b810e1c42ac17bf2297b3f9fd71ceb80ca2a00f05822d5
SHA512

f4a12f7ba7b52cd482efb5d06f9b0de51cace1e35c3b14815969ef831fc5bee6c90beb33a8119f54bb36b5ad93fdece41562d9ac4ec3d11406544a8d6f215483
SSDEEP

6144:X2Wj1EBWT1Fi9Lm7XzgFWdFD+0XBt6HPdq10:X2W5EBWT1Y9LwcFWd1+0Rt+q10

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Omega dll Injector.exe
unpack001/PCF-Unrealboard.dll

Files

6508719812e065c2c16d70e48794c55d
.rar
Omega dll Injector.exe
.exe windows:4 windows x86 arch:x86

8b2ac62e6d86efbc6fd750f83e7f72dc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
ExitProcess
RaiseException
HeapReAlloc
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
lstrlenA
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
VirtualAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
InterlockedDecrement
GetVersionExW
FormatMessageW
LocalFree
MulDiv
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
GlobalUnlock
GlobalFree
FreeResource
lstrlenW
WritePrivateProfileStringW
GetCurrentProcessId
GetLastError
SetLastError
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameW
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
WideCharToMultiByte
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GetModuleHandleW
GetModuleHandleA
GetProcAddress
FindResourceW
SuspendThread
Thread32Next
LoadResource
OpenProcess
ResumeThread
LockResource
OpenThread
SizeofResource
Thread32First
Sleep
Process32NextW
CreateToolhelp32Snapshot
MultiByteToWideChar
CloseHandle
CreateRemoteThread
WriteProcessMemory
GetExitCodeProcess
HeapCreate
VirtualAllocEx

user32

LoadCursorW
GetSysColorBrush
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ShowWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
UnregisterClassW
GetDlgItem
GetNextDlgTabItem
DestroyMenu
SetFocus
EndDialog
GetWindowThreadProcessId
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
MessageBoxW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
PostMessageW
PostQuitMessage
LoadIconW
SendMessageW
EnableWindow
DrawIcon
KillTimer
GetClientRect
SetTimer
GetSystemMetrics
IsIconic
UpdateWindow
UnregisterClassA

gdi32

DeleteDC
GetStockObject
RectVisible
GetDeviceCaps
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
CreateBitmap
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox
TextOutW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathFindExtensionW

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PCF-Unrealboard.dll
.dll windows:5 windows x86 arch:x86

7b4953b5fc7b60cf9b53646f417287f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
Sleep
CreateThread
GetModuleHandleA
GetLastError
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
IsBadReadPtr

user32

wsprintfA
GetKeyState

advapi32

CryptAcquireContextA
CryptCreateHash
CryptGetHashParam
CryptHashData

shell32

ShellExecuteA

winhttp

WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
WinHttpSendRequest
WinHttpConnect

iphlpapi

GetAdaptersInfo

msvcr90

memset
_except_handler4_common
mbstowcs
free
malloc
printf
??2@YAPAXI@Z
srand
_time64
sprintf
??3@YAXPAX@Z
strtoul
rand
strtol
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
__CxxFrameHandler3

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.v-lizer
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8b2ac62e6d86efbc6fd750f83e7f72dc

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

shlwapi

oleaut32

Sections

.text Size: 148KB - Virtual size: 145KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 12KB - Virtual size: 28KB

.rsrc Size: 24KB - Virtual size: 20KB

7b4953b5fc7b60cf9b53646f417287f0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

winhttp

iphlpapi

msvcr90

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 928B

.rsrc Size: 1024B - Virtual size: 688B

.v-lizer Size: 125KB - Virtual size: 125KB

.text
Size: 148KB - Virtual size: 145KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 24KB - Virtual size: 20KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 928B

.rsrc
Size: 1024B - Virtual size: 688B

.v-lizer
Size: 125KB - Virtual size: 125KB