omen[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

omen.exe
Size

5.8MB
MD5

4f601eec7fa9c16c090a0ae1b963cf51
SHA1

4058addcde1272e856000354fccc1cf16b865490
SHA256

f9a8f1ea9406ee62b50bc14875827576d710f58cccc189272258bc2bec9eff37
SHA512

12b5b5f986c1de9812a81fd495bbb1c38d39420569a4028ab94d70ab8f9ee27164f81603d4ac9ffb53b3984930308d4481f3ee0cc94967fc3a9dfd461ad979f3
SSDEEP

98304:mUSWJ5MBGcuSwR58LUITad1isVKtXIeaw7wJCbw8q985fAD2YQqTiaO2k4TV:m8J5MBGcuv8LnS1iYKxB0JkxqO5YD2ER

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
omen.exe

Files

omen.exe
.exe windows:6 windows x64 arch:x64

0e5e0aa373a0d0c47b34d2361c73403f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExA

shell32

SHGetIconOverlayIndexA

kernel32

GetModuleHandleA

advapi32

RegOpenKeyExW

Sections

.pexe
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE

.pdata
Size: - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE