OmegaX[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

OmegaX.zip
Size

5.5MB
MD5

8f1d96eac987e4873e4f3a38d45aa080
SHA1

21d35cb22aa42dd3a9e3a2463ba890a7bd58c26a
SHA256

50a16d5e07f5877c21f7a924941bd042211fd2cd869a0d7b69b1c7e1b13c66e8
SHA512

3bd2b3e54592d892945ba7f7e9a6a3ec6e42220e0eb2f21bf9542ad235ca1bae876d90fc6184c8c0815ffd5921773b284112b9874602b4110ae182470963995d
SSDEEP

98304:gz5C+lYyL/YkFGL87H8mwFBcQ3I0z/xt3XG9yRn0payfik47kHN0Zuhp22OQpLAX:gw4YyLQk8L87HkFOQ3I0bx1XG9yHxyNY

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
static1/unpack001/OmegaX/OmegaX.exe	net_reactor

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/OmegaX/ICSharpCode.AvalonEdit.dll
unpack001/OmegaX/OmegaBytecode.dll
unpack001/OmegaX/OmegaX.exe

Files

OmegaX.zip
.zip
OmegaX/Bin/Lua.xshd
.xml
OmegaX/ICSharpCode.AvalonEdit.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\avalonedit\ICSharpCode.AvalonEdit\obj\Release\net45\ICSharpCode.AvalonEdit.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 596KB - Virtual size: 595KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OmegaX/OmegaBytecode.dll
.dll windows:6 windows x86 arch:x86

d5e83d1f43ffcd9b1ba5dade15d6b93c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

recv

crypt32

CertEnumCertificatesInStore

wldap32

ord217

normaliz

IdnToAscii

advapi32

CryptAcquireContextA

shell32

ShellExecuteA

d3dcompiler_47

D3DCompile

shlwapi

PathFindExtensionA

user32

GetCapture
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

kernel32

GetVersionExW
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

imm32

ImmGetContext

xinput1_4

ord4

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idev0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idev1
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 422B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OmegaX/OmegaX.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

omega.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 851KB - Virtual size: 850KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 596KB - Virtual size: 595KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

d5e83d1f43ffcd9b1ba5dade15d6b93c

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

wldap32

normaliz

advapi32

shell32

d3dcompiler_47

shlwapi

user32

kernel32

imm32

xinput1_4

wtsapi32

Sections

.text Size: - Virtual size: 1.1MB

.rdata Size: - Virtual size: 234KB

.data Size: - Virtual size: 28KB

.detourc Size: - Virtual size: 4KB

.detourd Size: - Virtual size: 12B

.idev0 Size: - Virtual size: 2.4MB

.idev1 Size: 4.6MB - Virtual size: 4.6MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 422B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 851KB - Virtual size: 850KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 596KB - Virtual size: 595KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 1.1MB

.rdata
Size: - Virtual size: 234KB

.data
Size: - Virtual size: 28KB

.detourc
Size: - Virtual size: 4KB

.detourd
Size: - Virtual size: 12B

.idev0
Size: - Virtual size: 2.4MB

.idev1
Size: 4.6MB - Virtual size: 4.6MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 422B

.text
Size: 851KB - Virtual size: 850KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 12B