Omsi-Helpmaker[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Omsi-Helpmaker.exe
Size

730KB
MD5

c56b9aa79696af27ff7a7f292c83d467
SHA1

b80426b6232e1d0b6c02cedfd6b0fac957f6f235
SHA256

f63accff4b3acd8372ae9a25fd22e8fdc523bb9826f26a4e3457d487db55b139
SHA512

a4ed8806af5dfc12031f72f8228a48ff54173206f9199e55a8f70f06a2deafacdd2eea67109a65d3a914c406bfe1f96cb79aab01a3594938dadafa34f4a4948a
SSDEEP

12288:2CfqOhudwkWmrC2R3pwx9HiJRcLbYWwXPKD2bSgSPTbfobbTs9l:aQlmXux9HuBlK7gS3oPT4l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Omsi-Helpmaker.exe

Files

Omsi-Helpmaker.exe
.exe windows:4 windows x86 arch:x86

829c4ab4d4c38f3893d63de997983f42

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
memcpy
wcsstr
_wcsicmp
setlocale
swscanf
_wcsnicmp
wcsncmp
wcsncpy
_wcsdup
free
_isnan
memmove
wcslen
wcscpy
wcscat
wcscmp
strlen
strcpy
strcat
memcmp
floor
ceil
_CIacos
_CIfmod
tolower
_wfopen
longjmp
_setjmp3
fclose
_itow
localtime
mktime
gmtime
_wtoi
fmod
sin
cos
abs
fabs
malloc
pow
__p__iob
fprintf
frexp
modf
_CIpow
fwrite
fflush
_vsnwprintf

kernel32

GetModuleHandleW
HeapCreate
HeapDestroy
ExitProcess
GetTimeZoneInformation
GetLocaleInfoW
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
CreateThread
WideCharToMultiByte
HeapFree
HeapAlloc
HeapReAlloc
Sleep
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameW
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
CreateProcessW
CreateFileW
SetFilePointer
SetEndOfFile
WriteFile
GetFileSize
ReadFile
MultiByteToWideChar
TerminateProcess
SetUnhandledExceptionFilter
GetVersionExA
DeleteFileW
GetVersionExW
LoadLibraryA
SetLastError
MulDiv
CreateDirectoryW
GetDriveTypeW
FindFirstFileW
FindClose
GetFileAttributesW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLastError
FindNextFileW
GetTempPathW
GetLocalTime
TlsAlloc
TlsSetValue
DeleteCriticalSection
lstrlenA

user32

LoadIconW
GetCursorPos
MapWindowPoints
SendMessageW
EnableWindow
GetWindowLongW
SetWindowLongW
CharLowerW
CharUpperW
GetPropW
RemovePropW
FillRect
GetIconInfo
DrawStateW
GetParent
GetClientRect
InvalidateRect
CallWindowProcW
SetPropW
DestroyWindow
ShowWindow
GetWindowRect
IsZoomed
GetWindowLongA
SendMessageA
MoveWindow
DefWindowProcW
GetWindowTextLengthW
GetWindowTextW
UnregisterClassW
LoadCursorW
RegisterClassExW
IsWindowEnabled
GetSystemMetrics
CreateWindowExW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
MessageBoxW
PostMessageW
GetWindowThreadProcessId
IsWindowVisible
GetForegroundWindow
EnumWindows
SetWindowPos
ScreenToClient
RedrawWindow
UpdateWindow
ReleaseCapture
BeginPaint
EndPaint
SetCapture
GetSysColor
GetSysColorBrush
SetWindowTextW
GetDC
InflateRect
ReleaseDC
GetWindowDC
ValidateRect
GetWindow
GetFocus
GetClassNameW
DrawFocusRect
GetKeyState
GetMessagePos
ClipCursor
SetCursor
SetClassLongW
GetScrollPos
SetScrollInfo
SetScrollPos
GetScrollRange
PeekMessageW
DrawFrameControl
EnumPropsExW
SetActiveWindow
RegisterClassW
AdjustWindowRectEx
GetActiveWindow
MsgWaitForMultipleObjects
GetMenu
IsIconic
EnumChildWindows
DefFrameProcW
IsChild
SetCursorPos
LoadImageW
SystemParametersInfoW
DefWindowProcA
RegisterClassA
CreateWindowExA
RegisterWindowMessageA
DrawIconEx
DestroyIcon

gdi32

GetFontData
CreateDCW
SelectObject
GetTextFaceW
DeleteDC
GetObjectType
GetObjectW
DeleteObject
IntersectClipRect
GetStockObject
SetBkColor
SetTextColor
ExcludeClipRect
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateDIBSection
GdiSetBatchLimit
GdiGetBatchLimit
StretchBlt
GetObjectA
CreateSolidBrush
GetDeviceCaps
CreateFontW
GetTextExtentPoint32W
SetBkMode
SetTextAlign
TextOutW
SetStretchBltMode
SetBrushOrgEx
GetDIBits
GetPixel
CreateFontIndirectW
GetTextMetricsW
CreateBitmap
SetPixel

comdlg32

ChooseColorW

comctl32

CreateStatusWindowW
InitCommonControlsEx
_TrackMouseEvent
ImageList_Destroy
ImageList_Remove
ImageList_AddMasked
ImageList_Create
ImageList_Add
ImageList_ReplaceIcon
ImageList_GetIconSize

ole32

CoInitialize
CoTaskMemFree
RevokeDragDrop

shell32

ShellExecuteExW

Sections

.code
Size: 489KB - Virtual size: 488KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

829c4ab4d4c38f3893d63de997983f42

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

comdlg32

comctl32

ole32

shell32

Sections

.code Size: 489KB - Virtual size: 488KB

.text Size: 184KB - Virtual size: 184KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 30KB - Virtual size: 34KB

.rsrc Size: 1024B - Virtual size: 700B

.code
Size: 489KB - Virtual size: 488KB

.text
Size: 184KB - Virtual size: 184KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 30KB - Virtual size: 34KB

.rsrc
Size: 1024B - Virtual size: 700B