mowas_2[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

mowas_2.exe
Size

12.6MB
MD5

c8dc777b9988f0941ac1f5aa2b3bfa6c
SHA1

a770326e0862090fcd0367c8770b512004ea4435
SHA256

b804b5c7adf2ea2c3d673964770d2c41750d2f332388162aa58a0aac399d6c1f
SHA512

245ef041785697d89c5fe263d8bc48b7a10e216d35fd80eec7712d273255a77bb00c53fcfcd6aa3ff4beb9daece3546b020bde12566051a7c251fccedd348c21
SSDEEP

196608:SqJs90PCLYqECzAd7ud/n0mCTMLI5HFIEAbVw5uKiv:Q0kYqEq67ud/n0mjLWH6e5uKiv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
mowas_2.exe

Files

mowas_2.exe
.exe windows x86

03ab8b60ca76a1d8fe50851ee86b80e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

ImageNtHeader

iphlpapi

GetIfEntry
GetAdaptersInfo
GetBestInterface

steam_api

SteamAPI_RunCallbacks
SteamController
SteamAPI_Init
SteamAPI_Shutdown
SteamHTTP
SteamUGC
SteamRemoteStorage
SteamUserStats
SteamAPI_SetMiniDumpComment
SteamAPI_WriteMiniDump
SteamApps
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamGameServerNetworking
SteamGameServer
SteamGameServer_Init
SteamNetworking
SteamAPI_UnregisterCallback
SteamAPI_RegisterCallback
SteamHTMLSurface
SteamUser
SteamAPI_IsSteamRunning
SteamInventory
SteamUtils
SteamFriends
SteamAPI_RegisterCallResult
SteamMatchmaking
SteamAPI_UnregisterCallResult

kernel32

GetTimeFormatW
GetDateFormatW
GetCurrentThread
GetACP
HeapFree
HeapReAlloc
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CloseHandle
RaiseException
GetLastError
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
Sleep
GetCurrentThreadId
SetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
QueryPerformanceCounter
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalAlloc
GlobalLock
GlobalUnlock
OutputDebugStringA
OutputDebugStringW
VirtualAlloc
VirtualFree
HeapSetInformation
MultiByteToWideChar
GetCPInfoExW
GetLocaleInfoA
GetUserDefaultLCID
DosDateTimeToFileTime
CreateFileA
CreateFileW
ReadFile
SetFilePointer
WriteFile
TerminateThread
DeleteFileW
GetCurrentProcess
GetCurrentProcessId
GetLocalTime
IsWow64Process
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentDirectoryW
GetModuleFileNameW
CreateThread
DebugBreak
FormatMessageW
GetModuleFileNameA
LoadLibraryExA
FormatMessageA
CompareFileTime
GetTempPathW
ReleaseSemaphore
SetStdHandle
SetUnhandledExceptionFilter
ExitProcess
TerminateProcess
SwitchToThread
QueryPerformanceFrequency
GetSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetTimeZoneInformation
GetFileAttributesW
IsValidLocale
GetFileTime
SetFileTime
GetFileSize
CreateDirectoryW
FindClose
FindFirstFileW
FindNextFileW
GetTempFileNameW
RemoveDirectoryW
CopyFileExW
MoveFileExW
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
SetFileAttributesW
GetCommandLineW
MapViewOfFile
GetTickCount
SetThreadAffinityMask
FlushFileBuffers
SetEndOfFile
EncodePointer
DecodePointer
WideCharToMultiByte
SetLastError
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
WaitForSingleObjectEx
InitializeSListHead
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
GetStdHandle
GetCurrentDirectoryA
GetFullPathNameA
GetFullPathNameW
DuplicateHandle
GetVersionExA
IsValidCodePage
IsDBCSLeadByteEx
LoadLibraryA
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
LoadLibraryExW
VirtualQuery
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetProcessHeap
GetFileType
SetFilePointerEx
CreateProcessA
CreateProcessW
SetConsoleCtrlHandler
GetExitCodeProcess
ReadConsoleW
GetConsoleCP
CreatePipe
WriteConsoleW
FindFirstFileExA
FindFirstFileExW
FindNextFileA
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
EnumSystemLocalesW
HeapSize
GetFileSizeEx
HeapQueryInformation
CreateSemaphoreW
GetFileAttributesExW

user32

ShowCursor
MapWindowPoints
WindowFromPoint
PtInRect
DestroyIcon
CreateIconIndirect
IsCharAlphaW
GetCapture
mouse_event
IsCharAlphaNumericW
EnableWindow
ReleaseDC
EndDialog
KillTimer
SetTimer
MessageBoxW
GetForegroundWindow
IsWindow
LoadImageW
FillRect
SetCursor
InvalidateRect
EndPaint
BeginPaint
GetDlgItem
GetDC
GetSystemMetrics
IsIconic
PostMessageW
RegisterRawInputDevices
GetRawInputData
MonitorFromWindow
MonitorFromRect
SystemParametersInfoW
EnumDisplaySettingsW
LoadIconW
SetWindowLongW
GetWindowLongW
ScreenToClient
AdjustWindowRect
SetWindowTextW
SetForegroundWindow
UpdateWindow
SetFocus
SetWindowPos
FlashWindowEx
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassW
PostQuitMessage
DefWindowProcW
UnregisterHotKey
RegisterHotKey
DispatchMessageW
TranslateMessage
GetMessageW
GetKeyboardLayout
GetKeyboardLayoutNameA
SetRect
ClientToScreen
ClipCursor
GetCursorPos
SetCursorPos
GetClientRect
MapVirtualKeyW
GetMonitorInfoW
SendMessageW
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
GetDoubleClickTime

gdi32

CreateSolidBrush
CreateBitmap
CreateCompatibleDC
BitBlt
DeleteDC
DeleteObject
SelectObject
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
GetObjectW
TextOutW
CreateDIBSection
GetCurrentObject
GetDIBits

shell32

ShellExecuteW

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoCreateGuid
PropVariantClear

mss32

_AIL_set_sample_address@12
_AIL_set_sample_processor@12
_AIL_mem_free_lock@4
_AIL_mem_alloc_lock_info@12
_RIB_find_file_provider@12
_AIL_load_sample_buffer@16
_AIL_sample_buffer_available@4
_AIL_set_sample_buffer_count@8
_AIL_minimum_sample_buffer_size@12
_AIL_stop_sample@4
_AIL_init_sample@8
_AIL_set_listener_3D_orientation@28
_AIL_set_listener_3D_position@16
_AIL_set_3D_distance_factor@8
_AIL_set_3D_rolloff_factor@8
_AIL_set_file_callbacks@16
_AIL_set_redist_directory@4
_AIL_close_digital_driver@4
_AIL_open_digital_driver@16
_AIL_last_error@0
_AIL_shutdown@0
_AIL_startup@0
_AIL_output_filter_driver_property@20
_AIL_set_sample_3D_position@16
_AIL_set_sample_3D_distances@16
_AIL_WAV_info@8
_AIL_sample_ms_position@12
_AIL_sample_position@4
_AIL_sample_status@4
_AIL_set_sample_loop_count@8
_AIL_set_sample_low_pass_cut_off@12
_AIL_set_sample_playback_rate_factor@8
_AIL_set_sample_playback_rate@8
_AIL_end_sample@4
_AIL_start_sample@4
_AIL_set_sample_info@8
_AIL_release_sample_handle@4
_AIL_allocate_sample_handle@4
_AIL_stream_position@4
_AIL_set_stream_position@8
_AIL_stream_status@4
_AIL_set_stream_loop_count@8
_AIL_pause_stream@8
_AIL_start_stream@4
_AIL_stream_sample_handle@4
_AIL_close_stream@4
_AIL_open_stream@12
_AIL_set_sample_volume_levels@12

xvidcore

xvid_decore
xvid_global

icuuc56

?getBuffer@UnicodeString@icu_56@@QAEPA_WH@Z
?releaseBuffer@UnicodeString@icu_56@@QAEXH@Z
?getBuffer@UnicodeString@icu_56@@QBEPB_WXZ
?getTerminatedBuffer@UnicodeString@icu_56@@QAEPB_WXZ
??0UnicodeString@icu_56@@QAE@XZ
??0UnicodeString@icu_56@@QAE@PBDHPAUUConverter@@AAW4UErrorCode@@@Z
??1UnicodeString@icu_56@@UAE@XZ
?getEnglish@Locale@icu_56@@SAABV12@XZ
?setDefault@Locale@icu_56@@SAXABV12@AAW4UErrorCode@@@Z
?getName@Locale@icu_56@@QBEPBDXZ
u_init_56
ucnv_open_56
ucnv_close_56
ucnv_reset_56
ucnv_getMaxCharSize_56
ucnv_fromUChars_56
ucnv_getNextUChar_56
?Flush@ByteSink@icu_56@@UAEXXZ
?GetAppendBuffer@ByteSink@icu_56@@UAEPADHHPADHPAH@Z
?compare@UnicodeString@icu_56@@QBECHHABV12@@Z
u_isprint_56
u_errorName_56
u_strlen_56
?startsWith@UnicodeString@icu_56@@QBECABV12@@Z
?endsWith@UnicodeString@icu_56@@QBECABV12@@Z
?indexOf@UnicodeString@icu_56@@QBEHABV12@@Z
?indexOf@UnicodeString@icu_56@@QBEHABV12@H@Z
?indexOf@UnicodeString@icu_56@@QBEHABV12@HH@Z
?indexOf@UnicodeString@icu_56@@QBEHABV12@HHHH@Z
?indexOf@UnicodeString@icu_56@@QBEHPB_WHH@Z
?indexOf@UnicodeString@icu_56@@QBEHPB_WHHH@Z
?remove@UnicodeString@icu_56@@QAEAAV12@XZ
?setTo@UnicodeString@icu_56@@QAEAAV12@ABV12@@Z
?indexOf@UnicodeString@icu_56@@QBEH_WH@Z
?lastIndexOf@UnicodeString@icu_56@@QBEHABV12@@Z
?charAt@UnicodeString@icu_56@@QBE_WH@Z
?tempSubString@UnicodeString@icu_56@@QBE?AV12@HH@Z
?tempSubStringBetween@UnicodeString@icu_56@@QBE?AV12@HH@Z
??4UnicodeString@icu_56@@QAEAAV01@ABV01@@Z
?fastCopyFrom@UnicodeString@icu_56@@QAEAAV12@ABV12@@Z
?setTo@UnicodeString@icu_56@@QAEAAV12@PB_WH@Z
?append@UnicodeString@icu_56@@QAEAAV12@ABV12@@Z
?append@UnicodeString@icu_56@@QAEAAV12@PB_WH@Z
?append@UnicodeString@icu_56@@QAEAAV12@_W@Z
?append@UnicodeString@icu_56@@QAEAAV12@H@Z
?insert@UnicodeString@icu_56@@QAEAAV12@HPB_WH@Z
?insert@UnicodeString@icu_56@@QAEAAV12@H_W@Z
?insert@UnicodeString@icu_56@@QAEAAV12@HH@Z
?findAndReplace@UnicodeString@icu_56@@QAEAAV12@ABV12@0@Z
?truncate@UnicodeString@icu_56@@QAECH@Z
?trim@UnicodeString@icu_56@@QAEAAV12@XZ
?reverse@UnicodeString@icu_56@@QAEAAV12@XZ
?toUpper@UnicodeString@icu_56@@QAEAAV12@XZ
?toLower@UnicodeString@icu_56@@QAEAAV12@XZ
??0UnicodeString@icu_56@@QAE@HHH@Z
??0UnicodeString@icu_56@@QAE@PB_W@Z
?setToEnd@CharacterIterator@icu_56@@QAEHXZ
?endIndex@CharacterIterator@icu_56@@QBEHXZ
?getIndex@CharacterIterator@icu_56@@QBEHXZ
??0StringCharacterIterator@icu_56@@QAE@ABVUnicodeString@1@@Z
??1StringCharacterIterator@icu_56@@UAE@XZ
?remove@UnicodeString@icu_56@@QAEAAV12@HH@Z
?indexOf@UnicodeString@icu_56@@QBEH_W@Z
?setToBogus@UnicodeString@icu_56@@QAEXXZ
?getCapacity@UnicodeString@icu_56@@QBEHXZ
?isEmpty@UnicodeString@icu_56@@QBECXZ
?indexOf@UnicodeString@icu_56@@QBEHH@Z
?isBogus@UnicodeString@icu_56@@QBECXZ
?length@UnicodeString@icu_56@@QBEHXZ
?toUTF32@UnicodeString@icu_56@@QBEHPAHHAAW4UErrorCode@@@Z
?toUTF8@UnicodeString@icu_56@@QBEXAAVByteSink@2@@Z
ucasemap_utf8ToUpper_56
ucasemap_utf8ToLower_56
ucasemap_close_56
ucasemap_open_56
u_strFromUTF32WithSub_56
u_strToUTF32WithSub_56
u_strFromUTF8WithSub_56
u_strToUTF8WithSub_56
u_strFromWCS_56
u_strToWCS_56
??1ByteSink@icu_56@@UAE@XZ
??0ByteSink@icu_56@@QAE@XZ
??3UMemory@icu_56@@SAXPAX@Z
utf8_nextCharSafeBody_56
?createLineInstance@BreakIterator@icu_56@@SAPAV12@ABVLocale@2@AAW4UErrorCode@@@Z
?createWordInstance@BreakIterator@icu_56@@SAPAV12@ABVLocale@2@AAW4UErrorCode@@@Z
?getDefault@Locale@icu_56@@SAABV12@XZ
??1Locale@icu_56@@UAE@XZ
??0Locale@icu_56@@QAE@ABV01@@Z
?compare@UnicodeString@icu_56@@QBECABV12@@Z
??8UnicodeString@icu_56@@QBECABV01@@Z

icuin56

?createInstance@Collator@icu_56@@SAPAV12@ABVLocale@2@AAW4UErrorCode@@@Z

d3d11

D3D11CreateDeviceAndSwapChain

dxgi

CreateDXGIFactory

d3dcompiler_47

D3DCompile

ws2_32

inet_pton
getaddrinfo
socket
setsockopt
sendto
select
recvfrom
ioctlsocket
closesocket
bind
inet_ntop
WSAGetLastError
WSACleanup
WSAStartup
ntohs
htons
htonl
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSACreateEvent
WSACloseEvent

vcomp140

_vcomp_fork
_vcomp_for_static_simple_init
_vcomp_for_static_end

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 9.5MB - Virtual size: 9.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 422KB - Virtual size: 768KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gem
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 578KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bind
Size: 138KB - Virtual size: 140KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03ab8b60ca76a1d8fe50851ee86b80e7

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

iphlpapi

steam_api

kernel32

user32

gdi32

shell32

ole32

mss32

xvidcore

icuuc56

icuin56

d3d11

dxgi

d3dcompiler_47

ws2_32

vcomp140

advapi32

Sections

.text Size: 9.5MB - Virtual size: 9.5MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 422KB - Virtual size: 768KB

.gem Size: 2KB - Virtual size: 4KB

.tls Size: 21KB - Virtual size: 24KB

.gfids Size: 2KB - Virtual size: 4KB

.rsrc Size: 320KB - Virtual size: 320KB

.reloc Size: 578KB - Virtual size: 580KB

.bind Size: 138KB - Virtual size: 140KB

.text
Size: 9.5MB - Virtual size: 9.5MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 422KB - Virtual size: 768KB

.gem
Size: 2KB - Virtual size: 4KB

.tls
Size: 21KB - Virtual size: 24KB

.gfids
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 320KB - Virtual size: 320KB

.reloc
Size: 578KB - Virtual size: 580KB

.bind
Size: 138KB - Virtual size: 140KB