owfs2http[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

owfs2http.exe
Size

107KB
MD5

d717d554c33857375bfad17351d4f998
SHA1

8a4942a4021c53125a3d0b9adc6a6ee5de346581
SHA256

862ad8e53ca0f1107124a3b6cdb1165ec7b7a008033c2e5a20740d479cbb66bb
SHA512

6699e351084888deff30d8bd20b137e66ad36bce7089d0e452310684bdddddbf5d2c7282d698f1483fba8881f3b30980cb104e33f06fd1e78a6285809aef6c31
SSDEEP

3072:kQK2MTBGt2vm8IyO+a1Puy7qDQsY5Y/4aaOp3:kQK2MLvm8IHH1Pu+qtPF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
owfs2http.exe

Files

owfs2http.exe
.exe windows x64

bcd2924078245990e6acde0a023bb521

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

owfs_w64

ord95
ord74
ord93
ord79
ord106
ord15
ord145
ord92
ord13
ord84

kernel32

IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
ReadFile
FindFirstFileW
SetHandleInformation
SetLastError
GetFullPathNameW
FindNextFileW
GetCurrentProcess
GetModuleHandleW
WriteFile
CreatePipe
FindClose
GetFileAttributesW
DuplicateHandle
MultiByteToWideChar
CloseHandle
GetLocalTime
SystemTimeToFileTime
CreateProcessW
WideCharToMultiByte
RtlLookupFunctionEntry
SetUnhandledExceptionFilter
RtlCaptureContext
TerminateProcess
GetStdHandle
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

ws2_32

getsockname
getpeername
WSAStartup
listen
shutdown
ntohl
select
closesocket
bind
accept
__WSAFDIsSet
socket
ntohs
connect
inet_ntoa
recvfrom
recv
getsockopt
send
htonl
htons
sendto
ioctlsocket
setsockopt
WSAGetLastError

vcruntime140

memchr
memcmp
memcpy
memset
__C_specific_handler
strrchr
strchr
wcschr
memmove

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_onexit_table
_errno
_crt_atexit
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_exit
_initterm_e
strerror
_initterm
_beginthread
exit
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
fread
_set_fmode
fputc
fgetc
__acrt_iob_func
fflush
fputs
fclose
__stdio_common_vsprintf
__p__commode
_wfopen
fwrite
fseek
__stdio_common_vfprintf
fgets
_fileno

api-ms-win-crt-heap-l1-1-0

free
realloc
malloc
calloc
_set_new_mode

api-ms-win-crt-string-l1-1-0

isxdigit
strncpy
isalnum
toupper
isprint
isspace
isdigit
_strdup
strncmp
tolower

api-ms-win-crt-filesystem-l1-1-0

_rmdir
_wstat64

api-ms-win-crt-time-l1-1-0

_gmtime64
_localtime64
strftime

api-ms-win-crt-convert-l1-1-0

_atoi64
atoi
strtoul

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

rmdir

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bcd2924078245990e6acde0a023bb521

Headers

DLL Characteristics

File Characteristics

Imports

owfs_w64

kernel32

advapi32

ws2_32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 78KB - Virtual size: 78KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 320B

.text
Size: 78KB - Virtual size: 78KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 320B