Owo[.]exe | Triage

Sharing

General

Target

Owo.exe
Size

72KB
MD5

d292562ab123e920968e8a4309c19094
SHA1

dc1fab3cca5652239a70b9596d6ede38ef6b6fc7
SHA256

9d4af73194cadab9fe06a6367b624f4641aedabd1c420b08d1e5828405a5367d
SHA512

0c775264936fd967396d463ac188659ded057103b2d1c195f41643307fd7df2511dd8c8823a813aeb22fb39022787fa841852ce6ed1b8314b383e1d4eb9cd057
SSDEEP

1536:hUim2bgzFGklT2hCGAS1NVZ5gghLaxISM:hU32+GUmCGASfhggw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Owo.exe

Files

Owo.exe
.exe windows x86

d751c3011214509a86d13d9238746079

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

inet_ntoa
WSAGetLastError
select
__WSAFDIsSet
getsockname
send
accept
shutdown
recv
closesocket
socket
bind
listen
connect
WSACleanup
WSAStartup
htons
htonl
ioctlsocket
gethostbyname
gethostname

kernel32

GetVersion
GetCommandLineA
ReadFile
SetEndOfFile
LoadLibraryA
GetProcAddress
SetFilePointer
CreateFileA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
WriteFile
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
SetThreadPriority
GetTickCount
Sleep
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapFree
HeapReAlloc
GetModuleHandleA
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetLastError
CloseHandle
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
GetModuleFileNameA

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE