OWTEp1[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

OWTEp1.exe
Size

35.1MB
MD5

8de4f2e9a348478f3941b2f20a70f9db
SHA1

5e97695ae24b2417cf8a2be773b2f19e33722af8
SHA256

5965f8b6e9b32bfa5cff3e8ac51f3d06299dd08fab5bab082b91df7d4eb25c8f
SHA512

697ebedf01daeedd7fdbc2831bbd2cd72e5075b5e94646a1a042cbf43af24c9bb7157593a6fb59e7cf93abd01176ebbaaa2d6304f0ed4c0c3006e3a3c636c450
SSDEEP

196608:T45VWQvzIRAkidmZfgRJhvLtHOCRLxZYqm2zqp7lmLoP9jitZ9UtxM5LqkBhsNBY:8DWkPk7GdxOCRLxZGfpuUtnPXmXEH7I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
OWTEp1.exe

Files

OWTEp1.exe
.exe windows:4 windows x64 arch:x64

58999264cda2ace8cf12aefca74013fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

GetCurrentHwProfileA

avrt

AvSetMmThreadCharacteristicsA
AvSetMmThreadPriority

bcrypt

BCryptGenRandom

dinput8

DirectInput8Create

dwmapi

DwmFlush
DwmIsCompositionEnabled

gdi32

BitBlt
ChoosePixelFormat
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectA
SelectObject
SetBkColor
SetPixelFormat
SetTextColor
SwapBuffers

imm32

ImmAssociateContext
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

iphlpapi

GetAdaptersAddresses
GetBestInterfaceEx

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
AllocConsole
CloseHandle
CreateDirectoryW
CreateEventA
CreateMutexA
CreateProcessW
CreateSemaphoreA
DeleteCriticalSection
DeleteFileW
DuplicateHandle
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FormatMessageW
FreeLibrary
GetCommandLineW
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExA
GetEnvironmentVariableW
GetFileAttributesW
GetHandleInformation
GetLastError
GetLocalTime
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNativeSystemInfo
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemPowerStatus
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameW
GetThreadContext
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultUILanguage
GetVolumeInformationW
GlobalAlloc
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InitializeSRWLock
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalFree
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserWorkItem
RaiseException
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveVectoredExceptionHandler
ReplaceFileW
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetConsoleCtrlHandler
SetConsoleScreenBufferSize
SetConsoleTextAttribute
SetCurrentDirectoryW
SetEnvironmentVariableW
SetEvent
SetLastError
SetPriorityClass
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__doserrno
__getmainargs
__initenv
__iob_func
__lconv_init
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_beginthreadex
_cexit
_endthreadex
_errno
_exit
_fdopen
_filelengthi64
_fileno
_fmode
_fstat64
_getpid
_gmtime64
_initterm
_lock
_lseeki64
_onexit
_open_osfhandle
_pclose
_setjmp
_snprintf
_snwprintf
_strdup
fwprintf
_strnicmp
_time64
_ultoa
_unlock
_vsnprintf
_vsnprintf_s
_wchdir
_wfopen
_wfopen_s
_wgetenv
_wpopen
_wrename
_write
_wrmdir
_wstat64
_wunlink
abort
acos
asin
atan
atof
atoi
bsearch
calloc
cosh
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fputwc
fread
free
frexp
fseek
fsetpos
ftell
fwprintf
fwrite
getc
getenv
getwc
islower
isspace
isupper
iswctype
isxdigit
localeconv
log10
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
perror
printf
putc
putwc
qsort
raise
rand
realloc
remove
setlocale
setvbuf
signal
sinh
sprintf
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcpy_s
strerror
strftime
strlen
strncmp
strncpy
strrchr
strstr
strtol
strtoul
strxfrm
tan
tanh
tolower
towlower
towupper
ungetc
ungetwc
vfprintf
wcscoll
wcscpy
wcscpy_s
wcsftime
wcslen
wcsxfrm
_write
_strdup
_read
_memicmp
_fileno
_fdopen

ole32

CoCreateInstance
CoInitialize
CoTaskMemFree
PropVariantClear

opengl32

wglCreateContext
wglDeleteContext
wglGetProcAddress
wglMakeCurrent

shell32

CommandLineToArgvW
DragAcceptFiles
DragQueryFileW
SHFileOperationW
SHGetKnownFolderPath
ShellExecuteW

shlwapi

PathFileExistsW

user32

AdjustWindowRectEx
AllowSetForegroundWindow
CallWindowProcW
ClientToScreen
ClipCursor
CloseClipboard
CloseTouchInputHandle
CreateIconFromResource
CreateIconIndirect
CreateWindowExW
DefWindowProcW
DestroyIcon
DispatchMessageW
EmptyClipboard
EnumDisplayMonitors
FlashWindowEx
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetKeyboardLayoutNameA
GetMessageExtraInfo
GetRawInputData
GetRawInputDeviceInfoA
GetRawInputDeviceList
GetSystemMetrics
GetTouchInputInfo
GetWindowLongA
GetWindowLongPtrA
GetWindowRect
IsClipboardFormatAvailable
IsIconic
IsWindowVisible
KillTimer
LoadCursorA
LoadIconA
MessageBoxA
MessageBoxW
MonitorFromWindow
MoveWindow
OpenClipboard
PeekMessageW
RegisterClassExW
RegisterRawInputDevices
RegisterTouchWindow
ReleaseCapture
ReleaseDC
ScreenToClient
SendMessageA
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowLongPtrA
SetWindowPos
SetWindowTextW
ShowWindow
TrackMouseEvent
TranslateMessage
UpdateLayeredWindow

winmm

midiInClose
midiInGetDevCapsA
midiInGetErrorTextA
midiInGetID
midiInGetNumDevs
midiInOpen
midiInStart
midiInStop
timeBeginPeriod
timeEndPeriod
timeGetTime

ws2_32

WSAConnect
freeaddrinfo
getaddrinfo
getnameinfo

wsock32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
getsockname
htonl
htons
inet_addr
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 29.0MB - Virtual size: 29.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

pck
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 544KB - Virtual size: 544KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 78KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58999264cda2ace8cf12aefca74013fb

Headers

File Characteristics

Imports

advapi32

avrt

bcrypt

dinput8

dwmapi

gdi32

imm32

iphlpapi

kernel32

msvcrt

ole32

opengl32

shell32

shlwapi

user32

winmm

ws2_32

wsock32

Exports

Exports

Sections

.text Size: 29.0MB - Virtual size: 29.0MB

.data Size: 24KB - Virtual size: 23KB

.rdata Size: 2.9MB - Virtual size: 2.9MB

pck Size: 512B - Virtual size: 8B

.rodata Size: 2KB - Virtual size: 2KB

.pdata Size: 544KB - Virtual size: 544KB

.xdata Size: 2.4MB - Virtual size: 2.4MB

.bss Size: - Virtual size: 78KB

.edata Size: 512B - Virtual size: 148B

.idata Size: 15KB - Virtual size: 15KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 155KB - Virtual size: 155KB

.text
Size: 29.0MB - Virtual size: 29.0MB

.data
Size: 24KB - Virtual size: 23KB

.rdata
Size: 2.9MB - Virtual size: 2.9MB

pck
Size: 512B - Virtual size: 8B

.rodata
Size: 2KB - Virtual size: 2KB

.pdata
Size: 544KB - Virtual size: 544KB

.xdata
Size: 2.4MB - Virtual size: 2.4MB

.bss
Size: - Virtual size: 78KB

.edata
Size: 512B - Virtual size: 148B

.idata
Size: 15KB - Virtual size: 15KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 155KB - Virtual size: 155KB