PowerOff[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

PowerOff.exe
Size

9.5MB
MD5

f17fa25074c703bd8b4d427d2dd92f8a
SHA1

9039b4ef7f4245a35ea8f686ec0d4dc60ce65c7d
SHA256

95e60f9ba80712e1792207448f660e51ca1a366d9cc3c46296db807259847f40
SHA512

26ae6b1221a6255944a7db99f15b63f35be97a1e854f733661692593bc81640403bd0057a7e673df31361f4f3c3ce9fe893cf93687d69fb4f03c64afc3fc8df8
SSDEEP

98304:64V9gtxCLqbbjPTF87lr+Gsh4osIS8rkiyFuC7/4qXflirzJOQ:ra3b4+GK4kvkiYXfiv

Score

N/A

Malware Config

Signatures

Files

PowerOff.exe
.exe windows x86

3f4d5136f121aec851252adfc08b6633

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit
GetErrorInfo
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

user32

CharNextW
LoadStringW
WINNLSEnableIME
SetWindowLongW
GetWindowLongW
CreateWindowExW
WaitMessage
UpdateLayeredWindow
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TrackMouseEvent
SystemParametersInfoW
ShowWindow
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetTimer
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetFocus
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendMessageTimeoutW
SendMessageW
ScreenToClient
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterClipboardFormatW
RegisterClassW
PostQuitMessage
PostMessageW
PeekMessageW
OpenClipboard
MsgWaitForMultipleObjects
MessageBoxIndirectW
MessageBoxW
MessageBeep
MapVirtualKeyW
LoadStringW
LoadIconW
LoadCursorW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsMenu
IsIconic
IsClipboardFormatAvailable
InvalidateRect
GetWindowTextLengthW
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetUpdateRgn
GetUpdateRect
GetSystemMetrics
GetSysColorBrush
GetSysColor
GetSubMenu
GetPropW
GetParent
GetMessageExtraInfo
GetMenuItemInfoW
GetMenuItemCount
GetMenu
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetFocus
GetDesktopWindow
GetDC
GetCursorPos
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoW
GetCapture
GetActiveWindow
FindWindowW
ExitWindowsEx
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EmptyClipboard
DrawTextW
DrawIconEx
DispatchMessageW
DestroyWindow
DestroyMenu
DefWindowProcW
CreateMenu
CloseClipboard
ClientToScreen
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AppendMenuW
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FindResourceW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
lstrlenW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
UnmapViewOfFile
TryEnterCriticalSection
SystemTimeToFileTime
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetLastError
SetFileTime
SetFilePointer
SetFileAttributesW
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceW
IsDebuggerPresent
OutputDebugStringW
MulDiv
MoveFileW
MapViewOfFile
LockResource
LocalFree
LocalFileTimeToFileTime
LoadResource
LoadLibraryW
LeaveCriticalSection
LCMapStringW
IsValidLocale
InitializeCriticalSection
HeapSize
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalAlloc
GlobalAddAtomW
GetVolumeInformationW
GetVersionExW
GetUserDefaultLCID
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetSystemDirectoryW
GetStdHandle
GetLongPathNameW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLogicalDrives
GetLogicalDriveStringsW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesExW
GetFileAttributesW
GetExitCodeThread
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
EnumSystemLocalesW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateFileMappingW
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileW
CompareStringW
CloseHandle
GetUserDefaultUILanguage
Sleep

gdi32

TextOutW
StartPage
StartDocW
SetWindowOrgEx
SetTextColor
SetTextAlign
SetMapMode
SetBkColor
SetAbortProc
SelectObject
GetWindowOrgEx
GetTextMetricsW
GetTextExtentPoint32W
GetStockObject
GetRegionData
GetPath
GetObjectA
GetDeviceCaps
GetCharABCWidthsFloatW
ExtCreateRegion
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPath
EndPage
EndDoc
DeleteObject
DeleteDC
CreateRectRgn
CreateICW
CreateFontIndirectW
CreateFontW
CreateDIBSection
CreateDCW
CreateCompatibleDC
CombineRgn
BitBlt
BeginPath
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shfolder

SHGetFolderPathW

netapi32

NetWkstaGetInfo

ole32

CreateStreamOnHGlobal
OleRegEnumFormatEtc
ReleaseStgMedium
OleDraw
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID

msvcrt

isxdigit
isupper
isspace
ispunct
isprint
islower
isgraph
isdigit
iscntrl
isalpha
isalnum
toupper
tolower
strchr
strlen
strncmp
memset
memmove
memcpy
memcmp

comctl32

InitCommonControls

shell32

ShellExecuteW
DragQueryFileW

comdlg32

PageSetupDlgW
PrintDlgW
GetSaveFileNameW
GetOpenFileNameW

winmm

timeGetTime

winspool.drv

SetPrinterW
OpenPrinterW
GetPrinterW
GetDefaultPrinterW
EnumPrintersW
DocumentPropertiesW
DeviceCapabilitiesW
ClosePrinter

d3d9

Direct3DCreate9

winhttp

WinHttpWriteData
WinHttpSetTimeouts
WinHttpSetOption
WinHttpSetCredentials
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpReadData
WinHttpQueryOption
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpQueryAuthSchemes
WinHttpOpenRequest
WinHttpOpen
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpConnect
WinHttpCloseHandle
WinHttpAddRequestHeaders

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 105KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 40B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 579KB - Virtual size: 579KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f4d5136f121aec851252adfc08b6633

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

shfolder

netapi32

ole32

msvcrt

comctl32

shell32

comdlg32

winmm

winspool.drv

d3d9

winhttp

Exports

Exports

Sections

.text Size: 5.9MB - Virtual size: 5.9MB

.itext Size: 10KB - Virtual size: 9KB

.data Size: 120KB - Virtual size: 120KB

.bss Size: - Virtual size: 105KB

.idata Size: 12KB - Virtual size: 11KB

.didata Size: 25KB - Virtual size: 25KB

.edata Size: 512B - Virtual size: 154B

.tls Size: - Virtual size: 40B

.rdata Size: 512B - Virtual size: 93B

.reloc Size: 579KB - Virtual size: 579KB

.rsrc Size: 2.9MB - Virtual size: 2.9MB

.text
Size: 5.9MB - Virtual size: 5.9MB

.itext
Size: 10KB - Virtual size: 9KB

.data
Size: 120KB - Virtual size: 120KB

.bss
Size: - Virtual size: 105KB

.idata
Size: 12KB - Virtual size: 11KB

.didata
Size: 25KB - Virtual size: 25KB

.edata
Size: 512B - Virtual size: 154B

.tls
Size: - Virtual size: 40B

.rdata
Size: 512B - Virtual size: 93B

.reloc
Size: 579KB - Virtual size: 579KB

.rsrc
Size: 2.9MB - Virtual size: 2.9MB